Centre for Internet and Society

No access to pornography in cyber cafes, declare new rules

praskrishna — 2011-05-01T01:09:50Z

Fresh guidelines, which are part of Information Technology (guidelines for cyber cafe) Rules 2011, will require cyber cafe owners to "tell users" not to surf websites that contain "pornographic or obscene material". Experts termed the rule arbitrary, saying that watching pornography is not an offence in India. This article by Javed Anwer was published in the Times of India on April 26, 2011.

According to the rules notified on April 11, all cyber cafes in the country will have to register with an "agency as notified" by the government. While some of the guidelines deal with the security threat posed by "anonymous internet users", most aim to make sure that people don't use cyber cafes to access pornographic material.

Pawan Duggal, a lawyer who specializes in IT laws, said the new guidelines were arbitrary. "Watching pornography is not illegal in India," he said. "It's absurd to ask cyber cafe owners to tell their customers not to access pornographic material even as law allows individuals to access adult websites unless it's not child pornography. The new rules require a second look."

The new rules suggest cafe owners install filtering software and keep a log of all websites accessed by customers for at least one year. Cafe owners have also been asked not to build a cabin/cubicle with a height of more than four and half feet. In a cyber cafe where there are no cubicles, "owners will have to place computers with the screens facing outward" or towards open space. The move is aimed at reducing privacy a cyber cafe user can get.

Duggal said if implemented earnestly, the new rules will put most of cyber cafe owners out of business.

Internet activists termed the guidelines "unconstitutional". Pranesh Prakash, a programme manager with Centre of Internet and Society, said the rules will violate privacy and will hamper internet users' ability to freely express themselves.

The new rules make it mandatory for user to carry an identity card. Cyber cafe owners have been asked to give user logs to the "registration agency" every month as well keep these records along with the log of websites accessed at the cyber cafe safe for a period of one year. A few cafe owners said that technically, it would be a daunting task to keep a record of every website accessed using their computers for a year.

While minors, if carrying identity cards have been permitted to use computers in a cyber cafe, they won't be allowed inside cubicles if not accompanied by guardians or parents. There is also provision of photographing cyber cafe users using a webcam or other device. The photographs will have to be authenticated by the user. Prakash said that photographing users raises serious privacy questions, especially in the case of children.

Read the original article published by the Times of India here

For more details visit https://cis-india.org/news/no-pornography-in-cyber-cafes

The world is your oyster, by invitation only

praskrishna — 2011-05-01T01:40:59Z

Recent trends show the world of social networking actually reflects the social divides and groupings in the real world. This article by Shreya Ray was published in the Livemint on April 26, 2011.

Looking for love and thinking it’s a shame someone as gorgeous as you is single? Worry not, for Beautifulpeople.com is here. The UK-based site guarantees beautiful singletons a chance to find “beautiful relationships” through their network. The homepage gives you a little snapshot into what they are all about. A cluster of model-like people, different ethnicities and yet, ironically, strikingly similar in their Anglo-Saxon good looks: high cheekbones and sharp noses. Membership is open for all with one caveat: The photo you submit must first be rated by your peer group (that is, the people already deemed “beautiful” by the website), only then do you get admission.

Based on a similar principle of peer-group approval is Facebook’s Compare People application, where you rate friends based on their smile, eyes, sex appeal, profile picture (and other school-report card qualities such as “helpfulness”). And then, of course, there are quizzes such as “How Beautiful Are You”, in which too your final score is based on where you stand vis-à-vis other people in the network.

To be fair, this isn’t just a fetish of the beautiful and those who want to officially belong to “beautiful-only” groups. Because, in just the same way, the social networking world is just as populated by people wanting to either be part of “rich-only” (Affluence.org) or “smart only” (Epernicus.com, for researchers) groups, and most recently, the India-based Vagad Visible (Vagadvisible.com, for the Vagads, a small clan within Kutchi Jains), among others. The world of social networking is about everyone wanting to be something “only” and in that sense, to quote Chicago-based social networking expert David Armano, it is “less about being social”.

Exclusivity: The invite-only system allows social networks and other Web platforms to control and stagger the growing load on their infrastructure. Raajan/Mint

Unsocial networking

One of the latest improvements on Facebook towards the end of 2010 was the option that allows you to edit friends with hyperactive user activity (people who are forever cluttering your page with Farmville updates or quizzes) and “hide” such user activity from your feed. “On Facebook, groups are smaller gatherings, individuals which are invite-only. On Twitter, users create lists to help them filter out signal from noise. Lists on Twitter are not really about exclusivity, but they do say something about how people desire to extract more value from a network,” says Armano, in an email interview.

Sunil Abraham, executive director of the research institute Centre for Internet and Society, Bangalore, says the “hierarchy on the online attention economy often reflects the class and social divides in the real world”.The term attention economy was first used by Michael Goldhaber in December 1997 to describe a new arrangement in which the “flow of attention” metaphorically replaced money as the currency of the Internet.

Quantitative research in the Philippines has shown that rich people are less likely to respond to messages that say “will you be my friend”, he adds, citing the work of researcher Raul Pertierra. “On Facebook, the act of friending someone may appear symmetric. But privacy settings on content, groups and feed configurations may be used to fine-tune the exact power dynamics of the relationship. In platforms such as Twitter, the asymmetry is explicit: For example, Twitter, where I can follow you but you need not follow me,” he says.

Technology has aided this aspect of exclusivity. “There are now beta releases of social software which typically get released to a smaller group of influential and digital savvy individuals. There are now services such as Klout that partner with brands to reward individuals who have the largest social graphs,” adds Armano. Klout measures your overall online influence using over 35 variables on Facebook and Twitter and rates you as True Reach, Amplification Probability, and Network Score.

The other way of practising exclusivity—unlike Facebook, Twitter and other “open” networks—is to just come out and say it: invite only. Beautifulpeople.com will only admit you on the basis of your looks; asmallworld (Asmallworld.net), becoming increasingly popular among the First World swish set, can only be accessed by invitation; and Affluence.org very categorically states it is a place for wealthy individuals to “connect” (membership is free but requires a verifiable minimum household net worth of $1 million, or Rs. 4.5 crore) and “engage in meaningful conversations”. There are others that are slightly work oriented: The Behance network (Behance.net) is a place for creative professionals and you have to seek a membership invitation by describing your creative work. Sermo (Sermo.com) is a place for physicians to “share medical insights”.

Vahad Visible is completely restricted to the Vahad community (a user’s credentials are authenticated by a phone interview and other records), and is social networking meets matrimonial meets classified ads.

The why

There are many reasons for this exclusivity. First, technical. “The invite-only system allows social networks and other Web platforms to control and stagger the growing load on their infrastructure,” says Abraham.

There is also a marketing and commercial aspect to it. Affluence.org, for instance, provides a forum for “exclusive, high quality content and advice from experts on subjects such as art, technology and travel”. Similarly, asmallworld has advertisements for accommodation (it also doubles up as a couch-surfing site of sorts, only these are all rich people living in the First World), among others. Both the technical and the commercial aspects, however, are tied to the larger, that is, sociological aspect of exclusivity. For instance, the “invite-only” system also creates a sense of exclusivity and then drives registrations, says Abraham.

Sociologically, the recipient of this exclusivity, according to Armano, “feels special and rewarded for their social status”. “Those who deal in exclusivity are looking to create smaller “higher quality” networks of individuals who they deem are connected in a way which benefits them,” he says. The way we configure our social network and allow access to our feeds on Twitter or the Facebook page are based on our individual priorities and objectives. “Exclusive social networks are meant for those with overlapping priorities and objectives. The generic social networking websites are meant for finding long-lost classmates and friends and weak ties in general. Exclusive social networks are for accumulating new contacts and building strong ties,” says Abraham.

The dichotomy about social networks, adds Armano, is that “in theory, they flatten social norms” and also make certain things more accessible—like personal publishing. “However, networks do not guarantee that you will find yourself in the desirable social circles. You still have to do that the old-fashioned way—networking,” he adds.

Read the original article published by Livemint here

For more details visit https://cis-india.org/news/world-is-your-oyster

CDT Provides Answers to Questions on Internet Neutrality

pranesh — 2012-06-04T05:56:46Z

Pranesh Prakash of CIS asked David Sohn of CDT a few pointed questions on the emerging hot topic of 'Internet neutrality', and received very useful responses. Those questions and Mr. Sohn's responses are documented in this blog post.

