Centre for Internet and Society

Understanding the Right to Information

elonnai — 2013-06-12T11:39:05Z

Elonnai Hickok summarises the Right to Information Act, 2005, how it works, how to file an RTI request, the information that an individual can request under the Act, the possible responses and the challenges to the citizen and the government. She concludes by saying that there are many structural changes that both citizens and governmental officers can make to improve the system.

Introduction

The Right to Information Act, 2005 (RTI) was created in 2005 and marked an important time in Indian legislative history. The Right to Information enables citizens to hold the government accountable and ensure that it is a transparent body. Questions that can be asked by the citizen to the government range from anything that may concern to some meeting notes to why a teacher is not present in a public school, etc. In the current RTI system there are many challenges that are inhibiting the government’s efficient delivery of the RTI as a service to the people. This has changed the concept of how the citizens view the RTI, as the government feels harassed and the citizens feel as though their rights are being unjustly denied. Additionally, individuals have turned the RTI into a redressal mechanism rather than a way to ensure transparency and learn/understand how their government is functioning. The use of the RTI as a redressal mechanism has created a relationship of animosity between the government and citizens. The below note outlines the ecosystem of the RTI and notes specific challenges that both citizens and the government face.[1]

The RTI Ecosystem

RTI work flow

An individual files an RTI with the central/ state public information officer (PIO) or a specific PIO. PIOs are often not trained, and rarely apply for the position, but are instead designated.
Within five days the information is to be forwarded to the correct PIO.
The PIO must open a file and dispose of the request within 30 days.
If the PIO fails to reply to the applicant by either approving or denying a request, the PIO is liable to pay a fine of Rs. 250 for each day of delay.
If information is electronically uploaded, it is stored in any format the officer chooses (jpeg, pdf, html, etc).
Except for land records and staff records, files are retained for a maximum of one year.
If the PIO does not dispose of the request, there is scope for an appeal within 30-45 days to the appellate authority.
There is scope for a second appeal to the information commissioner if the authority does not respond within 90 days or the answer is found to be unsatisfactory.
The final decision of the information commissioner is binding.

Filing an RTI request

Though there is no specific format an individual must follow when submitting an RTI, when filing a request, individuals must include:

His /her name and address.
The name and address of the public information officer (PIO).
The particulars of information/documents required (limited to 150 words and one subject matter).
The time period of the information required.
Proof of payment.
Signature.
Proof if the individual is a BPL holder.[2]

Information that an individual can request under the RTI Act

Inspection of work, documents, and records
Taking notes, extracts or certified copies of documents or records.
Taking certified samples of material.
Obtaining of information in the form of diskettes, floppies, tapes, and video cassettes, or in any other electronic mode, or through printouts where such information is stored in a computer, or in any other device.
Obtaining the status of an RTI request or complaint.

Note: If an individual is requesting third party information, the PIO must inform the third party and provide the individual the opportunity to state a reason for not disclosing the information.

Accepted format of requested materials and records

Material requested can be in any format including: records, documents, memos, emails, opinions, advices, press releases, circulars, orders, logbooks, contracts, reports, papers, samples, models, and data material held in any electronic form.
Records requested can include: any document, manuscript and file, any microfilm, microfiche and facsimile copy of a document, and reproduction of image or images embodied in such microfilm (whether enlarged or not), and any other material produced by a computer or any other device.

Possible Responses to an RTI request

An information officer can respond to an RTI in the following ways:

Transfer request to appropriate PIO within five days and notify the applicant about the transfer.
Provide the requested information within 30 days.
Reject the request information within 30 days stating the reasons for rejection, the period within which an appeal against such rejection may be preferred, and the details of the appellate authority.
Not respond to the applicant. If no response is received within 30 days the officer is liable for a penalty of Rs. 250 per day.

Appeal/Complaint Process

First appeal can be filed after 30 days or if the information given was unsatisfactory. The appeal must include: name and address of the appellant, name and address of the PIO involved, brief facts leading to appeal, relief sought, grounds for appeal, and copies of the application or documents involved, including copies of the reply, if received from the PIO.
Second appeal must contain: name and address of the applicant, and name and address of the PIO involved, particulars of the Order including the number if any against which the appeal is preferred, brief facts leading to the appeal, if appeal/complaint is preferred against deemed refusal then the particulars of the application, including number and date and name, address of the PIO to whom the application was originally made, relief sought, grounds for the relief, verification by the applicant, any other information which the commission may deem necessary for deciding during the appeal, self attested copies of the application or documents involved, copies of the documents relied upon by the appellant and referred to in the appeal, and an index of the documents referred to in the appeal.
A complaint must include: name and address of the complainant, name and address of the state PIO against whom the complaint is being made, facts leading to the complaint, particulars of the application [number, date, name and address of the PIO (three copies)], relief sought, grounds and proof for relief, verification of the complainant (three copies), index of documents referred to in the complaint, and any other necessary information.[3]

Challenges to the Citizen

Knowing the correct Public Information Officer

Knowing which public information officer to mail in the RTI request is the first difficulty that an individual faces. As noted above in 2008 there were a total of 73,256 recorded public information commissioners in the State of Karnataka. New public information commissioners are created every day, because the RTI extends not only to any department of the government, but to any sub-contracted company, organization, school, or NGO that is receiving government funding and doing work on behalf of the government directly or indirectly. Lists of PIOs can be found on department bulletin boards and websites, but there is no clear method for an individual to know what information each PIO is the custodian over. Thus, they are left to determine on their own, and rely on the PIO to forward their application to the correct individual.

Filing in the correct format

Though it is stated in the law what language an RTI request will be accepted in, and what information should be included – individuals are often unaware of the guidelines and unaware of how to correctly fill out an RTI request. An incorrectly formatted request is one of the major reasons for rejection of a request by the PIO.

Language

In the State of Karnataka, RTIs can be filed only in two languages: Kannada and English. By law, RTI responses are given only in the language that the department works in on a daily basis, and in English. The information that is supplied through the request is given in its original language. For example, if you ask for a document that is originally in Marathi, the document will be photo copied and sent to you. No translation of documents takes place, because it is not the job function of the officer to translate documents.

Appeals

If an individual is denied information, or does not receive a reply within 30 days, they have the option of seeking an appeal through an appellate authority. In 2008 Karnataka had 5416 Appellate Authorities. Currently, because of the backlog in appeal cases and the slow functioning of the system, an individual might have to wait for upto one year for his/her appeal to be heard. Often at this point the information is no longer relevant or needed.

Privacy

In some cases individuals are denied a request for information based on the grounds that it would invade the privacy of the public officer. This is sometimes the case and sometimes not the case. Finding the right balance between the right to information and privacy is important, as protecting an individual’s privacy is crucial, but privacy should not be used as a reason for the government to be less transparent to the citizen and be used as a way to deny a citizen the information that they are entitled to.[4]

Challenges in the RTI System for the Government

Too many RTI requests and no system to record duplicates: As the figure shows above, in 2008, the Karnataka Government received 42208 RTI requests. Currently, it is not possible to know how many of these requests were duplicates since departments handling RTIs do not make it a practice to upload and organize filed RTI requests in a format easily accessible to citizens. Thus, there is no present system in place to track, upload, and store past RTI's in a meaningful way.
Additional overhead in recording, organizing, accessing, and storing data: In the current system every time an RTI request is received by the government, they open a new file for that request. Though in some ways this system of storage simplifies the process of finding past RTIs, it adds an additional overhead cost as photocopies must be made, new files created, and correctly added to the organized system. Each state follows its own method of recording, organizing, accessing, and storing data – thus, currently it is not possible to easily access the information from another state or combine information from two separate states.
Lack of compliance with section 4(d) pro-active disclosure: Under section 4 (d), the government is required to pro-actively disclose a pre-determined data to the public via websites and other useful modes. Currently there is very little compliance with section 4(d) from governmental departments. There are many factors that contribute to the low rate of compliance that exist including lack of resources and lack of proper enforcement. If governmental departments were to comply with section 4(d) then the load of RTI requests and the time each request must take to answer could be lightened considerably as the government could respond by pointing citizens to the already disclosed information.

Conclusion

Though the Right to Information is an important right, the above entry looks at some of the weaknesses and challenges in the system. There are many structural changes that both citizens and governmental officers can make to improve the system such as pro-actively disclosing information, ensuring that an RTI is filed correctly, and creating a system for organizing previously asked questions. Alongside of these structural changes it is also critical that a positive culture of transparency and accountability is fostered throughout society, thus encouraging citizens to actively engage with the government and exercise their right to information.

Notes

[1].I am grateful to N. Vikram Simha, RTI activist, for his insight and feedback into the RTI system.

[2].N. Vikram Simha, Right to Information Act of 2005: Guide for Citizens.

[3].N. Vikram Simha, Right to Information: Trend Ahead. Karanataka State Chartered Accountants Association, Bangalore

[4].N. Vikram Simha, RTI and Protection of Individual Privacy

For more details visit https://cis-india.org/internet-governance/understanding-right-to-information

Internet Governance Forum: Participate Remotely

praskrishna — 2011-09-27T05:09:56Z

The Centre for Internet and Society (CIS) invites you to attend the sixth annual meeting of the Internet Governance Forum (IGF) as a remote participant from Bangalore. The IGF is being held in Nairobi from 27-30 September 2011. CIS has been registered as a remote IGF hub. This will allow many of us who are unable to attend the IGF in person. You can follow the discussion, watch the web cast of the event, follow real-time closed captioning and participate live (via text or video) that will be answered by panelists in the IGF.

The IGF is a multi-stakeholder forum that addresses public policy issues related to key elements of Internet governance. The overall theme of the meeting will be ‘Internet as a Catalyst for Change: Access, Development, Freedoms and Innovation'. The various themes are as follows:

Internet Governance for Development
Emerging Issues
Managing Critical Internet Resources
Security, Openness and Privacy
Access and Diversity
Taking Stock and the Way Forward

Sunil Abraham, Executive Director of the Centre for Internet and Society, will be participating in the following workshops:

Shyam Ponappa, Fellow at the Centre for Internet and Society, will be presenting remotely for the following workshop:

Open Spectrum for Development in the Context of the Digital Migration

Nishant Shah, Director Research at Centre for Internet and Society, has organized the following workshop:

Use of Digital Technologies for Civic Engagement and Political Change: Lessons Learned and Way Forward

We are not limited to following specific workshops. Please follow the link for more information on workshops of your interest, program details and the schedule:

http://www.intgovforum.org/cms/schedule-a-programme-2011

Participation is free. However, we would be grateful if you could confirm your attendance by emailing Natasha Vaz “natasha@cis-india.org or Tom Dane at “tjdane@gmail.com”. We hope you will join us to watch the web cast and contribute your own insights on the various workshops.

Looking forward to welcoming you at the workshops!

For more details visit https://cis-india.org/internet-governance/events/igf-remote-participation

Netizen's Guide to the Internet Governance Forum

praskrishna — 2011-09-26T08:59:57Z

The Internet Governance Forum is a multi-stakeholder forum where people from all over the world - from government, industry, the technical community and civil society - come together to discuss the Internet's future. The Sixth Annual meeting officially kicks off on Tuesday morning in Nairobi, Kenya. A number of pre-meetings will be held all day on Monday.

The IGF is set up for remote participation, so you do not need to be in Kenya physically to follow the discussions or to ask questions and make your views known. Before the start of each day, IGF staff will post remote participation links for each conference room so that you can participate remotely through the conference's WEBEX system. (Click here to see if your computer is compatible with their system.)

The Monday pre-meetings: Several interesting and important meetings will be held on Monday and four of them are open to everybody on the Internet. Two of them have made their schedules publicly available and promoted them:

The Association for Progressive Communications meeting on access as a right. (10am-6pm Kenya time). Why attend? Click here for the invitation flyer and click here for the full run-down of the day's discussions. Also see APC's briefing paper on priorities for this year's IGF and other short papers on key IGF discussion themes. The final panel of the day, a Roundtable on the State of Internet Rights (17:15-18:15 local time) will be held jointly with the next group. A guest blogger from APC will be reporting from the meeting here on GVA later this week.
Global Internet Governance Academic Network (Giganet) annual symposium. (also approximately 10am-6pm) Many of the papers or abstracts are available for download. See for instance Arresting the decline of multi-stakeholderism in Internet governance by Jeremy Malcolm; The legality of internet blackouts in times of crisis. An assessment at the intersection of human rights law, humanitarian law and internet governance principles by Matthias Ketteman; and Upholding online anonymity in Internet governance. Affordances, ethical frameworks, and regulatory practices by Robert Bodle.

The main conference: So many sessions, which ones to join? At any given time, several different meetings, workshops, and plenary sessions are held concurrently. The IGF organizers have posted the schedule as a rather unweildy Excel file here. Fortunately, other participants have taken the time to post the schedule in more digestible formats. The Diplo Foundation's e-Diplomacy project has an online list of sessions and schedule. The indefatigable Tim Davies has also created a social media page aggregating all tweets, blogs and photos posted by participants. The official hashtag, by the way, is #IGF11.

If you want to get involved with a global community of people working for Internet users' rights whose work extends throughout the year, be sure to join one or more of the “dynamic coalitions.” Examples include the Internet Rights and Principles Coalition (meeting on Tuesday from 11-12:30 Kenya time) and the Freedom of Expression Coalition (Wednesday 4:30-6pm).

Many participating organizations have posted lists of the workshops they are organizing or participating in on their websites. Those interested in sessions related to activism, human rights and free expression on the Internet may want to check out session listings by the APC (scroll down below the jump), the Electronic Frontier Foundation, the Global Network Initiative, and the Centre for Internet and Society, Bangalore, among others.

Kieren McCarthy of dot-nxt has also created a handy practical guide to this year's IGF, with his top session picks. He observes that while the opening session on Tuesday afternoon has “far, far too many speakers,” it will nonetheless be interesting “given all that is happening in the Internet governance world.” No doubt, speeches from Hamadoun Toure (ITU), Neelie Kroes (EC), Janis Karklins (UNESCO), Larry Strickling (US), Rod Beckstrom (ICANN) and Vint Cerf (Google) not be uniform in their visions for the Internet's future.

For those interested in truly doing their homework on the IGF and the current global impasse over Internet governance, see Jeremy Malcolm's post on IGF Watch: Where to develop Internet policy: ITU, G8, OECD or an empowered IGF? Also see his previous posts on twists and turns of the IGF's five-year history.

Written by Rebecca MacKinnon, the story was published in Global Voices Advocacy on 26 September 2011. The original can be read here.

For more details visit https://cis-india.org/news/netizen-guide-to-igf

September 2011 Bulletin

praskrishna — 2012-07-30T06:34:19Z

Greetings from the Centre for Internet and Society! In this issue we are pleased to present you the latest updates about our research, upcoming events, and news and media coverage that happened in the month of September 2011.

Researchers@Work

RAW is a multidisciplinary research initiative. CIS believes that in order to understand the contemporary concerns in the field of Internet and society, it is necessary to produce local and contextual accounts of the interaction between the Internet and socio-cultural and geo-political structures. To build original research base, the RAW programme has been collaborating with different organizations and individuals in order to focus on its two year thematic of Histories of the Internets in India. Five monographs were recently launched at a workshop, Locating Internets: Histories of the Internet(s) in India — Research Training and Curriculum held in Ahmedabad from 19 to 22 August 2011.