As part of the Centre for Democracy and Technology's (CDT's) excellent "Ask CDT" initiative, we were provided the opportunity to clear up some of our doubts around "net neutrality" (which CDT prefers referring to as Internet neutrality rather than network neutrality) by asking an expert: David Sohn, CDT's Senior Policy Counsel. Reproduced below are the questions that I asked (inset and in gray), and David's replies (provided below each question). Some of the questions I asked below were doubts that I had, while some others are instances of donning the roles of devil's advocate. We hope this will be helpful in clarifying doubts that some of the readers of this blog have had as well.

1a. "As far as I can understand, content distribution networks (CDNs) such as Akamai, don't really fall within your understanding of violations of Internet neutrality. Why not? In what cases is 'spending more to get faster speeds' permitted for content hosts? Since not only specialised companies like Akamai, but regular Tier 1 companies like Level3 and AT&T also engage in CDN-like behaviour, does it make it more liable to illicit/underhand/non-transparent service differentiation techniques?"

1a. That's correct, CDNs don't violate either Internet neutrality principles or the FCC's recent rules. I talked about this at some length in a blog post a couple years ago. The short answer is that Internet neutrality does not aim to guarantee that all online content and services will work equally well, but rather to prevent ISPs from exercising "gatekeeper" control with respect to their subscribers. Thus, content providers who have money can purchase various advantages -- for example, more or better servers, upgraded software, or caching services from a CDN such as Akamai. Significantly, things like servers and caching are available from competitive sources; no supplier has gatekeeper control. In contrast, priority treatment on the transmission facilities serving any given Internet user is an advantage that only that user's ISP could provide. Another difference is that when one content provider purchases caching, it doesn't slow anybody else's traffic (indeed, it could speed it up, since it may help reduce overall network congestion). By contrast, when an ISP designates favoured traffic for priority transmission, non-favoured traffic by definition is de-prioritized. Think about a line of "bits" waiting in a router queue -- if you let some bits "cut in line," it inevitably lengthens the wait for those who don't get to cut. Given CDT's general comfort level with CDNs and the existence of competitive offerings in the marketplace, I'm not too concerned about who provides the service (Akamai, Level3, AT&T, etc.). It doesn't seem to be a case of the ISP leveraging its unique control over access to subscribers.

1b. "A large part of the claims of Internet neutrality supporters are founded on the basis of 'dumb networks', which can also be seen as a reformulation of the end-to-end principle. A question arises, which is often posed by the likes of Dave Farber, Bob Kahn and Robert Pepper: why should we stick dogmatically to the end-to-end principle when embedding 'intelligence' in the core is/will soon be a viable option *without* jeopardising the simplicity of the Internet? If you are fine with CDNs, then are you fine with a partial supplanting of the dogmatism of the end-to-end principle (because, after all, CDNs are in a sense, intelligence in the core rather than in the edges)?"

1b. I don't think that supporting Internet neutrality requires a dogmatic opposition to any and all built-in "intelligence" in the network. Certainly a strong case can be made for handling certain network management matters, such as some cyber security issues, at the network level. I get concerned on neutrality grounds not by the mere existence of "intelligence" in the core, but by the use of that intelligence to make judgments and decisions about which applications and services are most important or most in need of special treatment -- as opposed to remaining application-agnositic or, in the alternative, leaving the decision to end users. Intelligence that is put in the service of end users, allowing the users themselves to make judgments about what to prioritize, does not concern me at all. But if the network-level intelligence results in broader reliance on centralized evaluation and categorization of the type or content of Internet communications, and centralized decisions about what to favor or disfavor, then I think it poses a neutrality problem. The bottom line is, the idea that networks could benefit from some built-in intelligence does not argue for giving ISPs unbounded discretion to discriminate among traffic. Indeed, a network that empowered users themselves to determine the relative priority levels of their traffic based on their individual needs would be far "smarter" than on in which ISPs make broad, across-the-board choices.

2. "What is the bright-line rule that separates some IP-based networks that are 'private' (and hence free to do as they please), and others that are part of the 'Internet' (and hence need to follow Internet neutrality)? Where does IPTV fall? (While answering that question, think not only of present-day IPTV, but keep in mind its potential applications.) Where do 'walled gardens' of the WWW fall?"

2. In CDT's view, Internet access service provides a general-purpose ability to send and receive data communications across the Internet. Other services could be exempt from neutrality rules if they serve specific and limited functional purposes and have limited impact on the technical performance of Internet traffic. CDT's comments to the FCC went into considerable detail -- see, for example, the comments we filed in October. The FCC rules took a similar but not identical tack, saying that Internet access services are services that provide the capability to send and receive data "from all or substantially all Internet endpoints" or that provide a functional equivalent of such a service. In any event, the question of how clear the line is between Internet access services that are subject to neutrality rules and other services that are not is an important one that will bear close watching over time. As for IPTV, it offers a specific function -- access to video programming -- rather than general purpose access to the entire Internet. So IPTV can be distinguished from Internet service. As for "walled gardens," it likely would depend how large the garden is. If the garden seeks to offer a wide enough variety of sites that it can be used as a substitute for Internet access, then the FCC could choose to apply neutrality rules. At some point, a garden can become big and general-purpose enough that it is effectively serving as a non-neutral version of an Internet access service. That kind of end-run around neutrality rules shouldn't be allowed.

3a. "Should Internet neutrality be kept at the level of non-enforceable (but still important) enunciation of principles, or should they be enforceable laws? In either case, who has the authority to regulate Internet neutrality, given the non-territoriality of the 'Internet' (and especially keeping in mind the direction that ICANN's been taking with things like the Affirmation of Commitments). Why should the FCC have such powers? Why should any American governmental body have such powers?"

3a. It is important to have some enforceable rules. The FCC enunciated principles back in its 2005 broadband Policy Statement -- but when the agency tried to act after Comcast violated those principles, a court ruled that the FCC had no ability to do so. Enunciated principles are of little value if ISPs are free to violate them without consequence. For U.S. Internet users, I think the FCC is an appropriate agency in which to lodge the authority to police neutrality violations; the FCC has a long history of working to ensure that providers of physical communications infrastructure do not abuse their position. And since the focus is on the provisions of physical communications connections, I don't the the territoriality issue you raise is a major problem. The United States has the authority to establish rules for companies providing last-mile communications links to U.S.-based subscribers. The Internet is of course a global medium, but the endpoint connections have a clear geographic location.

3b. "If Internet neutrality is really about ensuring fair competition (so an ISP doesn't promote one company's content), then why not just allow competition law / anti-trust law to ensure that fair competition? What are the lacunae in global competition laws that necessitate the separate articulation of 'Internet neutrality' principles/rules?"

3b. The ability of antitrust law to protect Internet openness is pretty limited. Absent a clear anticompetitive motive, network operators likely could curtail Internet openness in a variety of ways without running afoul of antitrust law. Antitrust’s prohibition against anticompetitive conduct is a far cry from any kind of affirmative policy to preserve the Internet’s uniquely open network structure. Nor can antitrust law take into account the major non-economic reasons for maintaining an open Internet, such as the impact on independent speech and civic empowerment. Finally, as a practical matter, antitrust cases tend to drag on for many years. Individual innovators and small startup companies – key beneficiaries of Internet openness – are unlikely to be in a position to bring antitrust cases against major network operators.

4a. "One of the strongest arguments of anti-Internet neutrality folks is that adoption of Internet neutrality principles/rules will ensure that it is only the consumers who foot the bill for bandwidth consumption, and bandwidth hogs (like NetFlix) don't ever pay. This, they say, is unfair on consumers. How do you respond to this?"

4a. First, I question the statement that "bandwidth hogs like NetFlix don't ever pay." For starters, NetFlix buys a huge amount of bandwidth connecting its servers to the Internet. Once on the Internet, its traffic is carried onward pursuant to peering agreements between the ISPs and backbone providers. When NetFlix traffic volume grows, it may trigger new payment demands between carriers, as we've seen in the recent dispute between Comcast and Level3. But the bottom line is, nobody is forced to carry any traffic they haven't contractually agreed to handle. Of course, it is true that NetFlix doesn't make payments to (for example) AT&T for delivering NetFlix traffic to AT&T's customers. That might seem unfair if you think of NetFlix as a "bandwidth hog" eating up AT&T's capacity. I believe that is the wrong way to think about it. NetFlix has no ability to forcefeed traffic onto AT&T's network. Every bit it sends was requested by an AT&T subscriber. So if there are "bandwidth hogs" here, they are the end users -- they are the ones that pull all those bits onto AT&T's network. And they have already paid AT&T for the ability to get those bits. I would add that when individual users choose to download huge volumes, I have no problem with the ISP charging them more. Second, you suggest that it may be unfair to ask consumers to foot the full bill for their connectivity. But the Internet is such an open and innovation-friendly platform precisely because it is so user-driven. This user-centric focus could change if ISPs start thinking of themselves as providing services not just to end user subscribers, but also to non-subscribers such as large online content providers to whom the ISPs do not directly provide bandwidth. The ISPs would then have divided loyalties; rather than just focusing on empowering users, they would be collecting fees to steer users in particular directions. Sure, in other contexts there are examples of "two-sided markets" in which end users foot only part of the bill. Newspapers are often cited. But including paid advertising in newspapers doesn't have much impact in how the overall product is perceived or presented to users. In contrast, ISPs charging content providers for special transmission priority would be akin to a newspaper in which advertisers pay not just to place ads, but also to influence where the substantive articles appear -- which ones go on the front page and which on the interior, for example. In turn, content providers of all stripes would need to think about striking deals with multiple ISPs -- something that is not necessary today. In the end, turning the Internet into a two-sided market would make the medium dramatically less open, less innovative, and less empowering of users.

4b. "If a consumer wants a faster connection (to access content faster), she can get that by paying the ISP more and getting more bandwidth. If a business wants a faster connection (to deliver content faster), it can get that by paying the ISP more bandwidth. However, certain kinds of paying for faster delivery of content are sought to be curbed. Where should we draw that line? And Why should we hold on so dearly to a certain model of accounting for costs?"

4b. Consumers and businesses should be able to pay their respective ISPs for more bandwidth. I think that is very different from paying other people's ISPs for preferential treatment. The latter arrangement turns ISPs into gatekeepers with respect to their subscribers -- because once the quality of delivery depends on which content providers have struck a deal with the subscribers' ISP, every content provider needs to negotiate with that ISP in order to keep up with its competitors. We hold on to the Internet's model of accounting for costs because it is part of what makes the Internet such an open, innovative environment: content providers and innovators don't face the hurdle of having to negotiate deals with all their users' ISPs.

For more details visit https://cis-india.org/internet-governance/blog/cdt-internet-neutrality

The Gary Chapman International School on Digital Transformation — Deadline Expires on April 30

praskrishna — 2011-04-26T06:23:02Z

The application period for the Gary Chapman International School on Digital Transformation is now open! The deadline for applications is April 30, 2011.

The UT Austin Portugal program is now accepting applications for the third annual International School on Digital Transformation, to be held July 17-22 in Porto, Portugal. Advanced students and emerging professionals, social entrepreneurs, and activists from around the world with an interest in digital technology and the enrichment of civil society are invited to apply.

For the past two years, this intensive residential program has brought together scholars, policy experts, community advocates, designers, and hackers to explore the potential for digital media to empower citizens, strengthen communities, and contribute to a more vibrant civil society. The School is named for Gary Chapman, an internationally renowned Internet policy expert and member of the faculty at the LBJ School of Public Affairs at UT Austin who founded this innovative program and passed away suddenly last year. His life continues to inspire the School.

The School is conducted in English and in previous years has attracted faculty and participants from Portugal, South Africa, Finland, India, the U.K., the U.S., and Brazil, among many other countries. During the week, innovators in digital communications serve as teachers and mentors, presenting current projects and engaging in discussion. Faculty and students will be regarded as peers during the School.

Participants of the School will have the opportunity to present and discuss their own projects with those having similar interests, and explore ways to further develop their work. Additionally, members will collaborate on group projects involving digital media and civil society. Consisting of approximately 40 participants and 15 faculty, the School seeks to create an atmosphere of scholarly collegiality, fostering dialogue among diverse perspectives including those of design, policy, activist, and research backgrounds. The daily schedule will include time for presentations, bar camp style meetings, and informal conversations among faculty and students.

The School’s program for 2011 will focus on these themes:

Information access and open civic discourse
Digital tools for government transparency
Evolving Internet content regulation and the public’s right to information
Digital media and the democratic process
Factors influencing the growth of online civic engagement

The School will be held at the Hotel Eurostars Das Artes, a four-star hotel near the heart of Porto’s historic district, an area renowned for its active arts culture, wine, architecture, and breathtaking views. A link to the hotel site is below.

Participant fees are:

370 Euros, which includes

Six nights of lodging in a single room at the Eurostars Das Artes
Six days of breakfasts at the hotel (Monday-Saturday)
Six dinners at a local restaurant (Sunday-Friday)
The daily program of meetings, with coffee breaks
An evening cultural activity

170 Euros for UT-Austin-Portugal PhD Program students (this includes the items listed above, minus hotel and breakfast. Students will be asked to pay an additional charge for lodging, unless they are based in Porto andwish to stay at home.)

All participants should expect to pay for travel to and from Porto, lunches, and any incidental expenses such as bar tabs and outings to cafes or other Porto sites not included in the official agenda.

The Gary Chapman International School on Digital Transformation is organized by the UT Austin-Portugal program, a cooperative endeavor between the University of Texas at Austin and some of the top universities of Portugal. The co-directors of the School are Dr. Sharon Strover of the University of Texas at Austin and Dr. Artur Pimenta Alves of the University of Porto. More details on the program will be added and updated as they are confirmed.

The Eurostars Das Artes is a deluxe hotel located near many shops, restaurants, and art galleries and about a 20-minute walk to the Praça da Ribeira, at the shores of the Douro River. More information may be found here. For more information on the broader program, please see this.

There is limited space and the final deadline for applications is April 30. For questions regarding the program or call for applications, please contact Karen Gustafson at kegustafson@gmail.com.

Read the original news here

For more details visit https://cis-india.org/news/international-school-on-digital-transformation

Learning from Fukushima

praskrishna — 2011-08-30T12:47:25Z

Take remedial steps and demystify the unreasoning dread of nuclear power, says Shyam Ponappa in his latest column published by the Business Standard on April 7, 2011.

Official statistics report over 22,000 deaths related to fires, 27,000 by drowning and 144,000 in traffic accidents annually in India[1]. By contrast, the number of deaths resulting from the Chernobyl nuclear accident is about 10,000 in total, estimates Frank von Hippel, a nuclear physicist at Princeton, who is co-chairman of the International Panel on Fissile Materials (other estimates: World Health Organisation 4,000; International Agency for Research on Cancer 16,000; Belarus 93,000 plus 270,000 cancer patients; and Ukraine 500,000). Against this, he estimates the number of deaths owing to pollution from coal plants in the US alone at 10,000 each year [2].

In this context, what are we to make of a top Indian scientist’s demand for stopping nuclear power production in India pending a transparent safety audit of all nuclear plants? Why not stop all traffic because of traffic accidents, to paraphrase another leading scientist? Should we shut down all our cities and towns until the sewerage systems work? A conscious effort should be made to demystify nuclear power.

To consider this rationally, let’s begin with some reported facts. The Fukushima accident happened after the earthquake, after the plant shut down. The plant was designed to withstand waves of six metres, but was struck by an eight-metre high tsunami, according to the US’ National Oceanographic and Atmospheric Administration (other estimates range between 6.71 and 14 metres).

The reactor core takes several days to cool after being shut down and requires external cooling. The cooling system lost power from the grid because of the earthquake. The backup diesel generators worked for an hour, then stopped (there are conflicting reports on the reasons). The backup batteries then powered the pumps until they ran out. There are also conflicting reports of alternate diesel generators that were either of insufficient capacity or could not be connected for reasons that are unclear (flooded connectors, incompatible plugs and so on). The tsunami devastated the surroundings even as it hampered assistance from elsewhere. The failure appears to have been in the supply of power and water, that is , ancillary services.

Japan has 55 nuclear power reactors and it experiences frequent earthquakes. Though there have been instances of plants being shut down after earthquakes (2007: electrical transformer fire at Kashiwazaki-Kariwa, and some leaks of slightly radioactive water reported; 2004: one unit at the same plant was shut down), there has been no failure of nuclear plants because of earthquakes. So, no new facts relating to earthquakes or tsunamis seem to have surfaced to cause India to shut down its nuclear plants arbitrarily.