Re:Wiring Bodies by Asha Achuthan
The Last Cultural Mile by Ashish Rajadhyaksha
Porn: Law, Video, Technology by Namita A Malhotra
Archives and Access by Aparna Balachandran and Rochelle Pinto
Internet, Society and Space in Indian Cities by Pratyush Shankar

Digital Natives with a Cause?

Digital Natives with a Cause? is a knowledge programme initiated by CIS, India and Hivos, Netherlands. It is a research inquiry that seeks to look at the changing landscape of social change and political participation and the role that young people play through digital and Internet technologies, in emerging information societies. Consolidating knowledge from Asia, Africa and Latin America, it builds a global network of knowledge partners who want to critically engage with the dominant discourse on youth, technology and social change, in order to look at the alternative practices and ideas in the Global South. It also aims at building new ecologies that amplify and augment the interventions and actions of the digitally young as they shape our futures.

Featured Publication

Digital AlterNatives with a Cause? - This collaboratively produced collective, edited by Nishant Shah and Fieke Jansen, asks critical and pertinent questions about theory and practice around ‘digital revolutions’ in a post MENA (Middle East - North Africa) world. It works with multiple vocabularies and frameworks and produces dialogues and conversations between digital natives, academic and research scholars, practitioners, development agencies and corporate structures to examine the nature and practice of digital natives in emerging contexts from the Global South.

Book Review

Digital (Alter)Natives with a Cause? — Book Review by Maarten van den Berg - The books come in a beautifully designed cassette and are accompanied by a funky yellow package in the shape of a floppy disk containing the booklet ‘D:coding Digital Natives’, a corresponding DVD, and a pack of postcards portraying the evolution of writing - in the sentence ‘I love you’, written with a goose feather in 1734, to the character set ‘i<3u’ entered on a mobile device in 2011, writes Maarten van den Berg. The review was published in "The Broker" on 19 September 2011.

Event Organised

Digital AlterNatives book launch – CIS and Hivos launched this book at the Museum for Communication, Hague on 16 September 2011.

Accessibility

Estimates of the percentage of the world's population that is disabled vary considerably. But what is certain is that if we count functional disability, then a large proportion of the world's population is disabled in one way or another. At CIS we work to ensure that the digital technologies, which empower disabled people and provide them with independence, are allowed to do so in practice and by the law. To this end, we support web accessibility guidelines, and change in copyright laws that currently disempower the persons with disabilities.

Event Participated

Stakeholders Meeting of the USOF on Facilitating ICT Access to Persons with Disabilities in Rural Areas, on 7 September 2011. Nirmita Narasimhan made a presentation.

Access to Knowledge

Access to Knowledge is a campaign to promote the fundamental principles of justice, freedom, and economic development. It deals with issues like copyrights, patents, and trademarks, which are an important part of the digital landscape. CIS believes that access to knowledge and culture is essential, and such access promotes creativity and innovation, and helps bridge the differences between the developing and developed worlds in a positive manner. Towards this end, CIS is campaigning for an international treaty on copyright exceptions for print-challenged people, advocating against laws (such as the PUPFIP Bill) that privatize public-funded knowledge, call for the WIPO Broadcast Treaty to be restricted to broadcast, question the demonization of 'pirates', and support endeavours that explore and question the current copyright regime.

New Blog Entries

Copyright Amendment Bill in Parliament by Nirmita Narasimhan, 30 August 2011.
Photocopying the past by Sunil Abraham in the Indian Express, 2 September 2011.
Calling Out the BSA on Its BS by Pranesh Prakash, 9 September 2011.

Internet Governance

Internet technologies have fundamentally questioned the notion of governance, not only at the level of administration but also at the level of mechanisms of control, regulation and shaping of the individual. e-Governance initiatives, in combination with other regimes of surveillance, control and censorship, are redefining what it means to be a citizen, a subject, and an individual. We look at questions of governance — at the micro level of the individual and the private (family, relationships, community structures, etc.) as well as the level of governmentality — at the macro level of nation state, citizenship, market economies, and the public (spaces of consumption, work, leisure, political engagement, etc.) under the umbrella of digital governance.

New Blog Entry

Understanding the Right to Information by Elonnai Hickok, 28 September 2011.

Events Organised

Using the Internet as a Tool for Political Change: Lessons Learned and Way Forward, IGF, Nairobi, 27 September 2011.

Telecom

The growth in telecommunications in India has been impressive. While the potential for growth and returns exist, a range of issues need to be addressed for this potential to be realized. One aspect is more extensive rural coverage and the second aspect is a countrywide access to broadband which is low at about eight million subscriptions. Both require effective and efficient use of networks and resources, including spectrum. It is imperative to resolve these issues in the common interest of users and service providers.

Articles by Shyam Ponappa

Shyam Ponappa is a Distinguished Fellow at CIS. He writes regularly on Telecom issues in the Business Standard and these articles are mirrored on the CIS website.

Reviving Growth, published in the Business Standard on 1 September 2011.

Event Organised

Open Spectrum for Development in the Context of the Digital Migration, IGF, Nairobi, 29 September 2011.

Miscellaneous

Film Screening

Screening of Partners in Crime, Vikalp@Smriti Nandan along with CIS screened the film and followed it with a discussion with the director of the film, Paromita Vohra, Smriti Nandan Cultural Centre, 9 September 2011.
Prime Security: The Mathematics of RSA Encryption, a one-day workshop with Rohit Gupta, a leading Mathematician.

News & Media Coverage

India's social media "spring" masks forgotten protests [Alistair Scrutton in Reuters, 25 August 2011].
Social media holds the key to Hazare's campaign success [Alistair Scrutton in NEWS.scotsman.com, 26 August 2011].
Digital divide: Why Irom Sharmila can’t do an Anna [FirstPost.Ideas, 25 August 2011].
When revolutions go viral [Times of India (Crescent Edition), 27 August 2011].
IBSA Seminar on Global Internet Governance, organised by the Brazilian Ministry of External Relations, with support from the Brazilian Internet Steering Committee (CGI.br) and the Center for Technology & Society (CTS/FGV) and governmental and non- governmental actors from India, Brazil and South Africa, 1 to 2 September 2011, Fundacao Getulio Vargas (FGV) - Rio de Janeiro, Brazil. Pranesh Prakash participated in this event.
Copyrights Amendment Bill to Be Tabled in Indian Parliament – Parallel Import provisions have Been Removed [Mike Palmedo in infojustice.org, 5 September 2011]
The Power of Information: New Technologies for Philanthropy and Development [Indigo Trust, 15 September 2011]. Sunil Abraham participated in this event. A video of his speech is now available on YouTube.
Planning Commission, Census 2011 and India Post using social media to understand people's pulse better [Vikas Kumar in the Economic Times, 20 September 2011]
The Impact of Regulation: FOSS and Enterprise, organised by FOSSFA and ICFOSS, IGF, Nairobi, 28 September 2011.
Privacy, Security, and Access to Rights: A Technical and Policy Analyses, organised by Expression Technologies, IGF, Nairobi, 29 September 2011.
Putting Users First: How Can Privacy be Protected in Today’s Complex Mobile Ecosystem?, organised by GSM Association, 29 September 2011.
The Truman Show, in Kerala [Times of India, posted on CIS website on 23 September 2011].
Making a difference, online and offline [LiveMint, 27 September 2011].

Follow us elsewhere

Get short, timely messages from us on Twitter
Follow CIS on identi.ca
Join the CIS group on Facebook
Visit us at www.cis-india.org

CIS is grateful to Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/september-2011-bulletin

The Impact of Regulation: FOSS and Enterprise

praskrishna — 2011-09-22T10:53:49Z

The workshop seeks to elaborate the impact of regulation, between Free and Open Source Software and Enterprise. It will look at the following key areas:

Education,
Software development,
Digital Content,
Empowering persons with disability,
FOSS for disaster preparedness etc.

If time allows, we will explore, if cloud computing is an open Source adjacent?

This lively discussion, is meant to bring into perspective the real picture in the market and broaden the minds of participants to realize the options available and come up with recommendations on what needs to be considered to have a fair playing ground, more especially for the developing countries.

Which of the five broad IGF Themes or the Cross-Cutting Priorities does your workshop fall under?

Access and Diversity

Have you organized an IGF workshop before? Yes

If so, please provide the link to the report:

http://www.intgovforum.org/cms/index.php/component/chronocontact/?%20chronoformname=Workshopsreports2009View&curr=1&wr=43

Provide the names and affiliations of the panellists you are planning to invite:

Mr.Samer Azmy- ICT Manager / Solution Integration Consultant, Huawei(Moderator)
Mr. Satish Babu -ICFOSS,India
Mr. Yves Miezan Ezo- Smile Training, Manager, (France)
Mr. Sunil Abraham,Executive Director, Center for Internet and Society, Bangalore, India
Mr. Evans Ikua- FOSS Certification Manager in the ict@innovation program
Dorothy Gordon- Director General, AITI-KACE
Ms. Judy Okite (Remote Moderator)

Provide the name of the organizer(s) of the workshop and their affiliation to various stakeholder groups:

Mr. Samer Azmy- FOSSFA(Pan-African)
Mr. Satish Babu -ICFOSS,(India)
Mr. Yves Miezan Ezo - Smile Training Centre(France)

Organization: FOSSFA, ICFOSS

Contact Person: Mr. Samer Azmy, Mr. Satish Babu

Workshop Number: 211

See the event details on the IGF website

For more details visit https://cis-india.org/news/foss-instrument-for-accessible-development

Open Spectrum for Development in the Context of the Digital Migration

praskrishna — 2011-10-13T01:14:26Z

Concise Description:

While the communication technologies that use the radio spectrum continue to develop at a brisk pace, our general approach to regulating the spectrum has not changed much since the 1930s when the spectrum was regulated to a very high degree in order to assure that interference between signals would not occur. For this reason, frequencies are assigned for specific uses and overseen quite closely by national regulators as well as an international system of governance. However, as technology rapidly changes, approaches to managing the spectrum should change as well.

Around the world, countries are migrating their broadcast systems –in particular, television- from analogue transmitters and receivers to digital ones. Digital broadcasting utilises the spectrum more efficiently, generally allowing for more channels in the space where one analogue channel could exist. This provides opportunity for other uses of the freed spectrum.

This digital migration creates the opportunity for improving how spectrum can be used and regulated. In particular, for expanding internet access. For this opportunity to realise, new means should be built into all spectrum allocation regimes. Open spectrum is one approach to spectrum management that would allow various users to utilise parts of the spectrum that are available. Sharing the spectrum in such a way would create a “spectrum commons” and would require a simple set of rules for communicating with one another and making decisions. But even if some frequencies are set aside as commons, more transparent and clear ways to regulate the spectrum being used by all stakeholders -including broadcasters, mobile companies and the military- need to be set.

This workshop will be aimed at identifying current practices that are contributing to build the spectrum commons, as well as debating different perspectives on policy and regulatory issues involved in spectrum management and its impacts on development.

In this workshop we will explore alternative regulatory frameworks in different contexts and regions, considering how technological developments can shape the future of spectrum-based communication. Considering, in particular, the opportunities brought by the transition to digital broadcasting systems.

Which of the five broad IGF Themes or the Cross-Cutting Priorities does your workshop fall under?

Emerging Issues

Have you organized an IGF workshop before? Yes

If so, please provide the link to the report:

http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=WSProposalsReports2010View&wspid=110

Provide the names and affiliations of the panellists you are planning to invite:

Moderator:

- Claire Sibthorpe, Maple Consulting Services, UK

Panelists:

Steve Song, Village Telco, South Africa
Muriuki Mureithi, Researcher, Summit Strategies ltd, Kenya
Carlos Afonso, Instituto NUPEF, Brazil
Willie Currie, Independent Communications Authority of South Africa, South Africa
Giacomo Mazzone, European Broadcasting Union, Switzerland
Sascha Meinrath, New America Foundation, USA
Paul Mitchell, Microsoft Corporation, USA

Remote moderator:

Henrik Almström, APC, South Africa

Provide the name of the organizer(s) of the workshop and their affiliation to various stakeholder groups:

Association for Progressive Communications (APC) (civil society)

KictaNet (multistakeholder network)

Balancing Act (private sector)

Centre for Internet and Society (civil society)

Organization:Association for Progressive Communications

Contact Person: Pablo Accuosto

Workshop Number 121

See the background paper here

See the details on IGF website here

For more details visit https://cis-india.org/events/open-spectrum-for-development-in-the-context-of-the-digital-migration

Calling Out the BSA on Its BS

pranesh — 2011-09-14T18:16:51Z

The Business Software Alliance (BSA) is trying to pull wool over government officials' eyes by equating software piracy with tax losses. Pranesh Prakash points out how that argument lacks cogency, and that tax losses would be better averted if BSA's constituent companies just decided to pay full taxes in India.

In the past we have covered the Business Software Alliance's lack of rigour in their piracy statistics, and disconnect from their constituent members when it comes to opposing free and open source software. In reaction to the criticism they have received over the years, BSA has finally stopped equating lack of sales with losses. But now, they have started equating software piracy with tax losses.

How IDC thinks tax works

In a report prepared by International Data Corporation (IDC) for the Business Software Alliance (BSA), they note:

Substantial value in form of potential industry and tax revenues is lost to software piracy: The situation in India is not healthy with a software piracy rate of 65% in 2009 (more than six out of ten PC software programs installed in 2009 were not paid for). Only one-third of the overall PC software revenues are captured by the industry incumbents and the rest are lost to software piracy. Most of the unlicensed software use occurs in otherwise legal businesses installing the programs on more PCs than allowed by the licenses they have paid for. Consequently, in 2009, the state exchequer tax receipts loss was roughly US$866 million at the current piracy and employment levels, as the industry lost its otherwise legitimate share of revenues to piracy.

For this to be true, there must be two assumptions that are satisfied. First, those who are pirating software must not spend the money that they save by doing so on any other taxable activity. Second, the companies that would get the money if the software weren't pirated must pay the Indian government taxes. As we'll see, neither of these two assumptions are warranted.

The BSA-IDC report reasons as follows: Pirates don't pay taxes on the illegal software that they sell, so that is tax evasion and consequently a tax loss. It states:

Higher demand for legal software will result in higher flow of license volume through the supply chain, resulting in increase in volume of business transactions. Each transaction adds a certain percentage of the deal or value added to the state exchequer's coffers in the form of indirect tax revenue[...] Increase in demand will also result in increased employment. Consequently, revenues from direct taxes will be increased for the government, as employees join newly created high-paying jobs.

How tax actually works

That reasoning is flawed. The majority of software piracy in India happens through two methods: violation of software licence terms by using the software on more computers than it is licensed for; and pre-loading of illegal software by computer sellers. Those 'computer seller' pirates do not sell the software separately, but bundle it with the computer as an additional service. In other words, they don't charge for it in the first place. So, quite clearly, there is no tax evasion.

Despite there being no tax evasion, there is the possibility of tax loss for the state. That would happen when instead of doing taxable activity A with with their money, they do non-taxable activity B. Putting money in special government bonds instead of spending it on software, for instance, is one such instance. However, that is a strange, unwarranted assumption. People don't always put the money that they don't spend on software into government bonds. It is a much more reasonable assumption that people would spend that money on other consumables, like food or other such tangible commodities.