An increase in energy use in India is inescapable, given the correlation between growth and energy consumption. On balance, we need all the energy we can get staying within reasonable risks and costs. Objectively, what can we expect from our government and related agencies such as the Department of Atomic Energy and the Atomic Energy Agency?

Remedial Action

One could be to expect action to reduce risks based on experience.

After the Indian Ocean tsunami of 2004, a 3.2-km wall was constructed at Kalpakkam, which was in the path of the tsunami, fortified with sandbags, rocks and embankments. (The plant is situated at over 9 metres above the sea, with the reactor floors at a height of nearly 10.7 metres.)
The backup generators are located some distance away from the plant, out of the reach of tsunamis.
Mangroves and casuarinas along the coast helped diffuse the impact of the waves in 2004. News reports indicate the Department of Atomic Energy plans to augment these after its recent review of coastal nuclear plants.
News reports also mention that portable generators will be acquired for backup and tsunami alarms will be installed at coastal sites.

Other remedial measures based on experience may have been incorporated at Indian plants, or if not, could be incorporated now. For instance, referring to Fukushima, Dr von Hippel describes a filtered vent system designed to reduce radioactivity before releasing pressure from the containment building in the event of a meltdown (see diagram). Though it was ignored in the US, Sweden adopted it and so did France and Germany. Presumably, a benefit of Areva’s partnership with the Nuclear Power Corporation of India for constructing India’s new reactors will be the inclusion of filtered vents, if appropriate and not already in our design.

Costs, Benefits and Risks

Another issue is educating people on the risks, costs and benefits of different fuels. Life-cycle emissions capture one aspect of these costs (see figure for Europe).

A similar study is available for the US: “Life-Cycle Assessment of Electricity Generation Systems and Applications for Climate Change Policy Analysis” by Paul J Meier, University of Wisconsin-Madison, August 2002 (http://fti.neep.wisc.edu/pdf/fdm1181.pdf) Besides, there are costs such as population displacement and environmental effects associated with hydroelectric plants, land requirements and the environmental impact of manufacturing for solar generation, noise levels for wind farms, or pollution and the higher risk of accidents associated with coal [3].

Open Information and Communication

A third issue is easy access to accurate and relevant information. After the tsunami in 2004, the information sharing with the public was exemplary, with open and transparent briefings at Kalpakkam. This approach needs to be instituted as a standard operating procedure for governance by all departments and agencies, displaying integrity in systems, thereby instilling confidence in the public.

Prompt and accurate information about safety features including design and remedial measures could be compiled for ready access on websites, with pointers during press briefings. Regular and effective communication of systems and procedures, and measures to mitigate risks, could reduce our unreasoning dread of nuclear energy. Such steps would help assess risks reasonably and provide a good framework for governance and crisis management.

Notes

[1]."Table 38.1 Incidence of Accidental Deaths", http://mospi.nic.in/...38%20ACCIDENT%20STATISTICS/Table-38.1.xls [2008: latest available data].

[2].“It Could Happen Here”, Frank N von Hippel, New York Times, March 23, 2011: http://www.nytimes.com/2011/03/24/opinion/24Von-Hippel.html.

[3].“Nuclear power is safest way to make electricity, according to study”, David Brown, Washington Post, April 2, 2011: http://www.washingtonpost.com/national/nuclear-power-is-safest-way-to-make-electricity-according-to-2007-tudy/2011/03/22/AFQUbyQC_story.html.

For more details visit https://cis-india.org/telecom/blog/fukushima

Comments on Draft National Policy on ICT in School Education

krithika — 2011-08-30T14:23:03Z

The Department of School Education & Literacy under the Ministry of Human Resources Development invited comments on its latest draft of the National Policy on ICT in School Education. CIS' comments are listed in this post.

The Department of School Education & Literacy under the Ministry of Human Resources Development has invited comments on its latest draft of the National Policy on ICT in School Education. We, at the Centre for Internet and Society (CIS) have the following comments on the latest draft:

Digital content and resources already available in the public domain must be leveraged by the Government and this intention must be specifically expressed in the policy.
The provision in the copyright law providing for fair use of copyrighted material must be completely taken advantage of in developing, sharing, disseminating and exchanging digital content and resources. Material already part of the public domain should be included in the pool of resources to be utilised by the Government under the policy.
It is not enough for the State to provide “open and free access” to ICT and ICT-enabled tools and resources to all students. It is important that the Government adopts the concept of global Open Educational Resources (OER) and license Indian content appropriately. OER refers to digitised materials offered freely and openly for educators, students and self-learners to use and reuse for teaching, learning and research.¹ OER materials are being increasingly integrated into open and distance education. The policy should mandate the State to license all digital content under OER.
It is commedable that the policy mandates use of Open Standards for the State to maintain and share digitsed content. However, we recommend that the policy uses the same definition for “Open Standards” as that incorporated in the Government's Open Standards policy so that the same phrase is defined uniformly across all national policies.
The policy should not foreclose the option of including freeware or resources obtained gratis in the educational material for students. It should allow the State to make efforts to obtain freely available educational material and incoporate it as part of the educational material.
Course developed by the State should be licensed under a Creative Commons License, preferably an attribution-only² or sharealike³ CC license 3.0. Similarly, software used as part of educational resource must be licensed under a GPL or a BSD license.
Teachers and students should be sensitised towards the fair use exception in the Indian copyright law so that maximum utilisation of the provision is facilitated.
School libraries should be encouraged to exercise their right to the fair use exception applicable to libraries. Even though the law on fair use in respect of public libraries seems restricted in terms of the number of copies of a book that can be made (and thus, leading to staggered borrowing) and making it a prerequisite for the book to be unavailable for sale in India. However, there is significant room for interpretation of these ambiguous provisions and take advantage of the fair use exception to provide greater access to educational materials available in school libraries. Other statutes such as the Public Libraries Act govern the operations of State libraries and this, in addition to the fair use provision, would allow for greater flexibility in operation for the libraries. The State should endeavour to make the most of these provisions and interpret them to enable greater access to learning material for the students.
The policy should require libraries to follow an anonymisation policy which ensures that the details of books borrowed by the students remain private and the students' privacy is adequately safeguarded in this regard.
As far as ICT for children for special needs is concerned, it is recommended that the State use the DAISY format to make documents accessible and comply with WCAG guidelines to ensure accesssibility of web content.
Indian law on fair use exception applicable for distance education is still unclear. Therefore, we recommend that this policy be used test the feasibility of fair use in case of distance education in India.
The results and findings from the monitoring, evaluation and research should be declared Open Government Data (OGD) and shared or disseminated accordingly. A piece of data is open if anyone is free to use, reuse and redistribute it – subject only, at most, to the requirement of attribute and share-alike.⁴ Open data commissioned or produced by the government or government controlled entities constitutes OGD.⁵
As far as use of software for education is concerned, students need to read code before they write code, just as in the case of books. Therefore, Free and Open Source Software (FOSS) has to be made available so that the source code is accessible for the students to read and improve upon. De facto proprietary software could be made available where budget exists so that students can learn in a technology-neutral fashion and are exposed to multiple implementations of an idea. However, proprietary software availability will be inapplicable for domains which operate exclusively on free software.
The present draft recommends educating students and teachers on use of firewalls and other security measures to be used to block “inappropriate websites”. We feel that there is no requirement for a centralised policy on blocking websites. We recommend community-based blocking wherein each school can decide the criteria on which they want to block a website.
It is very critical to ensure that there is no surveillance done on children so that there is a free environment for children to use the digitised content and the internet for their educational purposes.
We recommend that the State is mandated to have all Indian language content be encoded using Unicode standards.
We have gone through the comments made on the draft version by IT for Change and Free Software Foundation (FSF) and we are broadly in agreement with the points made by them. We would like to reiterate that use of FOSS must be made mandatory.

Notes

1 OECD (2007), Giving Knowledge for Free: The Emergence of Open Educational Resources, OECD Publishing.
doi: 10.1787/9789264032125-en

2 http://creativecommons.org/licenses/by/3.0/legalcode

3 http://creativecommons.org/licenses/by-sa/3.0/legalcode

4 http://www.opendefinition.org/

5 http://www.opendefinition.org/government/

For more details visit https://cis-india.org/openness/blog-old/ict-in-school-education

Limits to Privacy

praskrishna — 2012-12-14T10:28:59Z

In this chapter we attempt to build a catalogue of these various justifications, without attempting to be exhaustive, with the objective of arriving at a rough taxonomy of such frequently invoked terms. In addition we also examine some the more important justifications such as “public interest” and “security of the state” that have been invoked in statutes and upheld by courts to deprive persons of their privacy.

For more details visit https://cis-india.org/internet-governance/publications/limits-privacy.pdf

Privacy and the Information Technology Act — Do we have the Safeguards for Electronic Privacy?

Prashant Iyengar — 2012-12-14T10:29:12Z

How do the provisions of the Information Technology Act measure up to the challenges of privacy infringement? Does it provide an adequate and useful safeguard for our electronic privacy? Prashant Iyengar gives a comprehensive analysis on whether and how the Act fulfils the challenges and needs through a series of FAQs while drawing upon real life examples.

What kinds of computer related activities impinge on privacy?

Although Information and Communications Technologies (ICTs) have greatly enhanced our capacities to collect, store, process and communicate information, it is ironically these very capacities of technology which make us vulnerable to intrusions of our privacy on a previously impossible scale. Firstly, data on our own personal computers can compromise us in unpleasant ways — with consequences ranging from personal embarrassment to financial loss. Secondly, transmission of data over the Internet and mobile networks is equally fraught with the risk of interception — both lawful and unlawful — which could compromise our privacy. Thirdly, in this age of cloud computing when much of "our" data — our emails, chat logs, personal profiles, bank statements, etc., reside on distant servers of the companies whose services we use, our privacy becomes only as strong as these companies’ internal electronic security systems. Fourthly, the privacy of children, women and minorities tend to be especially fragile in this digital age and they have become frequent targets of exploitation. Fifthly, Internet has spawned new kinds of annoyances from electronic voyeurism to spam or offensive email to ‘phishing’ — impersonating someone else’s identity for financial gain — each of which have the effect of impinging on one’s privacy.

Although there are a number of technological measures through which these risks can be reduced, it is equally important to have a robust legal regime in place which lays emphasis on the maintenance of privacy. This note looks at whether and how the Information Technology Act that we currently have in India measures up to these challenges of electronic privacy [1].

What provisions in the IT Act protect against violations of privacy?

At the outset, it would be pertinent to note that the IT Act defines a ‘computer resource’; expansively as including a “computer, computer system, computer network, data, computer database or software” [2]. As is evident, this definition is wide enough to cover most intrusions which involve any electronic communication devices or networks — including mobile networks. Briefly, then IT Act provides for both civil liability and criminal penalty for a number of specifically proscribed activities involving use of a computer — many of which impinge on privacy directly or indirectly. These will be examined in detail in the following sub-sections.

Intrusions into computers and mobile devices

accessing

downloading/copying/extraction of data or extracts any data

introduction of computer contaminant[3];or computer virus[4]

causing damage either to the computer resource or data residing on it

disruption

denial of access

facilitating access by an unauthorized person

charging the services availed of by a person to the account of another person,

destruction or diminishing of value of information

stealing, concealing, destroying or altering source code with an intention

The Act provides for the civil remedy of “damages by way of compensation” for damages caused by any of these actions. In addition anyone who “dishonestly” and “fraudulently” does any of these specified acts is liable to be punished with imprisonment for a term of upto three years or with a fine which may extend to five lakh rupees, or with both[5].

Bangalore techie convicted for hacking govt site (2009, Deccan Herald)[6]

In November 2009, The Additional Chief Metropolitan Magistrate, Egmore, Chennai, sentenced N G Arun Kumar, a techie from Bangalore to undergo a rigorous imprisonment for one year with a fine of Rs 5,000 under section 420 IPC (cheating) and Section 66 of IT Act (hacking).

Investigations had revealed that Kumar was logging on to the BSNL broadband Internet connection as if he was the authorised genuine user and ‘made alteration in the computer database pertaining to broadband Internet user accounts’ of the subscribers.

The CBI had registered a cyber crime case against Kumar and carried out investigations on the basis of a complaint by the Press Information Bureau, Chennai, which detected the unauthorised use of broadband Internet.

The complaint also stated that the subscribers had incurred a loss of Rs 38,248 due to Kumar’s wrongful act. He used to ‘hack’ sites from Bangalore as also from Chennai and other cities, they said.

Children's privacy online

As computers and the Internet become ubiquitous children have increasingly become exposed to crimes such as pornography and stalking that make use of their private information. The newly inserted section 67B of the IT Act (2008) attempts to safeguard the privacy of children below 18 years by creating a new enhanced penalty for criminals who target children.

The section firstly penalizes anyone engaged in child pornography. Thus, any person who “publishes or transmits” any material which depicts children engaged in sexually explicit conduct, or anyone who creates, seeks, collects, stores, downloads, advertises or exchanges this material may be punished with imprisonment upto five years (seven years for repeat offenders) and with a fine of upto Rs. 10 lakh.

Secondly, this section punishes the online enticement of children into sexually explicitly acts, and the facilitation of child abuse, which are also punishable as above.

Viewed together, these provisions seek to carve out a limited domain of privacy for children from would-be sexual predators.

The section exempts from its ambit, material which is justified on the grounds of public good, including the interests of "science, literature, art, learning or other objects of general concern". Material which is kept or used for bona fide "heritage or religious purpose" is also exempt.

In addition, the newly released Draft Intermediary Due-Diligence Guidelines, 2011 [7]require ‘intermediaries’[8]to notify users not to store, update, transmit and store any information that is inter alia, “pedophilic” or “harms minors in any way”. An intermediary who obtains knowledge of such information is required to “act expeditiously to work with user or owner of such information to remove access to such information that is claimed to be infringing or to be the subject of infringing activity”. Further, the intermediary is required to inform the police about such information and preserve the records for 90 days.

Electronic Voyeurism

Although once regarded as only the stuff of spy cinema, the explosion in consumer electronics has lowered the costs and the size of cameras to such an extent that the threat of hidden cameras recording people’s intimate moments has become quite real. Responding to the growing trend of such electronic voyeurism, a new section 66E has been inserted into the IT Act which penalizes the capturing, publishing and transmission of images of the "private area" [9]of any person without their consent, "under circumstances violating the privacy" [10] of that person.

This offence is punishable with imprisonment of upto three years or with a fine of upto Rs. two lakh or both.

Phishing – or Identity Theft

The word 'phishing' is commonly used to describe the offence of electronically impersonating someone else for financial gain. This is frequently done either by using someone else’s login credentials to gain access to protected systems, or by the unauthorized application of someone else’s digital signature in the course of electronic contracts. Increasingly a new type of crime has emerged wherein sim cards of mobile phones have been ‘cloned’ enabling miscreants to make calls on others' accounts. This is also a form of identity theft.

Two sections of the amended IT Act penalize these crimes:

Section 66C makes it an offence to “fraudulently or dishonestly” make use of the electronic signature, password or other unique identification feature of any person. Similarly, section 66D makes it an offence to “cheat by personation” [11] by means of any ‘communication device’[12] or 'computer resource'.

Both offences are punishable with imprisonment of upto three years or with a fine of upto Rs. one lakh.

Mumbai Police Solves Phishing scam [13]

In 2005, a financial institute complained that they were receiving misleading emails ostensibly emanating from ICICI Bank’s email ID.

An investigation was carried out with the emails received by the customers of that financial institute and the accused were arrested. The place of offence, Vijaywada was searched for the evidence. One laptop and mobile phone used for committing the crime was seized.

The arrested accused had used open source code email application software for sending spam e-mails. He had downloaded the same software from the Internet and then used it as it is.

He used only VSNL to spam the e-mail to customers of the financial institute because VSNL email service provider does not have spam box to block the unsolicited emails.

After spamming e-mails to the institute customers he got the response from around 120 customers of which 80 are genuine and others are not correct because they do not have debit card details as required for e-banking."

The customers who received his e-mail felt that it originated from the bank. When they filled the confidential information and submitted it the said information was directed to the accused. This was possible because the dynamic link was given in the first page (home page) of the fake website. The dynamic link means when people click on the link provided in spam that time only the link will be activated. The dynamic link was coded by handling the Internet Explorer onclick () event and the information of the form will be submitted to the web server (where the fake website is hosted). Then server will send the data to the configured e-mail address and in this case the e-mail configured was to the e-mail of the accused. All the information after phishing (user name, password, transaction password, debit card number and PIN, mother’s maiden name) which he had received through the Wi-Fi Internet connectivity of Reliance.com was now available on his Acer laptop.