Lastly, there is the unwarranted assumption that increase in demand for legal software increases employment. In fact, it is a much more reasonable assumption that increase in piracy increases employment in case of developing countries. Printing ("DTP") shops use pirated versions of Photoshop, CorelDraw and InDesign, computer education centres use pirated versions of Microsoft Windows, offices use pirated versions of Microsoft Word and Excel. If these didn't teach their employees the use of pirated software, millions of people would lose their jobs. All of these employees pay direct taxes. There is no analysis in the BSA-IDC report that accounts for this, treating all these millions of people as non-existent for purposes of their analysis.

Increasing tax: Make MNC software companies pay full taxes

Thus, there is no real tax loss to the government if the money that would have been spent on commercial software was instead spent on some other commodity. Indeed, there might even be an increase in tax collection because software companies, including leading ones such as Microsoft, are much more likely to avoid taxes than companies that deal in tangible commodities. There are well-known routes of decreasing tax liability for intangible goods such as software. Software companies normally state that they license software instead of selling it (as this suits them on issues such as customs duties), but when it comes to income tax, they try to paint the transaction as a sale of a product. (Microsoft, for instance claims that its earnings in India are 'business income' and not 'royalties' and hence is exempt under the Double Taxation Avoidance Agreement between India and the USA.) A company that deals with tangible commodities has no such 'licensing vs. sale' loop-hole that they can try to exploit. Further, many software companies are located in special economic zones that are "software exporting zones", and hence get large tax deductions.

In India, for instance, Microsoft is resisting payment of income tax for by routing all licensing to distributors in India through a shell company in Singapore and holding that Microsoft India had no income tax liabilities. Microsoft has been fined Rs. 2 crore because it tried to separate the importing of software into India from the (more valuable) granting of licences to customers and pay only nominal customs duties on the former and under-declaring the value of the latter as zero. From nine Microsoft dealers a total of Rs 255 crore was collected as tax. Of the roughly Rs. 4000 crores loss that the BSA-IDC report claims, around 6% is realizable from just a single tax (customs duties) from 9 companies dealing in the products of one company. If we multiply this by all taxes (income tax included) amongst all the dealers of all the constituent companies of BSA, then the Indian government might recover more from taxes than is supposedly lost to piracy!

Elsewhere around the globe, the 'Double Irish' arrangement, the 'Dutch Sandwich' route and other such are used by MNC software companies to evade taxes. Just as there are tax havens, there are some IPR havens that cater to companies selling/licensing software and other such intangible commodities.

If only these software companies were to stop evading taxes in the countries in which they sell software, then the government's tax collections would automatically increase.

Final idiocies, and conclusion

In the BSA-IDC report, they write: "Assessing the relationship between software piracy rates and UN Human Development Index (a measure of average achievements in a country in three basic dimensions of human development) suggests that countries with greater rates of software piracy tend to have lower levels of economic development. This further strengthens the hypothesis that IP rights (IPR) enforcement increases economic activity.".

This is as sensible as saying "countries with greater rates of industrial espionage (such as France, Germany, and USA) tend to have higher levels of economic development" strengthens the hypothesis that industrial espionage increases economic development. While it is empirically true that most countries with greater rates of software piracy have lower levels of economic development, it is equally true that countries with lower levels of economic development (being countries with poorer populations) have more software piracy. It is equally true that software piracy decreases if the cost of software decreases, as shown by the more carefully-conducted analysis in the Media Piracy in Emerging Economies report.

To use greater software piracy and lower economic development as evidence of the causal link between IPR enforcement and economic activity is to betray absolute ignorance about both economics and logic.

The startlingly poor level of analysis of the BSA-IDC report leaves no question that the conclusions were arrived at independently of the analysis. Such misleading analysis is worse than trash: it is downright dangerous as an instrument of policy setting.

To increase tax receipts, the government may as well start by making BSA's constituent companies pay all the taxes they owe.

For more details visit https://cis-india.org/a2k/blogs/calling-out-the-bsa-on-bs

Net Gain

praskrishna — 2011-08-29T11:52:54Z

The draft Electronic Service Delivery Bill, 2011, is aimed at making government services available online. But there are many hurdles to bringing in effective e-governance, says Hemchhaya De

At a time when India is hotly debating the Lokpal Bill, another significant piece of legislation is about to make its way to Parliament this monsoon session. The government has mooted the draft Electronic Service Delivery Bill, 2011, to ensure that all ministries and government departments provide their services to citizens online.

The bill, drafted by the department of information technology (DIT) under the ministry of communication and information technology, could have far-reaching benefits for citizens. If implemented, one would no longer have to stand in long queues, make frequent trips to government offices and deal with red tape in order to procure even such basic documents as driving licences or land record copies.

Of course, the key question is whether the necessary infrastructure will be in place to allow citizens to access these services via the electronic mode. In a country where active Internet user penetration in rural areas is as low as 2.13 per cent, the feasibility of e-governance depends on the state providing enough number of access centres.

E-governance is not a completely new concept in India. The Centre laid down an ambitious National e-Governance Plan (NeGP) in 2006 and roped in industry bodies like Nasscom to facilitate the delivery of e-services. According to a Nasscom report, there has been substantial progress in NeGP. Of the 1,100 services targeted under the plan, over 600 services in both government-to-citizen (G2C) and government-to-business (G2B) domains across central ministries and state departments can now be accessed electronically.

However, many experts feel that the NeGP has not lived up to its promise. "Progress in NeGP has been slow," says Subhash Bhatnagar, honorary adjunct professor at IIM, Ahmedabad, and member of the steering committee of the 12th Five Year Plan (2012-17) for the communication and IT and information sector.

That said, some states have been running successful e-government projects. “Take Karnataka’s online delivery and management of land records,” says Bhatnagar. “The online system offers services to ordinary people on a first-come, first-served basis without subjecting them to the whims and fancies of babus.”

However, Karnataka is an exception rather than the rule and many states are lagging behind when it comes to extending e-governance. “IIM, Ahmedabad, carried out an e-governance impact assessment study in 12 states. West Bengal is one state which hasn’t fared well and it figures in the bottom half of the list,” reveals Bhatnagar.

The draft Electronic Service Delivery Bill aims to exert pressure on states and government departments to fully automate or computerise their services to citizens. Crucially, it sets a clear time limit for delivering online services. The bill says, “every competent authority of the appropriate Government” is required to publish or specify the services that will be digitised within six months from the commencement of the law. “If there’s any delay, departments have to explain it in writing,” says a senior official of the DIT who does not wish to be named.

The bill further mandates that all public services should be delivered in electronic modes within five years from the commencement of the law. This period may be extended by not more than three years.

In addition to a grievance redressal mechanism, the bill proposes setting up a Central Electronic Service Delivery Commission to enforce the provisions of the law. The commission should comprise a central chief commissioner and not more than two central commissioners — all of whom shall have “worked as secretary or equivalent level… either in the central government or in the state government”.

Many experts feel that the proposed legislation is a step in the right direction. “The bill will reduce red tape and promote efficient services in various government departments,” says Payal Chawla, partner, Hemant Sahai Associates, a Delhi-based law firm. “The time limit of five years with an extension of a maximum of three years to bring all the services in the purview of the legislation is well-intended.”

Agrees Sunil Abraham, executive director, Centre for Internet and Society (CIS), a Bangalore-based organisation which carries out research in IT. “The bill ensures that government departments publicly commit to Service Level Agreements (SLAs) and demonstrate compliance to these SLAs,” he says. “Like the RTI Act, there is an office of the central chief commissioner which can penalise officials who don’t provide electronic services or comply with their own SLAs.”

But others argue that the bill is too open-ended. “I’d have liked to see the services specified clearly,” says Neel Ratan, executive director, PricewaterhouseCoopers. “Just starting an e-service isn’t enough — the quality or level of performance of the service needs to be ascertained as well. The bill seems to be silent on how quality can be ensured.”

Bhatnagar too feels that the draft bill should have first clearly defined what “electronic service delivery” is all about. All it says is “electronic service delivery means the delivery of services through electronic mode including, inter alia, the receipt of forms and applications, issue or grant of any licence, permit, certificate, sanction or approval and the receipt or payment of money”.

However, electronic delivery of services should encompass all end-to-end steps necessary for delivering the service, points out Bhatnagar. “Receiving an application, receiving supporting documents, receiving payment of various fees, issue of licence/receipts/certificates/ documents such as ration cards and passports and payment of dues to citizens should be web enabled. Citizens who wish to carry out the transaction through a portal without having to visit a government office should be able to do so,” he says.

Furthermore, says Bhatnagar, government agencies should ensure that every citizen has access to a public service delivery centre (government owned or private) from where he or she can access such services. And a person shouldn’t have to travel more than 10km to access these services.

Experts say there are several hurdles to e-governance in India. “The domestic IT industry has not focussed on this important market and services have been decentralised without ensuring common standards. So different states may be using different software, which can make the whole system messy and lead to uneven and poor quality projects,” says Abraham of CIS. “We are still very far away from the sophistication of G2C and G2B systems currently deployed in many Western countries.”

In sum, enacting a law to bring in complete e-governance may not be enough. Without the necessary investment in the country’s technology infrastructure, the initiative, however well-intended, may never truly get off the ground.

Graphic by Mantashir Iqbal Shaikh

This article by Hemchhaya De was published in the Telegraph on 24 August 2011. The original can be read here

For more details visit https://cis-india.org/news/net-gain

August 2011 Bulletin

praskrishna — 2012-08-13T05:13:23Z

Greetings from the Centre for Internet and Society! In this issue we are pleased to present you the latest updates about our research, upcoming events, and news and media coverage:

Researchers@Work

RAW is a multidisciplinary research initiative. To build original research knowledge base, the RAW programme has been collaborating with different organisations and individuals to focus on its three year thematic of Histories of the Internets in India. Five monographs: Re: Wiring Bodies by Asha Achuthan, Archive and Access by Aparna Balachandran and Rochelle Pinto, Porn: Law, Video, Technology by Namita Malhotra, The Last Cultural Mile by Ashish Rajadhyaksha and Internet, Society and Space in Indian Cities by Pratyush Shankar were officially launched at the Locating Internets: Histories of the Internet(s) in India — Research Training and Curriculum Workshop in Ahmedabad.

Workshop organised in CEPT, Ahmedabad

Locating Internets: Histories of the Internet(s) in India — Research Training and Curriculum Workshop: Call for Participation [19 to 22 August 2011]

Digital Natives with a Cause?

Digital Natives with a Cause? is a knowledge programme initiated by CIS and Hivos, Netherlands. It is a research inquiry that seeks to look at the changing landscape of social change and political participation and the role that young people play through digital and Internet technologies, in emerging information societies. Consolidating knowledge from Asia, Africa and Latin America, it builds a global network of knowledge partners who want to critically engage with the dominant discourse on youth, technology and social change, in order to look at the alternative practices and ideas in the Global South. It also aims at building new ecologies that amplify and augment the interventions and actions of the digitally young as they shape our futures.

Featured Research

Between the Stirrup and the Ground: Relocating Digital Activism (This paper by Nishant Shah and Fieke Jansen was published in Democracy & Society, a publication of the Center for Democracy and Civil Society, Volume 8, Issue 2, Summer 2011).

Accessibility

Interview

An Interview with David Baines (Maureen Agena interviewed David Baines of Mada Centre for Assistive Technology in Khattar).

Access to Knowledge

New Blog Entry

Govt for Legalising Parallel Import of Copyright Works; Publishers Oppose

Openness

CIS believes that innovation and creativity should be fostered through openness and collaboration and is committed towards promotion of open standards, open access, and free/libre/open source software.

Featured Research

Call for Comments on Draft Report on Open Government Data in India (v2) (Nisha Thompson has updated the Open Government Data Report prepared by CIS last year including additional case studies and the National Data Sharing and Accessibility Policy).
Open Access to Scholarly Literature in India: A Status Report: Call for Comments (The report has been prepared by Prof. Subbiah Arunachalam and Madhan Muthu. It surveys the field of scholarly and scientific publication in India and provides a detailed history of the open access movement in India).

Internet Governance

Although there may not be one centralized authority that rules the Internet, the Internet does not just run by its own volition: for it to operate in a stable and reliable manner, there needs to be in place infrastructure, a functional domain name system, ways to curtail cyber crime across borders, etc. The Tunis Agenda of the second World Summit on the Information Society (WSIS), paragraph 34 defined Internet governance as “the development and application by governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet.” Its latest endeavour has resulted into these:

New Blog Post

Bye Bye email? (Email might be the default method of communication for most of us, but could it be going the telegram way, writes Nishant Shah. The article was published in the Indian Express on August 21, 2011).

Public Lecture

The Mirror in the Enigma: How Germany lost World War II to a Mathematical Theorem (Rohit Gupta gave a lecture at CIS on August 12, 2011).

CIS is doing a project, ‘Privacy in Asia’. It is funded by Privacy International (PI), UK and the International Development Research Centre, Canada and is being administered in collaboration with the Society and Action Group, Gurgaon. The two-year project commenced on 24 March 2010 and will be completed as agreed to by the stakeholders. It was set up with the objective of raising awareness, sparking civil action and promoting democratic dialogue around challenges and violations of privacy in India. In furtherance of these goals it aims to draft and promote over-arching privacy legislation in India by drawing upon legal and academic resources and consultations with the public.

Featured Research

IP Addresses and Expeditious Disclosure of Identity in India (Prashant Iyengar reviews the statutory mechanism regulating the retention and disclosure of IP addresses by Internet companies in India and provides a compilation of anecdotes on how law enforcement authorities in India have used IP address information to trace individuals responsible for particular crimes).

New Blog Entries

Whole Body Imaging and Privacy Concerns that Follow (by Elonnai Hickok)
Financial Inclusion and the UID (by Elonnai Hickok)
CCTV in Universities (by Merlin Oommen)
Re-thinking Key Escrow (by Natasha Vaz)

Event Report

Privacy Matters, Chennai – the event was organised by IDRC, Society in Action Group, Madras Institute of Development Studies, Consumer and Civic Action Group, Privacy India and CIS on August 6, 2011.

News & Media Coverage

Net Gain [The Telegraph, 24 August 2011]
IISc students boycott UID, don’t want Big Brother to keep watch [Bangalore Mirror, 23 August 2011]
In the Right Circle [Indian Express, 24 July 2011]
The Siege of Android: How Google Lost The OS War [Business.in, 17 August 2011]
The Unsocial Network [Mail Today, 14 August 2011]
Hazare 'clicks' with city techies [India, 18 August 2011]
Govt wants to monitor Facebook, Twitter [Times of India, 8 August 2011]
Nothing unique about this identity [Deccan Chronicle, 5 August 2011]
Tired of tele-marketing calls? Act on privacy right: Experts [Times of India, 7 August 2011]
When Knowledge Isn’t Written, Does It Still Count? [New York Times, 7 August 2011]
Indian super-cops now patrol the www highway [Hindustan Times, 6 August 2011]
Better Understanding of the Idea of Privacy Sought [Hindu, 7 August 2011]
Converting Indian Slacktivists Takes (Offline) Time [Wall Street Journal, 2 August 2011]

Follow us elsewhere

Get short, timely messages from us on Twitter
Follow CIS on identi.ca
Join the CIS group on Facebook
Visit us at www.cis-india.org

CIS is grateful to Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/august-2011-bulletin

Bye Bye email?

nishant — 2011-08-23T07:31:51Z

Email might be the default method of communication for most of us, but could it be going the telegram way.