This crime was registered under section 66 of the IT Act, sections 419, 420, 465, 468 and 471 of the Indian Penal Code and sections 51, 63 and 65 of the Indian Copyright Act, 1957 which attract the punishment of three years imprisonment and fine upto Rs 2 lac which the accused never thought of.

Spam and Offensive Messages

Although the advent of e-mail has greatly enhanced our communications capacities, most e-mail networks today remain susceptible to attacks from spammers who bulk-email unsolicited promotional or even offensive messages to the nuisance of users. Among the more notorious of these scams is/was the so-called "section 409 scam" in which victims receive e-mails from alleged millionaires who induce them to disclose their credit information in return for a share in millions.

Section 66A of the IT Act attempts to address this situation by penalizing the sending of:

any message which is grossly offensive or has a menacing character
false information for the purpose of causing annoyance, inconvenience, danger, insult, criminal intimidation, enmity, hatred or ill-will
any electronic e-mail for the purpose of causing annoyance or inconvenience, or to deceive the addressee about the origin of such messages;

This offence is punishable with imprisonment upto three years and with a fine[14]

Hoax E-mails [15]

In 2009, a 15-year-old Bangalore teenager was arrested by the cyber crime investigation cell (CCIC) of the city crime branch for allegedly sending a hoax e-mail to a private news channel. In the e-mail, he claimed to have planted five bombs in Mumbai, challenging the police to find them before it was too late.

According to police officials, at around 1p.m. on May 25, the news channel received an e-mail that read: “I have planted five bombs in Mumbai; you have two hours to find it.” The police, who were alerted immediately, traced the Internet Protocol (IP) address to Vijay Nagar in Bangalore. The Internet service provider for the account was BSNL, said officials.

Minor Hoax Spells Major Trouble

Sixteen-year-old Rakesh Patel (name changed), a student from Ahmedabad, sent an e-mail to a private news channel on March 18, 2008, warning officials of a bomb on an Andheri-bound train. In the e-mail, he claimed to be a member of the Dawood Ibrahim gang. Three days later, the crime investigation cell (CCIC) of the city police arrested the boy under section 506 (ii) for criminal intimidation. He was charge-sheeted on November 28, 2008.
Status: Patel was given a warning by a juvenile court
A 14-year-old Colaba boy sent a hoax e-mail to a TV channel in Madhya Pradesh, three days after the July 26, 2008, Ahmedabad bomb blasts. He claimed that 29 bombs would go off in Jabalpur. He was picked up by officers of the anti-terrorism squad (ATS) who, with the help of the MP police, were able to trace the e-mail to a cyber café in Colaba.
Status: No FIR was registered. The Cuffe Parade police registered a non-cognizable (NC) complaint against him, and the boy was allowed to go home after the police gave him a “strict warning”.
Shariq Khan, 18, was arrested in Bhopal on July 26, 2006, for sending out three e-mails claiming to be a member of the terrorist organisation, which the police believed was behind the 7/11 train bombings. He was arrested by the Bhopal police. Later, the ATS brought the boy to Mumbai and also booked him for a five-year-old unsolved case where an unknown accused had sent e-mail warnings to the department of Atomic Energy (DAE) in 2001.
Status: The police filed a charge-sheet against Shariq who claimed that he had sent the e-mails for fun. Trial is pending in a juvenile court. Shariq is presently out on bail in Bhopal.
On February 26, 2006, a 17-yearold student from Jamnabai Narsee School called an Alitalia flight bound to Milan at 2 a.m. telling them there was a bomb on board. He wanted to stop his girlfriend from going abroad. She was one of the 12 students on their way to attend a mock United Nations session in Geneva.
Status: After being grilled by the police, he was arrested, but let out on bail.

Lawful Interception and monitoring of electronic communications under the IT Act

In addition to violations of privacy by criminal and the mischievous minded, electronic communications and storage are also a goldmine for governmental supervision and surveillance. This section provides a brief overview of the provisions in the IT Act which circumscribe the powers of the state to intercept electronic communications.

The newly amended IT Act completely rewrote its provisions in relation to lawful interception. The new section 69 dealing with “power to issue directions for interception or monitoring or decryption of any information through any computer resource” is much more elaborate than the one it replaced, In October 2009, the Central Government notified rules under section 69 which lay down procedures and safeguards for interception, monitoring and decryption of information (the “Interception Rules 2009”). This further thickens the legal regime in this context.

Unlawful Intercept

In August 2007, Lakshmana Kailash K., a techie from Bangalore was arrested on the suspicion of having posted insulting images of Chhatrapati Shivaji, a major historical figure in the state of Maharashtra, on the social-networking site Orkut. The police identified him based on IP address details obtained from Google and Airtel – Lakshmana’s ISP. He was brought to Pune and detained for 50 days before it was discovered that the IP address provided by Airtel was erroneous. The mistake was evidently due to the fact that while requesting information from Airtel, the police had not properly specified whether the suspect had posted the content at 1:15 p.m. or a.m.

Taking cognizance of his plight from newspaper accounts, the State Human Rights Commission subsequently ordered the company to pay Rs 2 lakh to Lakshmana as damages [16].

The incident highlights how minor privacy violations by ISPs and intermediaries could have impacts that gravely undermine other basic human rights [17].

In addition to section 69, the Government has been empowered under the newly inserted section 69B to "monitor and collect traffic data or information generated, transmitted, received or stored in any computer resource".

"Traffic data" has been defined in the section to mean “any data identifying or purporting to identify any person, computer system or computer network or any location to or from which communication is or may be transmitted.” Rules have been issued by the Central Government under this section (the “Monitoring and Collecting Traffic Data Rules, 2009”) which are similar, although with important distinctions, to the rules issued under section 69.

Thus, there are two parallel interception and monitoring regimes in place under the Information Technology Act. In the paragraphs that follow, we provide an overview of the regime of surveillance under section 69 — since they are more targeted towards the individual, and consequently the threats to privacy are more severe — while highlighting important differences in the rules drafted under section 69.

Who may lawfully intercept?

Section 69 empowers the “Central Government or a state government or any of its officers specially authorised by the Central Government or the state government, as the case may be” to exercise powers of interception under this section.

Under the Interception Rules 2009, the secretary in the Ministry of Home Affairs has been designated as the "competent authority", with respect to the Central Government, to issue directions pertaining to interception, monitoring and decryption. Similarly, the respective state secretaries in charge of Home Departments of the various states and union territories are designated as "competent authorities" to issue directions with respect to the state government [18].

	Central Government	State/Union Territory
Ordinary Circumstances	Secretary in the Ministry of Home Affairs	Secretary in charge of Home Departments of State
Emergency	Head or second senior most officer of security and law enforcement	Authorized officer not below the rank of Inspectors General of Police

However, an exception is made in cases of emergency, either

in remote areas where obtaining prior directions from the competent authority is not feasible or

for ‘operational reasons’ where obtaining prior directions is not feasible.

In such cases it would be permissible to carry out interception after obtaining the orders of the Head or second senior most officer of security and law enforcement at the central level, and an authorized officer not below the rank of Inspector General of Police at the state or union territory level. The order must be communicated to the competent authority within three days of its issue, and approval must be obtained from the authority within seven working days, failing which the order would lapse.

Where a state/union territory wishes to intercept/monitor or decrypt information beyond its territory, the competent authority for that state must make a request to the competent authority of the Central Government to issue appropriate directions.

Under what circumstances a direction to intercept may be issued?

Purposes for which interception may be directed

Under section 69, the powers of interception may be exercised by the authorized officers “when they are satisfied that it is necessary or expedient” to do so in the interest of:

sovereignty or integrity of India,

defense of India,

security of the state,

friendly relations with foreign states or

public order or

preventing incitement to the commission of any cognizable offence relating to above or

for investigation of any offence.

Under section 69B, the competent authority may issue directions for monitoring for a range of “cyber security”[20] purposes including, inter alia, “identifying or tracking of any person who has breached, or is suspected of having breached or being likely to breach cyber security”.

Contents of direction

The reasons for ordering interception must be recorded in writing [21].

In the case of a direction under section 69, in arriving at its decision, the competent authority must consider alternate means of acquiring the information other than issuing a direction for interception [22]. The direction must relate to information sent or likely to be sent from one or more particular computer resources to another (or many) computer resources [23]. The direction must specify the name and designation of the officer to whom information obtained is to be disclosed, and also specify the uses for which the information is to be employed [24].