I grew up with the internet in India. I remember the first time I heard the strange and harsh sounds of a dial-up modem back in 1996 and my friend helping me create an email account. It was my first digital identity online — a name and an address to call my own. Cost of internet access was prohibitive and email time was limited to 15 minutes a day. One logged in, downloaded all the emails and immediately disconnected. After reading through the emails off-line, I would write down the replies to all the mails, go online again, send all the mails and then wait for the next day, so that I could see what was in store for me in my inbox.

The World Wide Web has changed a lot since those first interactions with email, on black-and-white monitors. Speed, portability, access and costs have changed the nature of the Net, which is slowly becoming ubiquitous. Trends and fashions of social interaction and information exchange have changed drastically. From social media to professional networking, from discussion boards to micro-blogs, from geo-tagged services to mobile phone-based apps, the topography of the internet has undergone drastic revisions. However, the one thing that has remained constant is the email.

Sure, the email in itself has changed in texture and volume. The emailing services from the early days of AOL to the current trends of Gmail and Facebook messages, have been the backbone of Web 2.0. You needed an email as the primary identity to remain connected with social media, blogs, news services and indeed, with other friends and peers using emails. Notification on the email, for me, is still the primary gateway to the many digital worlds that I occupy, including gaming, digital networks, reading lists et al. For most people who grew up with me, email was here forever.

This faith in the email as the spine of the internet received a rude jolt when I was recently in Mumbai, working with undergraduate students, exploring relationships between digital technologies and social justice. The workshops spanned six days, and looked at how young people from socially and economically disadvantaged classes and communities could use the powers of digital and participatory technologies to effect a change in their environments. Our role as facilitators was to introduce them to new usages of their existing practices and show them the potential for social transformation and civic action in their everyday use of technology. We began, like Maria, in The Sound of Music, at the very beginning — with the email. Which is when the world started unravelling, because, as the participants in the workshop pointed out, email is a thing of the past.

I was suddenly faced with a group of urban youngsters who are all a part of the digital revolution, using Facebook, writing blogs, searching for information online, and keeping in touch through Voice over IP services and Instant Messenger. Their access is through shared public access in college libraries and cybercafés, and for many, also on their smartphones. They log in regularly into their various social media networks and use them for playing games, sending messages, chatting and updating their statuses. And yet, when it came to using the email, they were noobs, some of them didn’t remember their passwords, some had never sent an email, attachments were things they don’t understand and they logged in to their email only when necessary.

This behaviour perplexed me because I had always imagined that the otherwise ethereal world of the cyberspace was held together by the strong and dependable emails. But evidently, for the new kids on the block, email is something that belonged to the world before it went mobile. They do not understand the communication patterns that emails are structured around. The narrative expectations, waiting for replies, accessing it via services, archiving information through attachments are things that don’t make sense to this generation that is growing up with cloud computing. They use emails only as the first source of authentication for different services that demand it. And even there, as one of the students said, "You just need email to open your Facebook account. After that, you just F-connect".

As the interface between mobile phones and the internet strengthens, more and more users seem to be depending on phone-based communication methods. They accept the newer ways of messaging, like IMing, texting. But for digital dinosaurs like me, who were there at the beginning of (digital) time, the world is beginning to look slightly blurred. I shudder to think that in two decades, email might be obsolete because though I complain of information overload, I still cannot imagine what a world without email would look like.

This article by Nishant Shah was published in the Indian Express on August 21, 2011. The original story can be read here

For more details visit https://cis-india.org/internet-governance/bye-bye-email

An Interview with David Baines

praskrishna — 2011-11-08T09:33:07Z

Maureen Agena interviewed David Baines, Deputy Director, Mada (Qatar Assistive Technology Center). Maureen asked questions regarding the status of disabled persons in Qatar, the level of ICT accessibility awareness for PWDs in Qatar, efforts of the Qatar Government towards Mada relating to policy measurements, schemes for PWDs, etc.

Following is the transcript of an interview by Maureen, a CIS consultant from Uganda with David Banes, Deputy Director, Mada Assistive Technology Centre, Qatar:

What is the status of disabled persons in Qatar or Mada in terms of number, age and gender and the kind of the work Mada is engaged in?
There are officially some 10,000 disabled people in Qatar across a wide range of needs. This doesn’t include people who are ageing and acquiring moderate disabilities as a result of their age. Mada works with any disability, any age for any purpose, supporting both Qatari citizens and residents. We work with both men and women including the Arabic and non-Arabic speaking visitors.
What is the level of ICT accessibility awareness for PWDs in Qatar?
As more and more people in Qatar use ICT every day so the awareness of barriers is increasing. Mada has been working hard to raise public awareness through cinema, television and radio ads and even video ads in the local shopping malls! More importantly we are working hard to make sure that disabled people are aware of the potential of technology to change their lives, and so we work closely in partnership with other services for people with a disability to integrate accessibility activity.
Are there any efforts of the Qatar Government towards Mada in terms of policy measures, programmes, schemes for PWDs? How about efforts by companies or universities?
IctQatar currently has an e-accessibility policy out for consultation. The policy is wide ranging and offers detailed expectations across the public sector for websites, but also requires accessible ATM’s, telephone and emergency services to be introduced.
What is the situation of copyright law in Qatar?
Copyright and IPR are both respected in Qatar. We are delighted that creative commons is being introduced to the country allowing for alternative formats of documents to be more readily produced.
Do you have an exception in your copyright law permitting conversion into any format for the disabled without permission?
Not yet.
What is the level of development at Mada in terms of assistive technologies? Specifically screen readers in Arabic.
Mada is extremely busy in supporting both commercial and open source development of AT in Arabic. We have eight projects due to announce in the very near future. Screen readers are well developed in Arabic, but we are looking forward to seeing a more basic text to speech tool created to lower the cost of entry point for blind users on a limited budget.
Does Mada have any collaborative development with surrounding Arabic nations?
We welcome collaborations across the region and internationally. We speak regularly to organisations in Dubai, Abu Dhabi and then more widely to Egypt and Tunisia. Collaboration is very much central to our approach.
Approximately how many organizations are working actively in Qatar on accessibility for Persons with Disabilities? (Name any)
Mada is the hub for accessibility in Qatar. But we work closely with the Shafallah Center for Special Needs, Al Noor Institute for the Blind and Hamad Medical Corporation.
Kindly share some details about the different areas of work of Mada centre?
Probably best to look at our new updated website www.mada.org.qa, and http://mada.org ;http://twitter.com/madaQATC or http://facebook.com/madaQATC.
What do you feel are important factors/ resources which are helpful to you in your advocacy?
Maintaining effective networks both within Qatar and beyond. One ambition is to establish an online forum whereby the views of disabled people on priorities for digital inclusion can be gleaned.
And what are the kinds of resources that PWDs would find useful if they had access to?
Great levels of Arabic accessible digital content and Arabic supported assistive technologies.
There is a draft ICT accessibility legislation. What are the highlights of this draft policy?
The policy is wide ranging and identifies targets for government websites, banks and telecoms.
How long do you think it may take to get it adopted and what are the implications for the Government, NGOs, industry and others?
Unable to answer this currently.
Do you at Mada have any digital libraries for the blind? If yes, approximately how many books are there?
No. But we are collaborating with Bookshare internationally to deliver this.
Is Mada, Centre of Assistive Technology able to exchange books with neighbouring countries?
Yes, where licences allow, we choose Bookshare as our partner to encourage international sharing of books for the disabled community.
At Mada, you do focus a lot on training. What are your different target audiences?
Training people with a disability in both accessible IT training and assistive technologies
Professionals including teachers and therapists
Parents and family
IT professionals including Web developers
Human resource professionals and employers.
How many people have you trained to date?
Over 200 including the first accredited AT training in Qatar for 20 participants.
Anything about Mada disability legislation which is relevant to ICT accessibility?
N/A.
Did Qatar sign the UNCRPD? How is implementation going on?
Yes, Mada is a direct response to that action.
Any specific details about web accessibility, audits/ evaluations conducted to look at accessibility of public web sites- details. (Any report which is available in English?)
We are completing an initial benchmarking study currently – no details have yet been made available. We are completing around 2 full site audits a month on major private and govt sector websites and feedback is being provided directly to those organisations to develop an action plan.

Thank you

Maureen Agena

About the Mada Centre

Mada (Qatar Assistive Technology Centre) is committed to using assistive technologies (AT) as a means of creating more accessible workplaces. As part of connecting people with disabilities to the world of information and communication technology, Mada launched a nationwide accessibility initiative with its partners, Qatar Telecom (Qtel) and Vodafone Qatar on 7 December 2010. The purpose of the initiative named "Connected" will ensure that persons with disabilities do not have to pay more than others to use mobile telecommunications technology.

The centre enables adults and children with disabilities to use computers, mobile devices and the Internet at home by offering a full range of services and resources related to assistive technologies. At Mada, people of all ages, with any type of disability are able to visit the interactive resources centre to try out the latest assistive technology and access assessment and training services. The Mada team is able to assist in choosing a suitable solution through impartial and expert advice.

For more details visit https://cis-india.org/accessibility/interview-mada-centre

IP Addresses and Expeditious Disclosure of Identity in India

Prashant Iyengar — 2012-12-14T10:20:59Z

In this research, Prashant Iyengar reviews the statutory mechanism regulating the retention and disclosure of IP addresses by Internet companies in India. Prashant provides a compilation of anecdotes on how law enforcement authorities in India have used IP address information to trace individuals responsible for particular crimes.

Over the past decade, with the rise in numbers of users, the internet has become an extremely fraught site that has been frequently used in India for the perpetration of a range of 'cyber crimes' — from extortion to defamation to financial fraud. In a revealing statistic, in 2010, the Mumbai police reportedly "received 771 complaints about internet-related offences, 319 of which were from women who were the victims of fake profiles, online upload of private photographs and obscene emails."[1]

Law enforcement authorities in India have not exactly lagged behind in bringing these new age cyber criminals to book, and have installed special ‘Cyber crime cells’ in different cities to combat crimes on the internet. These cells have been particularly adept at using IP Addresses information to trace individuals responsible for crimes. Very briefly, an Internet Protocol address (IP address) is a numeric label – a set of four numbers (Eg. 202.54.30.1) - that is assigned to every device (e.g., computer, printer) participating on the internet. [2] Website operators and ISPs typically maintain data logs that track the online activity of each IP address that accesses their services. Although IP Addresses refer to particular computers – not necessarily individual users – it is possible to trace these addresses backwards to expose the individual behind the computer. [3] As even a casual Google search with the phrase “IP, police, India” would reveal, police authorities in different cities in India have been quite successful in employing this technology to trace culprits.

However, along with its utility in the detection of crime, the tracking of persons by their IP addresses is potentially invasive of individuals’ privacy. In the absence of a culture of strict adherence to the ‘rule of law’ by the police apparatus in India, the unbridled ability to track persons through IP addresses has the potential of becoming an extremely oppressive tool of surveillance.

In this short note, we review the statutory mechanism regulating the retention and disclosure of IP addresses by internet companies in India. In order to provide context, we begin with a compilation of anecdotes on how various law enforcement authorities in India have used IP address information to trace individuals responsible for particular crimes.

Examples of use and abuse by Indian authorities

As mentioned above, the online media has been humming with stories which indicate the extent to which IP Addresses has become a useful and frequently deployed weapon in the arsenal of law enforcement agencies:

In May 2010, an Army officer stationed in Mumbai was arrested for distributing child pornography from his computer. [4] He was traced by the Mumbai Police after the German Federal Police alerted Interpol that objectionable pictures were being uploaded from the IP address he was using.
In February 2011, Cyber Crime Police in Mumbai sought IP address details of a user who had posted ‘Anti Ambedkarite’ content on Facebook – the popular social networking site. [5]
In February 2008, internet search company Google was ordered by the Bombay High Court to reveal "particulars, names and the address of the person" who had posted defamatory content against a company on Google’s blogging service Blogger.[6]
In September 2009, a man was arrested by the Delhi Police in Mumbai for blackmailing classical musician Anoushka Shankar. The culprit had allegedly hacked into her email account and downloaded copies of personal photographs. He was traced by using his IP address.[7]
In April 2010, Gurgaon Police arrested a teenage boy for allegedly posting obscene messages about an actress on Facebook. The newspaper account reports that "During investigations, the police browsed through several service providers and finally zeroed in on BSNL, which helped them trace the sender's IP address to someone called 'Manoj Gupta' in Gurgaon. A team of policemen were sent to Gurgaon but the personnel found out that Manoj Gupta was fictitious name which the teenager was using in his IP address. The police arrested the accused as well as seized the hardisk of his personal computer." [8]
In February 2011, the police traced a missing boy who had run away from home, by following the IP address trail he left when he updated his Facebook profile status. [9]

What is clearly evident from these accounts is a growing awareness and enthusiasm on the part of Indian law enforcement agencies to use IP address trails as a routine part of their criminal investigative process. While this is not unwelcome, considering the kinds of grievances listed above and the backdrop a dismal record of criminal enforcement in India, there is also a flip side. In a shocking incident in August 2007, Lakshmana Kailash. a techie from Bangalore was arrested on the suspicion of having posted insulting images of Chhatrapati Shivaji, a major historical figure in the state of Maharashtra, on the social-networking site Orkut. [10] The police identified him based on IP address details obtained from Google and Airtel – Lakshmana’s ISP. He was brought to Pune and jailed for 50 days before it was discovered that the IP address provided by Airtel was erroneous. The mistake was evidently due to the fact that while requesting information from Airtel, the police had not properly specified whether the suspect had posted the content at 1:15 p.m. or a.m.

Taking cognizance of his plight from newspaper accounts, the State Human Rights Commission subsequently ordered the company to pay Rs 2 lakh to Lakshmana as damages.[11] This incident sounds a cautionary note, amidst so many celebratory accounts, signalling that grave human rights abuses could result from the unchecked use of this technology.

These are just seven out of scores of instances of Indian investigative authorities tracing culprits using IP addresses. The crimes range from blackmail to impersonation, to defamation to planning terror attacks. Seldom in these cases has a court order actually been required by the agency that discloses the IP address of the individual.[12] Clearly there seems to be a very easy relation between law enforcement agencies in India one the one hand, and Internet Service Providers and online services such as Google and Facebook on the other.

Google’s own ‘Transparency Report’[13] which provides statistics on the number of instances where Governments agencies have approached the company demanding information or take-down, states that that it received close to 1700 ‘data requests’ from Indian authorities between January to June 2010 – ranking India 3rd globally in terms of such requests behind the United States and Brazil. That a high percentage – 79% - of these requests have been complied with indicate that within a short span of time, ‘Indian authorities’ have discovered in Google, a reliable and pliable ally in seeking information about their subjects. In 2007, Orkut -a social-networking site owned by Google- even entered into a co-operation agreement with the Mumbai police in terms of which “'forums' and 'communities'” which contained “defamatory or inflammatory content” would be blocked and the IP addresses from which such content has been generated would be disclosed to the police. [15]

Although similar transparency reports are not forthcoming from the other Internet giants such as Yahoo or Facebook, one may presume that this co-operation has not been withheld by them. [16]

In the sections that follow, we outline the legal framework that facilitates this co-operation between law enforcement authorities and web service providers.

Lawful disclosure of IP Addresses

In this section, we are seeking a legal source for the compulsion of ISPs and intermediaries (including websites) to disclose IP Address data. Are there guidelines in Indian law on how much information must be disclosed, under what circumstances and for how long?

Broadly, there are four sources to which we may trace this regime of disclosure and co-operation. Firstly, ISPs are required, under the operating license they are issued under the Telegraph Act, to provide assistance to law enforcement authorities. Secondly, the Information Technology Act contains provisions which empower law enforcement authorities to compel information from those in charge of any ‘computer resources’. Reciprocally, ‘intermediaries’ – including ISPs and websites - are charged under new Rules under the IT Act with co-operating with government agencies on pain of exposure to financial liability. Thirdly, the Code of Criminal Procedure defines the scope of police powers of investigation which include powers to interrogate and summon information and Fourthly, individual subscribers enter into contracts with ISPs and web services which do not offer any stiff assurances of privacy with regard to the IP Address details.

The sections that follow offer greater detail on each of these areas of the law.

Monitoring of internet users under the ISP licenses

ISPs are regulated and operate under a license issued under the Telegraph Act 1885. Section 5 of the Telegraph Act empowers the Government to take possession of ‘licensed telegraphs’ and to order interception of messages in cases of ‘public emergency’ or ‘in the interest of the public safety’. Interception may only be carried out pursuant to a written order by an officer specifically empowered for this purpose by the State/Central Government. The officer must be satisfied that “it is necessary or expedient so to do in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence."

Although the statute governs the actions of ISPs in a general way, more detailed guidelines regulating their behaviour are contained in the terms of the licenses issued to them which set out the conditions under which they are permitted to conduct business. The Internet Services License Agreement (which authorizes ISPs to function in India) contains provisions requiring telecom operators to safeguard the privacy of their consumers or to co-operate with government agencies when required to do so. Some of the important clauses in this agreement are:

Part VI of the License Agreement gives the Government the right to inspect/monitor the ISPs systems. The ISP is responsible for making facilities available for such interception.
Clause 32 under Part VI contains provisions mandating the confidentiality of information held by ISPs. These provisions hold ISPs responsible for the protection of privacy of communication, and to ensure that unauthorised interception of message does not take place. Towards this, ISPs are required:

to take all necessary steps to safeguard the privacy and confidentiality of any information about a third party and their business to whom they provide service and from whom they have acquired such information by virtue of those service and shall use their best endeavours to secure that :
to ensure that no person acting on behalf of the ISPs divulge or uses any such information except as may be necessary in the course of providing such service to the Third Party; and
This safeguard however does not apply where (i) The information relates to a specific party and that party has consented in writing to such information being divulged or used, and such information is divulged or used in accordance with the terms of that consent; or (ii) The information is already open to the public and otherwise known.
To take necessary steps to ensure that any person(s) acting on their behalf observe confidentiality of customer information.

Clause 33.4 makes it the responsibility of the ISP to trace nuisance, obnoxious or malicious calls, messages or communications transported through its equipment.
Clause 34.8 requires ISPs to maintain a log of all users connected and the service they are using (mail, telnet, http etc.). The ISPs must also log every outward login or telnet through their computers. These logs, as well as copies of all the packets originating from the Customer Premises Equipment (CPE) of the ISP, must be available in REAL TIME to Telecom Authority. The Clause forbids logins where the identity of the logged-in user is not known.
Clause 34.12 and 34.13 requires the ISP to make available a list of all subscribers to its services on a password protected website for easy access by Government authorities.
Clause 34.16 requires the ISP to activate services only after verifying the bonafides of the subscribers and collecting supporting documentation. There is no regulation governing how long this information is to be retained.
Clause 34.22 makes it mandatory for the Licensee to make available “details of the subscribers using the service” to the Government or its representatives “at any prescribed instant”.
Clause 34.23 mandates that the ISP maintain "all commercial records with regard to the communications exchanged on the network” for a period of “at least one year for scrutiny by the Licensor for security reasons and may be destroyed thereafter unless directed otherwise by the licensor".
Clause 34.28 (viii) forbids the ISP from transferring the following information to any person/place outside India:

Any accounting information relating to subscriber (except for international roaming/billing) (Note: it does not restrict a statutorily required disclosure of financial nature) ; and
User information (except pertaining to foreign subscribers using Indian Operator’s network while roaming).

Clause 34.28(ix) and (x) require the ISP to provide traceable identity of their subscribers and on request by the Government must be able to provide the geographical location of any subscriber at any given time.
Clause 34.28(xix) stipulates that “in order to maintain the privacy of voice and data, monitoring shall only be upon authorisation by the Union Home Secretary or Home Secretaries of the States/Union Territories”. (It is unclear whether this is to operate as an overriding provision governing all other clauses as well).

From the list above, it is very clear that by the terms of their licenses, ISPs are required to maintain extensive logs of user activity for unspecified periods. However, it is unclear, in practice, to what extent these requirements are being followed by ISPs. For instance, an article in the Economic Times in December 2010 [18] reports:

"The Intelligence Bureau wants internet service providers, or ISPs, to keep a record of all online activities of customers for a minimum of six months. Currently, mobile phone companies and internet service providers do not keep online logs that track the web usage pattern of their customers. They selectively monitor online activities of only those customers as required by intelligence and security agencies, explained an executive with a telecom company." (emphasis added)

The news report goes on to disclose the ambitious plans of the Intelligence Bureau to “put in place a system that can uniquely identify any person using the internet across the country” through “a technology platform where users will have to mandatorily submit some form of an online identification or password to access the internet every time they go online, irrespective of the service provider.” Worryingly, the report goes on to discuss the setting up by the telecommunications department of “India's indigenously-built Centralised Monitoring System (CMS), which can track all communication traffic—wireless and fixed line, satellite, internet, e-mails and voice over internet protocol (VoIP) calls—and gather intelligence inputs. The centralised system, modeled on similar set-ups in several Western countries, aims to be a one-stop solution as against the current practice of running several decentralised monitoring agencies under various ministries, where each one has contrasting processing systems, technology platforms and clearance levels.” Although as of this writing, this CMS is not yet fully functional, its launch seems to be imminent and will inaugurate with it, an era of constant and continuous surveillance of all internet users.

Provisions under the IT Act 2000

The IT Act enables government agencies to obtain IP Address details from intermediaries, including ISPs, by following a stipulated procedure. In addition, it enjoins intermediaries to co-operate with law enforcement agencies as a part of their due-diligence behaviour.

In a parallel, seemingly conflicting move, the IT Act also requires intermediaries to observe stiff Data Protection norms. In the sub-sections that follow, we look at each of these various provisions under the IT Act.

Interception and Monitoring of computer resources

There are two regimes of interception and monitoring information under separate sections the Information Technology Act. Both would seem capable of authorising access of IP Addresses, among other information to government agencies.

Section 69 deals with “Power to issue directions for interception or monitoring or decryption of any information through any computer resource”.

In addition, the Government has been given a more generalised monitoring power under Section 69B to “monitor and collect traffic data or information generated, transmitted, received or stored in any computer resource”. This monitoring power may be used to aid a range of “purposes related to cyber security.”[19] “Traffic data” has been defined in the section to mean “any data identifying or purporting to identify any person, computer system or computer network or any location to or from which communication is or may be transmitted.”

Rules have been issued by the Central Government under both these sections which are similar, although with important distinctions. These rules stipulate the manner in which the powers conferred by the sections may be exercised.

The important difference between the two sections is that while Section 69 provides a mechanism whereby specific computer resources can be monitored in order to learn the contents of communications that pass through such resource, Section 69B by contrast provides a mechanism for obtaining ‘meta-data’ about all communications transacted using a computer resource over a period of time – their sources, destinations, routes, duration, time etc without actually learning the content of the messages involved. The latter type of monitoring is specifically in order to combat threats to ‘cyber security’, while the former can be invoked for a number of purposes such as the securing of public order and criminal investigation. [21]

However, this distinction is not very sharp – an interception order under Section 69 directed at a computer resource located in an ISP can yield traffic data in addition to the content of all communications. Thus for instance, if a direction was passed ordering my ISP to intercept “all communications sent or received by Prashant Iyengar”, the information obtained by such interception would include a resume of all emails exchanged, websites visited, files downloaded etc. In such a case, a separate order under Section 69B would be unnecessary. An important clue about their relative importance may lie in the different purposes for which each section may be invoked coupled with the fact that while directions under Section 69 can be issued by officers both at the central and state level, directions under Section 69B can only be issued by the Secretary of the Department of Information Technology under the Union Ministry of Communications and Information Technology. [22] This indicates that the collection of traffic data by the government under Section 69B is intended to facilitate the securing of India’s ‘cyber security’ from possible external threats – a Defence function – while the interception powers under Section 69 are to be exercised for more domestic purposes as aids to Police functions.

The rules framed under Section 69 and Section 69B contain important safeguards stipulating, inter alia, to a) Who may issue directions b) How are the directions to be executed c) The duration they remain in operation d) to whom data may be disclosed e) Confidentiality obligations of intermediaries f) Periodic oversight of interception directions by a Review Committee under the Telegraph Act g)maintenance of records of interception by intermediaries h) Mandatory destruction of information in appropriate cases.

Although these sections provide powerful tools of surveillance in the hands of the state, these powers may only be exercised by observing the rather tedious procedures laid down. In the absence of any data on interception orders, it is unclear to what extent these powers are in fact being used in the manner laid down. Certainly, from the instances cited in the beginning of this paper, the police departments in the various states do not seem to need to invoke these powers in order to obtain IP Address information from ISPs or websites. This information appears to be available to them merely for the asking. How do we account for this unquestioning pliancy on the part of the ISPs?

In February 2011, Reliance Communications, a large telecom service provider disclosed to the Supreme Court that over a hundred and fifty thousand telephones had been tapped by it between 2006 and 2010 – almost 30,000 a year. A majority of these interceptions were conducted based on orders issued from state police departments whose legal authority to issue them is suspect. New rules framed under the Telegraph Act in 2007 required such orders to be issued only by a high-ranking Secretary in the Department/Ministry of Home Affairs. [23] The willing compliance by Reliance with the police’s requests indicates both their own as well as the police’s blithe unawareness about the change in the regime governing tapping. Things seem to have continued just as before through pure inertia.

To return to the question about why ISPs comply with police requests, it is conceivable that this same inertia, and an intuitive confidence both on the part of the police and the ISPs that they would not be made to answer for their disclosures, is what explains the ready and expeditious access that ISPs give police departments to IP Address details. In the next sub-section we examine intermediary liability rules which require intermediaries to positively disclose personal information to law enforcement authorities.

Data Protection Rules

Section 43A of the IT Act obliges corporate bodies who ‘possess, deal or handle’ any ‘sensitive personal data’ to implement and maintain ‘reasonable’ security practices, failing which, they would be liable to compensate those affected by any negligence attributable to this failure.

In April 2011, the Central Government notified rules under section 43A of the Information Technology Act in order to define “sensitive personal information” and to prescribe “reasonable security practices” that body corporates must observe in relation to the information they hold. Since traffic data including IP Address data is one kind of personal information that ISPs hold, and since all ISPs are ‘body corporates’, these rules apply to them equally and define the terms on which they may deal with such information.

Rule 3 of these Rules designates various types of information as ‘sensitive personal information’ including passwords, medical records etc.[25] Significantly, for the purposes of this paper, IP address details are not included in this list.

Body Corporates are forbidden from collecting any information without prior consent in writing for the proposed usage. Further, Sensitive personal information may not be collected unless - (a) the information is collected for a lawful purpose connected with a function or activity of the agency; and (b) the collection of the information is necessary for that purpose. [Rule 5]

Rule 4 enjoins a body corporate or its representative who “collects, receives, possess, stores, deals or handles” data to provide a privacy policy “for handling of or dealing in user information including sensitive personal information”. This policy is to be made available for view by such “providers of information” including on a website. The policy must provide the following details:

Clear and easily accessible statements of its practices and policies;
Type of personal or sensitive information collected;
Purpose of collection and usage of such information;
Disclosure of such information as provided in rule 6 [27]
Reasonable security practices and procedures as provided under rule 8.

Rule 6 enacts as a general rule that disclosure of information “by the body corporate to any third party shall require prior permission from the provider of such information”. Consent is, however, not required, “where disclosure is necessary for compliance of a legal obligation”. This is further fortified by a proviso to the rule which stipulates the mandatory sharing of information “without obtaining prior consent from provider of information, with Government agencies mandated under the law to obtain information including sensitive personal data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences.” In such a case, the Government agency is required to “send a request in writing to the body corporate possessing the sensitive personal data or information stating clearly the purpose of seeking such information.” The government agency is also required to “state that the information thus obtained will not be published or shared with any other person.” [28]

Sub Rule (2) of Rule 6 requires “any Information including sensitive information” to be “disclosed to any third party by an order under the law for the time being in force.” This sub-rule does not distinguish between orders issued by a court and those issued by an administrative/quasi-judicial body.

Rule 8 requires body corporates to implement documented security standards such as the international Standard IS/ISO/IEC 27001 on "Information Technology - Security Techniques - Information Security Management System”.

What is curious about these rules is that its provisions, particularly those relating to lawful disclosure, appear to go much further than the limited purpose authorised by section 43A under which they are framed. Section 43A is intended only to fix liability for the negligent disclosure of information by body corporates which results in wrongful loss. It is not intended to inaugurate a regime of mandatory disclosure, as the Rules attempt to do. In positively requiring, body corporates to disclose information upon a mere request by any ‘government agency’, these rules attempt to create a parallel, much softer mechanism by which the same information that is dealt with under Sections 69 and 69A and rules framed under them can be accessed by a far wider range of governmental actors.

Even more curious is the fact that the only legal consequence to the ISP for its negligence in disclosing information to government agencies as stipulated in the rules is that it exposes itself to possible civil liability from the ‘person affected’. [29] Thus, conceivably, if an ISP failed to disclose IP Address data of its users to the police at the instance of, say, targets of online financial fraud, they can be sued by the victims of such fraud. With no incentive to assume this ridiculous burden, it is foreseeable that ISPs would hasten to comply with every request for information from a government agency– however whimsically issued.

Intermediary Due Diligence

Section 79 of the IT Act makes intermediaries, including ISPs liable for third party content hosted or made available by them unless they observe ‘due diligence’, follow prescribed guidelines and disable access to any unlawful content that is brought to their attention. Rules were notified under this section in April 2011 which defined the ‘due diligence’ measures they were required to observe. [30]

Accordingly, ISPs are required to forbid users from publishing, uploading or sharing any information that:

belongs to another person and to which the user does not have any right to;
is grossly harmful, harassing, blasphemous defamatory, obscene, pornographic, paedophilic, libellous, invasive of another's privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;
harm minors in any way;
infringes any patent, trademark, copyright or other proprietary rights;
violates any law for the time being in force;
deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;
impersonates another person;
contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource;
threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting any other nation

Upon being notified by any ‘affected person’ who objects to such information in writing, the ISP is required to “act within thirty six hours and where applicable, work with user or owner of such information to disable such information”. [31]

Further, “when required by lawful order”, the ISP, website or any other intermediary “shall provide information or any such assistance to Government Agencies who are lawfully authorised for investigative, protective, cyber security activity. The information or any such assistance shall be provided for the purpose of verification of identity, or for prevention, detection, investigation, prosecution, cyber security incidents and punishment of offences under any law for the time being in force, on a request in writing staling clearly the purpose of seeking such information or any such assistance.”

Visible here is the same attempt at subversion of Sections 69 and 69B as discussed in the previous section under the Data Protection Rules. Failure to observe these ‘due diligence’ measures – including disclosure of IP Address details – would expose ISPs and web-services like Google and Facebook to civil liability under Section 79, a risk they would not likely or lightly wish to assume.