Duration of interception and periodic review

Once issued, an interception direction issued under section 69 remains in force for a period of 60 days (unless withdrawn earlier), and may be renewed for a total period not exceeding 180 days [25]. A direction issued under section 69B does not expire automatically through the lapse of time and theoretically would continue until withdrawn.

Within seven days of its issue, a copy of a direction issued under either section 69 or section 69B must be forwarded to the review committee constituted to oversee wiretapping under the Indian Telegraph Act [26]. Every two months, the review committee is required to meet and record its findings as to whether the direction was validly issued in light of section 69(3) [27]. If the review committee is of the opinion that it was not, it can set aside the direction and order destruction of all information collected [28].

What powers of interception do they have?

The competent authority may, in his written direction “direct any agency of the appropriate government to intercept monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource”[29].

Accordingly, the subscriber or intermediary or any person in charge of the computer resource is must, if required by the designated government agency, extend all facilities, equipment and technical assistance to:

provide access to or secure access to the computer resource generating, transmitting, receiving or storing such information; or

intercept, monitor, or decrypt[30] the information, as the case may be; or

provide information stored in computer resource.

The intermediary must maintain records mentioning the intercepted information, the particulars of the person, e-mail account, computer resource, etc., that was intercepted, the particulars of the authority to whom the information was disclosed, number of copies of the information that were made, the date of their destruction, etc. [31]. This list of requisitions received must be forwarded to the government agency once every 15 days to ensure their authenticity [32].

In addition, a responsibility is cast on the intermediary to put in place adequate internal checks to ensure that unauthorized interception does not take place, and extreme secrecy of intercepted information is maintained [33].

How long can information collected during interception be retained?

Interception rules require all records, including electronic records pertaining to interception to be destroyed by the government agency “in every six months except in cases where such information is required or likely to be required for functional purposes”. In the case of the Monitoring and Collecting of Traffic Data Rules 2009, this period is nine months from the date of creation of record.

In addition, all records pertaining to directions for interception and monitoring are to be destroyed by the intermediary within a period of two months following discontinuance of interception or monitoring, unless they are required for any ongoing investigation or legal proceedings. In the case of Monitoring Rules, this period is six months from the date of discontinuance.

What penalties accrue to intermediaries and subscribers for resisting interception?

Section 69 stipulates a penalty of imprisonment upto a term of seven years and fine for any “subscriber or intermediary or any person who fails to assist the agency” empowered to intercept.

Data Protection under the IT Act

Data Retention Requirements of 'Intermediaries'

Section 67C of the amended IT Act mandates ‘intermediaries’[34] to maintain and preserve certain information under their control for durations which are to be specified by law.

Any intermediary who fails to retain such electronic records may be punished with imprisonment up to three years and a fine.

Liability for body-corporates under section 43A

The newly inserted section 43A makes a start at introducing a mandatory data protection regime in Indian law. The section obliges corporate bodies who ‘possess, deal or handle’ any ‘sensitive personal data’ to implement and maintain ‘reasonable’ security practices, failing which they would be liable to compensate those affected by any negligence attributable to this failure.

It is only the narrowly-defined ‘body corporates’ [35] engaged in ‘commercial or professional activities’ who are the targets of this section. Thus government agencies and non-profit organisations are entirely excluded from the ambit of this section [36].

“Sensitive personal data or information” is any information that the Central Government may designate as such, when it sees fit to.

The “reasonable security practices” which the section obliges body corporates to observe are restricted to such measures as may be specified either “in an agreement between the parties” or in any law in force or as prescribed by the Central Government.

By defining both “sensitive personal data” and “reasonable security practice” in terms that require executive elaboration, the section in effect pre-empts the courts from evolving an iterative, contextual definition of these terms.

Mphasis BPO Fraud: 2005 [37]

In December 2004, four call centre employees, working at an outsourcing facility operated by MphasiS in India, obtained PIN codes from four customers of MphasiS’ client, Citi Group. These employees were not authorized to obtain the PINs.

In association with others, the call centre employees opened new accounts at Indian banks using false identities. Within two months, they used the PINs and account information gleaned during their employment at MphasiS to transfer money from the bank accounts of CitiGroup customers to the new accounts at Indian banks.

By April 2005, the Indian police had tipped off to the scam by a U.S. bank, and quickly identified the individuals involved in the scam. Arrests were made when those individuals attempted to withdraw cash from the falsified accounts, $426,000 was stolen; the amount recovered was $230,000.

Draft Reasonable Security Practices Rules 2011 [38]

In February 2011, the Ministry of Information and Technology, published draft rules under section 43A in order to define “sensitive personal information” and to prescribe “reasonable security practices” that body corporates must observe in relation to the information they hold.

Sensitive Personal Information
Rule 3 of these Draft Rules designates the following types of information as ‘sensitive personal information’:

password;

user details as provided at the time of registration or thereafter;

information related to financial information such as Bank account / credit card / debit card / other payment instrument details of the users;

physiological and mental health condition;

medical records and history;(vi) Biometric information;

information received by body corporate for processing, stored or processed under lawful contract or otherwise;

call data records;

This however, does not apply to “any information that is freely available or accessible in public domain or accessible under the Right to Information Act, 2005”.

They and “any person” holding sensitive personal information are forbidden from “keeping that information for longer than is required for the purposes for which the information may lawfully be used”[40]

Mandatory Privacy Policies for body corporates

Rule 4 of the draft rules enjoins a body corporate or its representative who “collects, receives, possess, stores, deals or handles” data to provide a privacy policy “for handling of or dealing in user information including sensitive personal information”. This policy is to be made available for view by such “providers of information” [41]. The policy must provide details of:

Type of personal or sensitive information collected under sub-rule (ii) of rule 3;
Purpose, means and modes of usage of such information;
Disclosure of information as provided in rule 6 [42].

Prior Consent and Use Limitation during Data Collection

In addition to the restrictions on collecting sensitive personal information, body corporate must obtain prior consent from the “provider of information” regarding “purpose, means and modes of use of the information”. The body corporate is required to “take such steps as are, in the circumstances, reasonable”[43] to ensure that the individual from whom data is collected is aware of :

the fact that the information is being collected; and
the purpose for which the information is being collected; and
the intended recipients of the information; and
the name and address of :
the agency that is collecting the information; and
the agency that will hold the information.

During data collection, body corporates are required to give individuals the option to opt-in or opt-out from data collection [44]. They must also permit individuals to review and modify the information they provide "wherever necessary" [45]. Information collected is to be kept securely [46], used only for the stated purpose [47] and any grievances must be addressed by the body corporate “in a time bound manner” [48].

Unlike "sensitive personal information" there is no obligation to retain information only for as long as is it is required for the purpose collected.

Limitations on Disclosure of Information

The draft rules require a body corporate to obtain prior permission from the provider of such information obtained either “under lawful contract or otherwise” before information is disclosed [49]. The body corporate or any person on its behalf shall not publish the sensitive personal information [50]. Any third party receiving this information is prohibited from disclosing it further [51]. However, a proviso to this sub-rule mandates information to be provided to ‘government agencies’ for the purposes of “verification of identity, or for prevention, detection, investigation, prosecution, and punishment of offences”. In such cases, the government agency is required to send a written request to the body corporate possessing the sensitive information, stating clearly the purpose of seeking such information. The government agency is also required to “state that the information thus obtained will not be published or shared with any other person” [52].

Sub-rule (2) of rule 6 requires “any information” to be “disclosed to any third party by an order under the law for the time being in force.” This is to be done “without prejudice” to the obligations of the body corporate to obtain prior permission from the providers of information [53].

Reasonable Security Practices

Rule 7 of the draft rules stipulates that a body corporate shall be deemed to have complied with reasonable security practices if it has implemented security practices and standards which require:

a comprehensive documented information security program; and

information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected.

In case of an information security breach, such body corporate will be “required to demonstrate, as and when called upon to do so by the agency mandated under the law, that they have implemented security control measures as per their documented information security program and information security policies”.

The rule stipulates that by adopting the International Standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements”, a body corporate will be deemed to have complied with reasonable security practices and procedures.

The rule also permits “industry associations or industry clusters” who are following standards other than IS/ISO/IEC 27001 but which nevertheless correspond to the requirements of sub-rule 7(1), to obtain approval for these codes from the government. Once this approval has been sought and obtained, the observance of these standards by a body corporate would deem them to have complied with the reasonable security practice requirements of section 43A.