Police powers of investigation

Apart from the provisions under the IT Act, to what extent are the police in India empowered under the Criminal Procedure Code to simply requisition information - including IP Addresses of suspects - from ISPs and Websites? In the course of routine investigation into other offences, the police have wide powers to summon witnesses, interrogate them and compel production of documents. Can these powers be invoked to obtain IP Address information? Are ISPs and Websites somehow immune from complying with these requirements?

Section 91 of the Code of Criminal Procedure empowers courts or police officers to call for, by written order, the production of documents or other things that are “necessary or desirable” for the purpose of “any investigation, inquiry, trial or other proceeding under the Code”.

Sub-section 3 of this section however limits the application of this power by exempting any “letter, postcard, telegram, or other document or any parcel or thing in the custody of the postal or telegraph authority.” Such documents can only be obtained under judicial scrutiny by following a more rigorous procedure laid down in Section 92. Under this section, it is only if a “District Magistrate, Chief Judicial Magistrate, Court of Session or High Court” is of the opinion that “any document, parcel or thing in the custody of a postal or telegraph authority is.. wanted for the purpose of any investigation, inquiry, trial or other proceeding under this Code” that such document, parcel or thing can be required to be delivered to such Magistrate or Court.

However the same section empowers lesser courts and officers such as “any other Magistrate, whether Executive or Judicial, or of any Commissioner of Police or District Superintendent of Police” to require “the postal or telegraph authority, as the case may be .. to cause search to be made for and to detain such document, parcel or thing” pending the order of a higher court.

Section 175 makes it an offence for a person to intentionally omit to produce a document which he is legally bound to produce. In case the document was to be delivered to a public servant or police officer, such omission is punishable with simple imprisonment of up to one month, or with fine up to five hundred rupees or both. If the document was to be delivered to a Court of Justice, omission could invite simple imprisonment up to six with or without a fine of one thousand rupees.

In the context of our discussion on IP Addresses, the following questions emerge:

Are ISPs “telegraph authorities” so that the police are ordinarily prohibited from requisitioning information from them without obtaining orders from a court.
Similarly are Webmail and social networking sites “telegraph or postal authorities” so that securing information from them requires the following of the special procedure laid down in Section 92

Section 3(6) of the Indian Telegraph Act, 1885 defines "telegraph authority" as “the Director General of [Posts and Telegraphs], and includes any officer empowered by him to perform all or any of the functions of the telegraph authority under this Act”. This would seem to exclude all private sector ISPs from the definition, presumably opening them up to ordinary summons issued under Section 91.

However, Section 3(2) defines a "telegraph officer" to mean “any person employed either permanently or temporarily in connection with a telegraph established, maintained or worked by [the Central Government] or by a person licensed under this Act;” Under this section, employees of private ISPs such as Airtel would also be regarded as “telegraph officers” and if we can extend this logic, with some interpretative work, the ISPs themselves might be regarded as “telegraph authorities”. In the absence of definite rulings by the judiciary on this question, however, the ordinary presumption would be that private ISPs are not “telegraph authorities” and are answerable, like all private companies, to requisitions made under Section 91.

This leaves open the question of whether a government company like BSNL would count as a ‘telegraph authority’. If it is, then it would put internet communications conducted through BSNL on a more secure footing than through other ISPs. As things stand, however, it appears that BSNL seems to be extending its co-operation to the police in tracking mischief online , in the same manner as other ISPs.

The second question is relatively more straightforward. The definition of “Post Office” in the Indian Post Office Act 1898 restricts its meaning to “the department, established for the purposes of carrying the provisions of this Act into effect and presided over by the Director General [of Posts and Telegraphs]” (Section 2k). Despite their primary functions as email providers, it seems unlikely that any magistrate would interpret webmail providers like Hotmail and Google as “postal authorities” so as to be immune from police summonses under Section 91. Such an interpretation would, nevertheless, be in keeping with the spirit of the postal exemptions, since these sections seem to be aimed at requiring judicial oversight before the privacy of communications may be disturbed. It would be fitting for an amendment to be introduced to the Code of Criminal Procedure to update these sections in line with new technological developments.

Before parting with this section, it must be asked whether the procedure under the IT Act or the CrPC must be followed. Section 81 of the Information Technology Act unequivocally declares that act to have “overriding effect” “notwithstanding anything inconsistent therewith contained in any other law for the time being in force.” This seems to suggest that at least with respect to interception of electronic communications and obtaining traffic data, the provisions of the CrPC would be overridden by the procedure laid down by the rules under the IT Act. The evidence from the practice of the Indian police routinely obtaining IP Address from web service providers and ISPs seems to suggest that the IT Act has not been invoked in these transactions. This is a trend that is likely to continue until their legality is questioned in a court of law.

Subscriber Contracts with web service providers

In addition to statutory provisions mandating the disclosure of IP Address information, such disclosure may also be permissible by the terms under which individual websites provides their services. Two examples would suffice here:

Google’s privacy policy which governs its full range of services from its popular search service to Gmail, as well as the groups and blogging services, states that the company will disclose personal information inter alia if

"We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of Google, its users or the public as required or permitted by law."

Information collected by Google includes server logs which include the following information: "your web request, your interaction with a service, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser or your account." [34]

Similarly, social networking site Facebook contains an equally expansive ‘lawful disclosure’ clause in its Privacy Policy [35] which states that the company will disclose information:

"To respond to legal requests and prevent harm. We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters) if we have a good faith belief that the response is required by law. This may include respecting requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law under the local laws in that jurisdiction, apply to users from that jurisdiction, and are consistent with generally accepted international standards. We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities."

Information collected by Facebook includes information about the device (computer, mobile phone, etc) about your browser type, location, and IP address, as well as the pages visited. [36]

Examples of such clauses abound and it would be fair to assume that almost every corporate website one visits has analogously worded terms of service permitting ‘lawful disclosure’. This contractual backdoor negatives any expectation of absolute privacy of IP Address details that one might mistakenly have harboured.

Conclusion

As indicated in the introduction, IP addresses have proven to be a dependable way for the police in India to track down a range of cyber-criminals – from financial frauds, to vengeful spurned-lovers, to blackmailers and terrorists. The novelty of ‘cyber crimes’, as well as the relative high-tech ease of their resolution makes for attractive press, and offers an inexpensive way for police departments to accrue some credibility and goodwill for themselves. So long as the police track down genuine culprits, the question of privacy violations will necessarily remain suppressed since, in the words of the Supreme Court “the protection [of privacy] is not for the guilty citizen against the efforts of the police to vindicate the law." [37] However it is the possibility of an increase in egregious cases such as those of Lakshmana Kailash, mentioned above, wrongfully jailed for 50 days on account of a technical error, that reveals the pathologies of the unchecked system of IP Address disclosure that prevails today.

Legal regimes in the West have largely been indecisive about whether to characterize the maintenance of IP Address logs as handmaids for Orwellian thought-policing, or merely as implements that aid the apprehension of cyber criminals who have no legitimate expectation of privacy. Their laws typically come with procedural safeguards such as mandatory notices to affected persons [38], and judicial review which greatly mitigate the severity of these disclosures when they do occur.

Far from incorporating such safeguards, the various layers of Indian law create an atmosphere that is intensely hostile to the withholding of such information by ISPs and intermediaries. Overlapping layers of regulation between the Telegraph Act and the IT Act, and the conflict among various rules under the IT Act have created a climate of such indeterminacy that immediate compliance with even the most capricious of information demands by any government agency is the only prudent recourse for ISPs and other intermediaries. The DoT has issued a circular requiring the registration of public and domestic wifi networks to facilitate greater precision in tracking individuals behind IP Addresses. [39] For the same purpose, new Cyber Café Rules under the IT Act require extensive registers and logs to be maintained that track the identity of every user and the websites they have visited. [40] And if the full ambitions of the Unique Identity Numbering Scheme and the Centralised Monitoring System are realized, we will shortly be headed for exactly the kind of persistent surveillance society that Orwell wrote so fondly about.

The Indian judiciary, which could have played a counterbalancing role to the legislature’s apathy towards privacy and the executive’s increasingly totalitarian tendencies, has so far not risen to the challenge. The Supreme Court has repeatedly condoned the obtaining of evidence through illegal means, [41] and this has rendered the requirement of adherence to procedural due process by the police merely optional. This guarantee of judicial inaction in the face of executive illegality will be the biggest stumbling block to the securing of privacy – despite the occasionally good intentions of the legislature.

So, in the absence of a general assurance of privacy of our internet communications, where does one look to for hope? I would venture to suggest that there are four sources of optimism:

Notwithstanding the iron determination of the Central Government to install a panoptic communication surveillance system, the realization and smooth functioning of these technocratic fantasies will depend on the reconfiguration of the relative powers of various ministries at the Central Level– chiefly the Ministry of Communications and Information Technology and the Home Ministry – and between the Centre and the State. One can rely, one feels, on the unwillingness of various ministries to cede their powers to forestall or at least delay or diminish the execution of this project. The success of the technology, in other words, is not as much in doubt as the success of the politics. Privacy will triumph in this ‘failure’ of politics. I advance this point naively and with only the slightest sense of irony.
Another ironic point : I suggest the ingenious and very Indian phenomena of inefficiency and ignorance as robust privacy safeguards. How does one account for the fact that despite heavily worded and repeated invocations of disclosure requirements in the ISP licenses for almost a decade, it was not until December 2010 that the Home Ministry tentatively suggests to ISPs that IP records must be kept for a minimum of six months? This despite the fact that the ISP license itself requires that such records be kept for one year. How does one explain the unanimous blinking astonishment of the industry at this suggestion, other than they expected never to have to implement it? Or that the extensive logs that cyber café owners are required to maintain about their clientele are seldom checked? [43] In India it seems to be an unstated element of the business climate that one can reliably depend on the non-enforcement of contractual clauses. Sometimes this inefficiency on the part of the state has inadvertent privacy-preserving effects.
The power of the state to rely on IP Addresses depends on the availability of global internet behemoths such as Microsoft, Google, Facebook and Yahoo who are vulnerable to bullying in order to maintain their transnational empires. In each of the success stories mentioned at the start of this paper, IP Address details were obtained from one of the big companies named, from which the lesson that emerges is that our ability to retain our anonymity will depend on our ability to find smaller, non-Indian substitutes who have nothing to fear from Indian authorities. In June 2010, for instance, the Cyber Crime Police Station, Bangalore sent a notice under Section 91 of the CrPC to the manager of BloggerNews.Net (BNN) seeking the IP Address and details of a user who had allegedly posted “defamatory comments” on BNN about an Indian company called E2-Labs. The manager of BNN bluntly refused to comply stating: “our policy is not to give out that information, BNN holds peoples privacy in high esteem.”[44] The lesson here is that in the future, the ability of Indians to preserve their online ‘privacy’ and freedom of speech will depend on their being able to find sufficiently small overseas clients to host their speech. Conflict of Laws rather than domestic legislation is a more reliable guarantor of privacy.

Notes

[1].Hafeez, M., 2011. A tangled web of vengeance. Times Of India. Available at: http://articles.timesofindia.indiatimes.com/2011-03-28/mumbai/29353669_1_boyfriend-social-networking-police-officer [Accessed June 21, 2011].

[2].Adapted from the Wikipedia entry on IP Address.

[3].McIntyre, Joshua J., Balancing Expectations of Online Privacy: Why Internet Protocol (IP) Addresses Should be Protected as Personally Identifiable Information (August 15, 2010). DePaul Law Review, Vol. 60, No. 3, 2011. Available at SSRN: http://ssrn.com/abstract=1621102 [Accessed June 21, 2011] .

[4].Anon, 2010. Army officer held in city for child porn -. Times Of India. Available at: http://articles.timesofindia.indiatimes.com/2010-05-08/mumbai/28292650_1_hard-disks-obscene-clippings-downloading [Accessed June 15, 2011].

[5].Anon, 2011. Anti-Ambedkar page on Facebook blocked. Hindustan Times. Available at: http://www.hindustantimes.com/Anti-Ambedkar-page-on-Facebook-blocked/Article1-663383.aspx [Accessed May 24, 2011].

[6].Sarokin, David. Google Ordered to Reveal Blogger Identity in Defamation Suit in India:Gremach Infrastructure vs Google India [Internet]. Version 5. Knol. 2008 Aug 15. Available from: http://knol.google.com/k/david-sarokin/google-ordered-to-reveal-blogger/l9cm7v116zcn/7.

[7].Anon, 2009. Mumbai: Man held for blackmailing Anoushka Shanka. Rediff.com. Available at: http://news.rediff.com/report/2009/sep/20/police-arrest-man-for-blackmailing-anoushka-shankar.htm [Accessed May 24, 2011].

[8].Anon, 2010. Cyber cell nets Delhi teen for lewd online posts - Times Of India. Times Of India. Available at: http://articles.timesofindia.indiatimes.com/2010-04-29/mumbai/28116011_1_cyber-cell-cyber-police-abusive-messages [Accessed March 23, 2011].

[9].Hafeez, M., 2011. Police find runaway student “online” - Times Of India. Times Of India. Available at: http://articles.timesofindia.indiatimes.com/2011-02-17/mumbai/28554314_1_social-networking-networking-site-sim-card [Accessed June 21, 2011].

[10].Holla, A., 2009. Wronged, techie gets justice 2 yrs after being jailed. Mumbai Mirror. Available at: http://www.mumbaimirror.com/index.aspx?page=article§id=2&contentid=200906252009062503144578681037483 [Accessed March 23, 2011].

[11].Ibid.

[12].This is not atypical. In the US, for instance, as Joshua McIntyre writes, “While various federal statutes protect similar data such as telephone numbers and mailing addresses as Personally Identifiable Information (PII), federal privacy law does not generally regard IP addresses as information worthy of protection. It has, therefore, become commonplace for litigants to subpoena ISPs to unmask online speakers. Many ISPs have no reason to fight these subpoenas and readily give up their subscribers’ names, addresses, telephone numbers, and other identifying data without demanding any court oversight or providing any notice to the subscriber. Even when courts become involved, a full consideration of the online speaker’s privacy interests is far from certain” Joshua McIntyre, supra note 3 at p.5.

[13].Anon, 2011. User Data Requests - India. Google Transparency Report. Available at: http://www.google.com/transparencyreport/governmentrequests/IN/?p=2010-12&p=2010-12&t=USER_DATA_REQUEST&by=PRODUCT [Accessed June 29, 2011].

[14].Ibid.

[15].Anon, 2007. Orkut’s tell-all pact with cops. Economic Times. Available at: http://articles.economictimes.indiatimes.com/2007-05-01/news/28459689_1_orkut-ip-addresses-google-spokesperson [Accessed June 15, 2011].

[16].In June 2011, Hotmail supplied IP Address details which enabled Delhi Police to trace, with further assistance from Airtel, the sender of obscene emails to a noted actress. Sharma, M., 2011. Priyanka Chopra’s cousin harrassed in Delhi. Mid-Day. Available at: http://www.mid-day.com/news/2011/jun/100611-news-delhi-priyanka-chopra-cousin-Meera-Chopra-harrassed.htm [Accessed June 28, 2011].

[17]. In 1997, the Supreme Court of India held in PUCL v. Union of India that the interception of communications under this section was unlawful unless carried out according to procedure established by law. Since no Rules had been prescribed by the Government specifying the procedure to be followed, the Supreme Court framed guidelines to be followed before tapping of telephonic conversation. These guidelines have been substantially incorporated into the Indian Telegraph Rules in 2007. Rule 419A stipulates the authorities from whom permission must be obtained for tapping, the manner in which such permission is to be granted and the safeguards to be observed while tapping communication. The Rule stipulates that any order permitting tapping of communication would lapse (unless renewed) in two months. In no case would tapping be permissible beyond 180 days. The Rule further requires all records of tapping to be destroyed after a period of two months from the lapse of the period of interception.

[18].Thomas Philip, J., 2010. Intelligence Bureau wants ISPs to log all customer details. Economic Times. Available at: http://articles.economictimes.indiatimes.com/2010-12-30/news/27621627_1_online-privacy-internet-protocol-isps [Accessed June 28, 2011].

[19].The Monitoring Rules list 10 ‘cyber security’ concerns for which Monitoring may be ordered: (a) forecasting of imminent cyber incidents; (b) monitoring network application with traffic data or information on computer resource; (c) identification and determination of viruses/computer contaminant; (d) tracking cyber security breaches or cyber security incidents; (e) tracking computer resource breaching cyber security or spreading virus/computer contaminants; (f) identifying or tracking of any person who has contravened, or is suspected of having contravened or being likely to contravene cyber security; (g) undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resource;(h) accessing a stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force; (i) any other matter relating to cyber security.

[20].Respectively the INFORMATION TECHNOLOGY (PROCEDURE AND SAFEGUARDS FOR INTERCEPTION, MONITORING AND DECRYPTION OF INFORMATION) RULES, 2009, G.S.R. 780(E) (2009), http://www.mit.gov.in/sites/upload_files/dit/files/downloads/itact2000/Itrules301009.pdf (last visited Jun 30, 2011). and INFORMATION TECHNOLOGY (PROCEDURE AND SAFEGUARDS FOR MONITORING AND COLLECTING TRAFFIC DATA OR INFORMATION) RULES, 2009, G.S.R. 782(E) (2009), http://cca.gov.in/rw/resource/gsr782.pdf?download=true (last visited Jun 30, 2011).

[21].Section 69 lists the following grounds for which interception may be ordered : a) sovereignty or integrity of India, b) defense of India, c) security of the State, d)friendly relations with foreign States or e)public order or f)preventing incitement to the commission of any cognizable offence relating to above or g) for investigation of any offence.

[22].Rule 2(d) of the Monitoring and Collecting of Traffic Data Rules 2009.

[23].Telegraph (Amendment) Rules 2007, Available at: http://www.dot.gov.in/Acts/English.pdf [Accessed June 28, 2011].

[24].INFORMATION TECHNOLOGY (REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION), (2011), www.mit.gov.in/sites/upload_files/dit/files/GSR3_10511(1).pdf (last visited Jun 30, 2011).

[25].The full list under Rule 3 includes : password; financial information such as Bank account or credit card or debit card or other payment instrument details ; physical, physiological and mental health condition; sexual orientation; medical records and history; Biometric information; any detail relating to the above clauses as provided to body corporate for providing service; and any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise.

[26].“Provider of data” is not the same as individuals to whom the data pertains, and could possibly include intermediaries who have custody over the data. We feel this privacy policy should be made available for view generally – and not only to providers of information. In addition, it might be advisable to mandate registration of privacy policies with designated data controllers.

[27].This is well framed since it does not permit body corporates to frame privacy policies that detract from Rule 6..

[28].This is a curious insertion since it begs the question as to the utility of such a statement issued by the requesting agency. What are the sanctions under the IT Act that may be attached to a government agencies that betrays this statement? Why not instead, insert a peremptory prohibition on government agencies from disclosing such information (with the exception, perhaps, of securing conviction of offenders)?.

[29].The consequence of disobeying the rules is that the ‘body corporate’ is legally deemed not to have observed ‘reasonable security practices’. Section 43A penalizes such failure if it causes wrongful loss due to the disclosure.

[30].INFORMATION TECHNOLOGY (INTERMEDIARIES GUIDELINES) RULES, (2011), www.mit.gov.in/sites/upload_files/dit/files/GSR3_10511(1).pdf (last visited Jun 30, 2011).

[31].The easily-affronted have thus been provisioned with a cheaper, swifter and more decisive means of curtailing free speech, where courts in India might have dithered ponderously instead Or they might not have. As of this writing, an obscure court in a Silchar, Assam issued an ex-parte injunction prohibiting the online publication of a highly-acclaimed biopic about Arindam Chaudhuri – a self-proclaimed ‘management guru’ who has gained notoriety in India due the questionable nature of a management institute that he runs. The choice of this particular court as the venue to file the suit, rather than one in New Delhi where both the plaintiff and the publisher reside, coupled Chaudhuri’s consistent success in obtaining such plenary gag-orders from this judge against any content he deems unflattering to himself, strongly suggests foul-play. Although this is not a typical case, it does caution against placing too much optimism on supposed judicial restraint and conservativeness. Anon, 2011. IIPM’s Rs500-million lawsuit against The Caravan. The Caravan, 3(6). Available at: http://caravanmagazine.in/Story/950/IIPM-s-Rs500-million-lawsuit-against-The-Caravan.html [Accessed June 28, 2011].

[32].See Ali, S.A., 2010. Cyber cell nets Delhi teen for lewd online posts. Times Of India. Available at: http://articles.timesofindia.indiatimes.com/2010-04-29/mumbai/28116011_1_cyber-cell-cyber-police-abusive-messages [Accessed March 23, 2011]. (“During investigations, the police browsed through several service providers and finally zeroed in on BSNL, which helped them trace the sender's IP address to someone called 'Manoj Gupta' in Gurgaon. A team of policemen were sent to Gurgaon but the personnel found out that Manoj Gupta was fictitious name which the teenager was using in his IP address. The police arrested the accused as well as seized the hardisk of his personal computer.”); See also Rehman, T., 2008. A Case For Fools? Tehelka. Available at: http://www.tehelka.com/story_main40.asp?filename=Ws181008case_fools.asp [Accessed June 30, 2011].(“ The state police reportedly traced the email to the cyber café through its IP address. “We traced the email to a BSNL line. The BSNL has a cell in Bangalore to track such details. They traced the number to that particular cyber café in Shillong,” S.B. Singh, IGP (special branch) Meghalaya police told TEHELKA”)..

[33].Anon, 2010. Privacy Policy. Google Privacy Center. Available at: http://www.google.com/privacy/privacy-policy.html [Accessed June 28, 2011].

[34].Ibid.

[35].Anon, 2010. Privacy Policy. Facebook. Available at: http://www.facebook.com/policy.php [Accessed June 28, 2011].

[36].Ibid.

[37].R. M. Malkani v State Of Maharashtra AIR 1973 SC 157, 1973 SCR (2) 417.

[38].Eg. Title 18 US Code § 2703 provides for mandatory notice in case of wiretapping with a provision of ‘delayed notice’ where an ‘adverse result’ is apprehended such as (A) endangering the life or physical safety of an individual; (B) flight from prosecution; (C) destruction of or tampering with evidence; (D) intimidation of potential witnesses; or (E) otherwise seriously jeopardizing an investigation or unduly delaying a trial. Title 18,2705., Available at: http://www.law.cornell.edu/uscode/18/usc_sec_18_00002705----000-.html [Accessed June 28, 2011].

[39].Ministry of Communications & IT. Letter to All Internet Service Providers. “Instructions under the ISP License regarding provisioning of Wi-Fi internet service under delicenced frequency band”, February 23, 2009. http://www.dot.gov.in/isp/Wi-%20fi%20Direction%20to%20ISP%2023%20Feb%2009.pdf (last visited Jun 30, 2011). Internationally, this does not appear to be an uncommon move. See Thompson, C., 2011. Innocent Man Accused Of Child Pornography After Neighbor Pirates His WiFi. Huffington Post. Available at: http://www.huffingtonpost.com/2011/04/24/unsecured-wifi-child-pornography-innocent_n_852996.html [Accessed June 30, 2011]. (“In Germany, the country's top criminal court ruled last year that Internet users must secure their wireless connections to prevent others from illegally downloading data. The court said Internet users could be fined up to $126 if a third party takes advantage of their unprotected line, though it stopped short of holding the users responsible for illegal content downloaded by the third party.”).

[40].INFORMATION TECHNOLOGY (GUIDELINES FOR CYBER CAFE) RULES, 2011., G.S.R. 315(E) (2011), www.mit.gov.in/sites/upload_files/dit/files/GSR3_10511(1).pdf (last visited Jun 30, 2011).

[41].See State Of Maharashtra v. Natwarlal Damodardas Soni AIR 1980 SC 593 , 1980 SCR (2) 340.

[42].Supra note 15.

[43].Manocha, S., 2009. Cops no more interested in checking cyber cafes. Times Of India. Available at: http://articles.timesofindia.indiatimes.com/2009-08-03/lucknow/28172232_1_cyber-cafe-proper-records-ip-address [Accessed June 28, 2011]. (The cyber cafe owners claim that the registers which they maintain are seldom checked by the police. "I maintained the records properly which included recording of the name and address of the visitors and a photocopy of their identification proofs but not even once any cop had checked my records," said Rajeev, a cyber cafe owner in Aliganj. "It is this carelessness on the part of cops that gives those not maintaining proper records to carry on their business without any fear of the law," he added).

[44].Barrett, S., 2010. Blogger News Censored In India. Blogger News Network. Available at: http://www.bloggernews.net/124890 [Accessed June 28, 2011].

For more details visit https://cis-india.org/internet-governance/ip-addresses-and-identity-disclosures

Financial Inclusion and the UID

elonnai hickok — 2011-08-23T10:36:31Z

Since 2009, when Nandan Nilekani began to envision and implement the Unique Identification Project, the UID authority has promoted the UID/Aadhaar scheme as a tool of development for India - arguing that an identity will assist in bringing benefits to the poor, promote financial inclusion in India, and allow for economic and social development. In this blog entry I will focus on the challenges and possibilities of the UID number providing the residents of India a viable method of access to financial services across the country.

Why the UID could bring financial inclusion

In their strategy document “Exclusion to Inclusion with Micro payments” the UIDAI argues that a few of many challenges to successful financial inclusion in India for the poor have been: lack of identity, lack of accessibility of financial outlets, unreliability of infrastructure, high costs of banking, and the common presence of a middle man. For Indian banks the UID sites challenges such as: the high cost of transactions for banks servicing clients in rural areas, lack of infrastructure, costly processes of cash management, and high costs of IT.(UIDAI, 2010)The UID's solution to these obstacles is a system of financial services and micro payments based off of an individuals UID number, in which an individual with a UID number would be able to: open a bank account, make a payment, withdraw money, deposit money, and send remittances. The hope is that this system will allow banks to scale up their branch less banking, and reach out to larger populations. Residents having a bank account linked to their UID number is also key to the UID's larger scheme for subsidy delivery to the poor. Until all consumers who rely on government subsidies have a bank account linked to their UID number, the UID will not be able to implement a system of direct transfer of cash subsidies.(CNBC-TV18, 2011) For example, the UIDAI has started conducting a pilot disbursement of funds under the Mahatma Gandhi National Rural Employment Guarantee Scheme (MNREGS) to Jharkhand through Union Bank, ICICI Bank and Bank of India branches.(IBN-Live, 2011)

How the UID will bring financial inclusion

In their vision, the UIDAI has designed a system that involves bank branches enrolling individuals, bank branches establishing relationships with BC organizations, the use of Micro ATM's, and the use of the UID numbers for authentication in all financial transactions. In short the system of financial inclusion would work as follows:

Step 1. Enroll and obtain UID number

An individual enrolls for a UID number. During enrollment an individual shares his/her KYC information with the UIDAI. The UIDAI verifies the individuals KYC information, along with their other information, and issues the individual a UID number. If an individual already has a bank account at the time of enrollment they have the option to link their UID number to their bank account [1]

In India every bank must verify and confirm an individuals KYC information. This is to help reduce tax evasion and fraud. In December 2011, India's Ministry of Finance recognized the Aadhaar number has an officially valid identification to satisfy the KYC norms for opening bank accounts. By verifying an individuals KYC information at the enrollment stage the UIDAI is hoping reduce the amount of paperwork and time needed for an individual to open a bank account. In addition to satisfying KYC norms, the Government of India has also recognized the Aadhaar number as an acceptable form of identity for the purpose of obtaining a mobile connection. By having the UID number accepted for establishing both mobile connections and bank accounts, financial inclusion through mobile banking is encouraged as it allows for individuals who previously had no identity, to join the financial system and mobile network – thus allowing bank accounts to be more accessible than before, and aiding banks by simplifying the process of account opening.(Akhand Tiawari, Anurodh Giri, 2011)

Step 2. Open UID Enabled Bank Account
Now that the individual has a UID number they can open a bank account by presenting their UID number and thumb print to the bank branch for authentication. Currently the one bank enrolling citizens and issuing UID numbers and UID based ATM cards is the Bank of India.(Aggarwal, 2011) Bank of Maharashtra, State Bank of India and Indian Overseas Bank are currently waiting for approval from the UIDAI.(Chavan, 2011) In this scenario the UID number will be the only form of identification needed to open a bank account.

3.Make financial transactions with UID number
Once a UID Enabled Bank Account (UEBA) is opened, individuals can begin making financial transactions using their UID number and fingerprint. Individuals can access their UEBA through BC institutions. With a UEBA individuals have the option of using four basic banking services:

Store cash for savings through electronic deposits and withdraw only small amounts of cash
Make payments
Send and receive remittances
Acquire balance and transaction history

Transactions completed through the UID-enabled bank account work similarly to a prepaid mobile system. BC organizations, or Bank Correspondents, are organizations such as SHGs, kirana stores, dairy agents that larger banks develop a business relationship with. The BC organizations handle all transactions at the local level. Using BC organizations as financial outlets is meant to increase the penetration of financial outlets and make financial services more accessible in rural areas. How the process works is: a BC institution begins by depositing a certain amount of money with a larger banking institution. This ‘ prepaid balance’ paid by the BC institution changes with every transaction the BC institution makes. For example, when an individual makes a deposit it decreases as that money is then transferred into an individuals account, and increases when an individual withdraws money, because of the transaction fee that is charged to the individual. When the individual is making a deposit, he pays physical cash to the BC, who in turn makes an electronic transfer from the BC account to the individual's account. When making a withdrawal, the electronic transfer is made from the individual's account to the BC account, and the BC hands out physical cash to the customer, (UIDAI, 2010).

The micro ATM that is to be used at BC institutions is a hand held device, in this case a mobile phone, attached to a finger print reader. The micro ATM is meant to replace larger ATM’s and reduce the cost that banks incur when establishing full fledged ATM machines. The hand held device will be remotely accessed to the central server of the bank. Currently Italian tech company Telit Communication SpA, is hoping to provide the GSM wireless M2M modules that will allow the wireless device and the wired server to communicate with each other. (Kanth, 2011) The most significant difference between the micro ATM system and the traditional ATM system is that the BC employee executes the transaction.

Though having BC employees carry out financial transactions might eliminate the possibility of a fraudulent ATM being set up, it opens many possibly corrupt doors. How will it be ensured that the transaction is completed without fraud, and how can it be ensured that the Micro-ATM is not fraudulent, or that the BC organization itself is not fraudulent. Though this scenario might sound unlikely, the UID has already experienced difficulties with fake enrollment centers being set up, such as in Pune. (Gadkari, 2011), fake UID papers being issued, as was done in Patna(Tripathi, 2011) and enrollment centers illegally outsourcing work, as the IT company Tera Software was found doing (Prajakta, 2011). If these scenarios have all been tried, it is not unreasonable to see the same being tried with financial institutions.

Challenges to a system of authentication for financial transactions with the biometric based UID number

Not withstanding the fact that financial inclusion cannot be achieved only through an identity, focusing on the identity component of financial inclusion - in the report Low Cost Secure Transaction Model for Financial Services, published by Nitin Munjal, Ashish Paliwal, and Rajat Moona, from the Indian Institute of Technology, the authors note that present challenges in India to financial inclusion through access to financial institutions include(Munjal, Nitin Paliwal, Ashish Moona, 2011):

Currently financial transactions require network connectivity to take place. For financial transactions made in rural areas this has lead to both high costs for each transaction and to high fixed IT costs.
Current financial schemes such as mobile banking depend on network connectivity, making the network indispensable, yet 70% of the Indian population is rurally located with limited or no network connectivity.
Current financial service outlets are densely located in urban areas and not rural areas. Rural populations are financially excluded, as in most cases the completion of financial transaction require the presence of financial outlets.
Currently there are no easy safeguards to protect against fake ATMS or fraud, because the current Financial Service Model is based on blind trust of the service outlet – this allows for high rates of fake ATM’s being installed and fraud.
For an individual to access financial services, an identity is required. In most cases the poor lack an identity.

Clearly there are many obstacles that the UID identity card must overcome to successfully authenticate individuals in financial transactions and facilitate financial inclusion. For the system to be successful the UID must at the minimum do the following:

Accurately generate unique numbers
Capture accurate personal information
Ensure security of the database
Ensure that the technology is secure and accurate
Ensure that only necessary information is collected
Verify BC centers
Provide a secure network that can handle large numbers of transactions

Possible ways in which the system can go wrong include:

Inaccurate authentication
Delays in authentication
Fraud at the level of the BC institution
Over collection of personal information by banks
Linking of databases by banks, or other agencies
Network failure
Down time of the database

Though UID enabled bank accounts have yet to be officially established the UID is already experiencing many of the listed difficulties. For instance, in an Indian Express article published on June 15th, it was reported that banks are issuing additional UID forms that ask if individuals have credit cards, operate mobile or internet banking accounts, own a two wheeler or four wheeler, or live in a rented or personally owned accommodation. (Indian Express, 2011) Even more alarming is a recent news item from the Deccan Herald, which details the efforts that have been taken by NATGRID to access banking clients personal information, and NATGRID's proposal to tie banking information to a linked database containing information from bank accounts, railways, airlines, stock exchanges, income tax, credit card, immigration records, and telecom service providers. (Arun, 2011)The banks
have refused to give NATGRID access to clients personal information, but the ease at which NATGRID could track and collect information about individuals with the UID is chilling – especially if the UID is linked to almost every bank account in India. Several news reports have also shared experiences of confusion, inconsistent requirements, and unorganized enrollment centers, which place doubt in the accuracy of the information collected and the accuracy of the UID numbers issued.(Tripathi, 2011).

Looking at the technology and operational design of the UEBA system, though the scheme relies on mobile networks, it fails to eliminate the need for connectivity to the central server, because authentication of individuals biometric must be done through comparison of one fingerprint to the central server of all fingerprints. This will not only complicate the effectiveness of delivery of services, as it is possible for connectivity to be limited and slow, but it will also incur large network overhead costs for each transaction that is verified. Furthermore, even though the use of BC institutions as financial service outlets is meant to increases the availability of financial outlets, a dependency is created on BC institutions – as they must be present for any financial transaction to take place.
Additionally, individuals have no way of authenticating and verifying BC institutions. As mentioned earlier this allows for possible scenarios of fraud. Additionally, the UID has not provided any alternative method of identification in the case that the network or technology fails, or if an individuals biometrics are incorrectly rejected.

Could the SCOSTA standard be an option?

Many developing countries, like Kenya and Brazil, that face similar challenges to financial inclusion have looked towards smart cards as secure methods for authenticating individuals. In 2003 India also implemented a smart card approach to identity management. The SCOSTA standard smart card was introduced with the MNIC national identification scheme. Though the scheme was eventually dropped by the Indian Government, the SCOSTA smart card standard is still a valid option for authentication of individuals in financial transactions. A SCOSTA standard based approach for financial inclusion would include:

Authentication of an individuals key, pass-phrase, and pin. This is known as public keyinfrastructure. This will allow a person to protect their password and easily replace it if stolen.
Authentication through public key infrastructure would not depend on connectivity to thenetwork. This would allow for financial inclusion of populations not connected to networks and not be fully dependent on working networks.
Authentication through public key infrastructure establishes mutual trust of user and institution. This would lower the presence of fraudulent institutions and corrupt transactions.
Connection to a central server is not required for the authentication of an individual in a financial transaction. This will lower the cost of transactions and lower IT overhead costs (ibid Munjal, Nitin Paliwal, Ashish Moona, 2011)

Conclusion

Though it is hard to say that a fool proof system of authentication can easily be made, and that system will indeed promote financial inclusion, when comparing the biometric UID number with the SCOSTA standard smart card, there are many benefits to the SCOSTA standard such as ability of individuals to verify banking institutions, no need for connectivity to the central server, and the ability to easily replace lost or stolen pins and passwords. No matter what standard is implemented though, it is important to clearly look at the current implementation, technological, and operational challenges that identification schemes face and the possible ramifications of such challenges before adapting it as a ubiquitous system.

For more details visit https://cis-india.org/internet-governance/privacy_uidfinancialinclusion

Indian super-cops now patrol the www highway

praskrishna — 2011-08-19T06:48:48Z

There's discontent brewing in the Indian cyberspace. And it has to do with the government blocking content that it deems "objectionable". What has raised hackles of Internet freedom activists is a new set of rules that allow Internet service providers (ISPs) and blogging sites to remove "objectionable" content from the Web.

This Wednesday, in a written reply, minister of state for information and technology Sachin Pilot told the Lok Sabha that the recently notified rules under the IT Act to regulate the use of Internet, "don't give any power to the government to regulate the content"? Pilot added that the rules did not raise issues "pertaining to privacy and violation of freedom of speech and expression."

Are the rules likely to affect you and I? They may have already begun do so. Last fortnight, when surfers went on to popular file-sharing sites to download clips of a new Bollywood release, what they got instead was a screen with the message: This site has been blocked as per instructions of the Department of Telecom.

The fine print

The new rules demand that the intermediary notify users not to publish or use information that is derogatory, abusive, insulting or which violates intellectual property rights or impacts the sovereignty of the nation. In a country that has 81 million Internet users, this can never be easy.

The rules put the onus of intercepting, blocking and removing objectionable content on intermediaries — telecom service providers, search engines, social networking sites and online payment sites — turning them into super-cops of the Web. "Although the Act is an improvement on the previous one, the rules put too much onus on intermediaries," says Dr Subo Ray, President, Internet and Mobile Association of India (IAMAI). "The intermediaries have become the judge, the jury and the executioner," says Ray.

In a nation where social mores are in a flux, interpretation of what is objectionable under the new rules is wide and subjective, says technology lawyer Rodney D Ryder. "Content deemed 'disparaging', 'harassing', 'blasphemous' or 'hateful' can be blocked. But who will decide what is disparaging?"

The worst bit about such censorship, says Nikhil Pahwa, editor of Medianama, a portal that discusses issues related to digital media, is its opacity. "It is a distress signal for civil liberties and India's version of Egypt's kill-switch. With the UID, the government would know who I am. With the help of telecom operators, they can track me within 50 metres and with my mobile number, snoop in on my conversations. On top of that, do we need Internet rules that don't have a provision of appeal?"

Ryder concurs: "The regulations do not even provide a way for content producers to defend their work or appeal a decision to remove content. This is against the principles of natural justice."

The rules are a case of deceptive legislative drafting says cyber lawyer Pawan Duggal, chairman of Assocham's cyber law committee. "The provisions hide more than what they disclose. Cosmetically, the new rules says that if you are an intermediary, then you shall not be liable for any third-party data, information or communication link made available or hosted by you. Provided, and this is crucial, you follow a number of stringent conditions."

Duggal says many intermediaries in India are not aware of these conditions. "An intermediary will not be liable for any third-party data made available or hosted by it, provided it complies with the law, exercises due diligence, does not abet, conspire or play an active role in a criminal activity and further, provided that once it is notified of any offending activity, removes or disables access of the said offending content expeditiously. If it fails to fulfil one of the conditions, it is open to criminal exposure and civil exposure upto unlimited damages by way of compensation."

Is it gagging net freedom?

In China and Saudi Arabia, governments routinely censor content and redirect search requests to error pages. In Vietnam, bloggers who criticise the government are sometimes arrested. And in Cuba, there is talk of creating "a national Internet". Still, any talk of comparing India with these restrictive regimes is alarmist and stupid, says Ray of IAMAI.

But over the past few years, the government has been gradually building censorship muscle over the Internet, say activists. In 2006, it blocked Typepad, the blog hosting service and a bulk SMS site.

A right to information plea filed by the Bangalore-based Centre for Internet and Society reveals the government blocked 11 sites between 2008 and 2011 (see box). These range from sites hosting the predictable girl wallpapers and Kamasutra to blogs discussing the freedom of speech.

Yet, in his written reply to the Lok Sabha, Pilot insisted that the rules "do not give any power to the government to regulate the content".

If this sparks any discontent in you about privacy, freedom of speech and civil liberties, think twice before sharing the content on the Internet.

This article by Aasheesh Sharma was published in the Hindustan Times on August 6, 2011. The original can be read here.

For more details visit https://cis-india.org/news/indian-super-cops-patrol-www-highway

'Privacy Matters' Chennai

elonnai hickok — 2011-09-22T10:17:28Z

Privacy India invites individuals to attend “Privacy Matters”, a one day conference on August 6th 2011 at the Madras Institute of Development Studies, Chennai. Privacy India, Society in Action Group, IDRC, the Centre for Internet & Society, Citizen consumer and civic Action Group, and Madras Institute of Development Studies, Chennai have joined hands to organize this event.

The conference will focus on discussing the challenges to privacy that India is currently facing, with a focus on consumer privacy and telecommunications and privacy. The right to privacy in India has been a neglected area of study and engagement. Although sectoral legislation deals with privacy issues, e.g., the TRAI Act for telephony or RBI Guidelines for Banks, India does not as yet have a horizontal legislation that deals comprehensively with privacy across all contexts. This lack of uniformity has led to ironically imbalanced results. In India today one has a stronger right to privacy over telephone records than over one’s own medical records. The absence of a minimum guarantee of privacy is felt most heavily by marginalized communities, including HIV patients, children, women, sexuality minorities, prisoners, etc. – people who most need to know that sensitive information is protected.

The emergence of information and communications technologies over the past two decades has radically transformed the speed and costs of access to information. However, this enhanced climate of access to information has been a mixed blessing. Whilst augmenting our access to knowledge, this new networked information economy has also now made it much easier, quicker, and cheaper to gain access to intimate personal information about individuals than ever before. As people expose more and more of their lives to others through the use of social networks, reliance on mobile phones, global trade, etc., there has emerged a heightened risk of privacy violations in India. As privacy continues to be a growing concern for individuals, nations, and the international community, it is critical that India understands and addresses the questions, challenges, implications and dilemmas that violations of privacy pose.

Who We Are

Privacy India was set up in collaboration with the Centre for Internet & Society (CIS), Bangalore and Society in Action Group (SAG), under the auspices of the international organization ‘Privacy International’. Privacy International is a non-profit group that provides assistance to civil society groups, governments, international and regional bodies and the media and the public in a number of countries (see www.privacyinternational.org). Its Advisory Board is made up of distinguished intellectuals, academicians, thinkers and activists such as Noam Chomsky, the late Harold Pinter, and others, and it has collaborated with organizations such as the American Civil Liberties Union (ACLU).

Agenda

Consumer Privacy

9:30 am - 5:00 pm

Time	Session
9:30 10:00	Registration
10:00 10:30	Welcome Saroja is a lawyer and is the co-ordinator at Citizen Consumer and Civic Action Group (CAG), which is a 26 years old non-profit, non-political,professional organization working towards protecting citizen’s rights in consumer and environmental issues and promoting good governance including transparency, accountability and participatory decision making. Introduction to Privacy India Prashant Iyengar is a practicing lawyer and lead researcher for Privacy India. He will present who Privacy India is, and the objectives of Privacy India's research. His presentation will focus on discussing privacy and telecommunications.
10:30 11:00	Key Note Address Dr. Santosh Babu is the Secretary of IT for the Tamil Nadu Government. He has started many e-governance projects within the government and has experience in advocacy rights for children and gender issues. His presentation will focus on sharing how privacy is understood and viewed by the Tamil Nadu government. Sashi Kumar Menon is a film maker, founder Chairman of theMedia Development Foundation, and founder President of Asianet. He has also authored and presented multiple television shows including Money Matters and Tana Bana. His presentation will focus on looking at the relationship between the media and privacy. R. Ramamurthy, is the Chairman, Cyber Society of India, and has over three decades of experience in Information Technology, and is a member of the technology committees CII and FICCI. In his presentation he will discuss the global perspectives of data privacy.
11:00 11:30	Tea Break
11:30 12:45	Session I Privacy and Telecommunications Mrs.Desikan is the Founder Trustee of Consumer Association of India, Chennai. In her presentation she will focus on discussing privacy and telecommunications in India. She will look at the threats to privacy that telecommunications pose, and the current protections over communications that India has in place. Usha Ramanathan is a practicing lawyer and civil rights advocate. Her presentation will focus on privacy and telecommunications from a legal perspective, as well as discussing the recently leaked Privacy Bill. Discussion
12:45 1:00	Privacy and Financial Transactions R. Sundarajan is an associate professor of information at the New York University. He has published multiple articles on issues related to IT. In his presentation he will be discussing the risks to privacy that financial transactions pose, and the safeguards that India has in place to protect ones privacy in financial transactions.
1:00 2:00	Lunch Break
2:00 2:45	Session II Privacy and Consumer Rights Dr. Revathi is an Associate Professor at the Dr. Ambedkar Law University in Chennai. In her presentation she will look at both the social and legal concept of consumer privacy in India, and how as consumers we are always exchanging personally identifiable information, and thus our privacy is always at risk. Mr. S. Martin, Advocate and Consumer Activist will speak on consumer rights, privacy, and the law. His presentation will focus on looking at what legal protections exist in India for consumers.
2:45 3:00	Discussion
3:00 4:00	Session III Privacy and Basic Rights/Needs Dr. N Manimekalai is the head of the gender studies department at the Bharabidasan University in Trychy. In her presentation she will seek to understand privacy from a perspective of individuals basic rights &needs. Specifically she will look at what is the connection between privacy and gender rights. R. Geetha is a trade unionist and feminist with Nirman Mazdoor Panchayat Sangam. She has worked closely with issues relating to labour rights and gender for more than three decades, and her presentation will focus on looking at how protecting labour rights of individuals also can work to protect their privacy.
4:00 5:00	Open Discussion and Question

See Dr. N.Manimekalai's presentation here

Read the full report here

VIDEO

For more details visit https://cis-india.org/internet-governance/events/privacymatterschennai