Penalties and Remedies for breach of Data Protection

Civil Liability for Corporates

As mentioned above, any body corporates who fail to observe data protection norms may be liable to pay compensation if:

it is negligent in implementing and maintaining reasonable security practices, and thereby

causes wrongful loss or wrongful gain to any person;[54]

Claims for compensation are to be made to the adjudicating officer appointed under section 46 of the IT Act. Further, details of the powers and functions of this officer are given in succeeding sections of this note.

Criminal liability for disclosure of information obtained in the course of exercising powers under the IT Act

Section 72 of the Information Technology Act imposes a penalty on “any person” who, having secured access to any electronic record, correspondence, information, document or other material using powers conferred by the Act or rules, discloses such information without the consent of the person concerned. Such unauthorized disclosure is punishable “with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.”

Criminal Liability for unauthorized disclosure of information by any person of information obtained under contract

Section 72A of the IT Act imposes a penalty on any person [55] (including an intermediary) who

has obtained personal information while providing services under a lawful contract and

discloses the personal information without consent of the person,

with the intent to cause, or knowing it is likely to cause wrongful gain or wrongful loss [56]

Such unauthorised disclosure to a third person is punishable with imprisonment upto three years or with fine upto Rs five lakh, or both.

Whom to call? Adjudicatory Mechanism and Remedies under the IT Act

This section provides a brief outline of the mechanism installed by the IT Act to activate the various remedies and penalties prescribed in various sections of the Act. As a victim of online intrusion, how does one use the IT Act to seek redressal?

As mentioned above, the IT Act provides for both the civil remedy of damages in compensation (Chapter IX) as well as criminal penalties for offences such as imprisonment and fine (Chapter XI). In general, claiming a civil remedy does not bar one from seeking criminal prosecution and ideally both should be pursued together. For clarity, in the sections that follow, we will be discussing the two procedures separately.

Civil Damages and Compensation

Whom to approach?

Section 46 of the IT Act empowers the Central Government to appoint “adjudication officers” to adjudicate whether any person has committed any of the contraventions described in Chapter IX of the Act (See section 2.1 and 4.2 above) and to determine the quantum of compensation payable. Accordingly, the Central Government has designated the secretaries of the Department of Information Technology of each of the states or union territories as the “adjudicating officer” with respect to each of their territories [57].

However, a pecuniary limit has been placed on the powers of adjudicating officers, and they may only adjudicate cases where the quantum of compensation claimed does not exceed Rs. five crores. In cases where the compensation claimed exceeds this amount, jurisdiction would vest in the “competent court”, under the Code of Civil Procedure [58].

Section 61 of the Act bars ordinary civil courts from jurisdiction over matters which the adjudicating officers have been empowered to decide under this Act.

When must a complaint be filed?

The Limitation Act provides that a suit must be filed within three years from when the right to sue accrues [59].

What is the procedure?

Section 46 and the rules framed under that section provide elaborate guidelines on the procedure that is to be followed by the adjudicating officer. Thus, the adjudicating officer is required to give the accused person “a reasonable opportunity for making representation in the matter”. Thereafter, if , on an inquiry, “he is satisfied that the person has committed the contravention, he may impose such penalty or award such compensation as he thinks fit in accordance with the provisions of that section.”

In order to carry out their duties adjudicating officer have been invested with the powers of a civil court which are conferred on the cyber appellate tribunal [60]. Additionally, they have the power to punish for their contempt undert the Code of Criminal Procedure.

Rules framed under the section provide further details on the procedure that must be followed and provide for the issuance of a “show cause notice”, manner of holding enquiry, compounding of offences, etc. [61].

Section 47 provides that in adjudging the quantum of compensation, the adjudicating officer shall have due regard to the following factors, namely:—

the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;

the amount of loss caused to any person as a result of the default;

the repetitive nature of the default.

Where must a complaint be filed and in what format?

The complaint must be made to the adjudicating officer of the state or union territory on the basis of location of computer system, computer network. The complaint must be made on a plain paper in the format provided in the Performa attached to the rules [62].

In case the offender or computer resource is located abroad, it would be deemed, for the purpose of prosecution to be located in India [63].

How long does the process take?

The Rules direct that the whole matter should be heard and decided “as far as possible” within a period of six months [64].

How much does it cost?

The Rules stipulates a variable fee payable by a bank draft calculated on the basis of damages claimed by way of compensation

a) Upto Rs. 10,000	10% ad valorem rounded off to nearest next hundred
b) From 10001 to Rs.50000	Rs. 1000 plus 5% of the amount exceeding Rs.10,000 rounded off to nearest next hundred
c) From Rs.50001 to Rs.100000	Rs. 3000/- plus 4% of the amount exceeding Rs. 50,000 rounded off to nearest next hundred
d) More than Rs. 100000	Rs.5000/- plus 2% of the amount exceeding Rs. 100,000 rounded off to nearest next hundred

Appeals to the Cyber Appellate Tribunal and the High Court

The Act provides for the constitution of a cyber appellate tribunal to hear appeals from cases decided by the adjudicating officer.

Within 25 days of the copy of the decision being made available by the adjudicating officer, the aggrieved party may file an appeal before the cyber appellate tribunal.

Section 57 provides that the appeal filed before the cyber appellate tribunal shall be dealt with by it as expeditiously as possible and endeavor shall be made by it to dispose of the appeal finally within six months from the date of receipt of the appeal. Section 62 gives the right of appeal to a high court to any person aggrieved by any decision or order of the cyber appellate tribunal on any question of fact or law arising out of such order. Such an appeal must be filed within 60 days from the date of communication of the decision or order of the cyber appellate tribunal.

Can contraventions be compounded (compromised) with the offender?

Except in the case of repeat offenders, contraventions may be compromised by the adjudicating officer or between the parties either before or after institution of the suit. Where any contravention has been compounded the IT Act provides that “no proceeding or further proceeding, as the case may be, shall be taken against the person guilty of such contravention in respect of the contravention so compounded”[65].

Criminal Penalties

The process described above applies to “contraventions” under Chapter IX of the Act. In addition to being liable to pay compensation, in the cases falling under section 43, such offenders may also be liable for criminal penalties such as imprisonment and fines [66]. This sub-section of this paper deals with the procedure to be followed with respect to the criminal offences set out under Chapter XI of the Act (for example, see sections 2.2 to 2.5 above).

Whom to approach? Who can take cognizance of offences and investigate them?

Section 78 of the IT Act empowers police officers of the rank of Inspectors and above to investigate offences under the IT Act.

Many states have set up dedicated cyber crime police stations to investigate offences under this Act [67]. Thus, for example, the State of Karnataka has set up a special cyber crime police station responsible for investigating all offences under the IT Act with respect to the entire territory of Karnataka [68].

When must a complaint be lodged?

Although there is no time limit prescribed by the IT Act or the Code of Criminal Procedure with respect to when an FIR must be filed, in general, courts tend to take an adverse view when a significant delay has occurred between the time of occurrence of an offence and it’s reporting to the nearest police station.

The Code of Criminal Procedure forbids courts from taking cognizance of cases after three years “if the offence is punishable with imprisonment for a term exceeding one year but not exceeding three years”. Where either the commission of the offence was not known to the person aggrieved, or where it is not known by whom the offence committed, this period is computed from the date on which respectively the offence or the identity of the offender comes to the knowledge of the person aggrieved [69].

What is the procedure?

No special procedure is prescribed for the trial of cyber offences and hence the general provisions of criminal procedure would apply with respect to investigation, charge sheet, trial, decision, sentencing and appeal.

Can offences be compounded?

Offences punishable with imprisonment of upto three years are compoundable by a competent court. However, repeat offenders cannot have their subsequent offences compounded. Additionally, offences which “affect the socio-economic conditions of the country” or those committed against a child under 18 years of age or against women cannot be compounded [70].

Bibliography

[1].The IT Act is only one of the various laws which safeguard citizens from violations of online privacy. In addition, in the domain of finance, for instance, various RBI regulations mandate strong security protocols with respect to data held by financial institutions. Since this is the subject of a different dispatch on banking and privacy which we have brought out, these regulations are omitted from this discussion.

[2].Section 2(k) of the IT Act defines ‘computer’ as any electronic magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.

[3].Section 43 defines "computer contaminant" as any set of computer instructions that are designed— (a) to modify, destroy, record, transmit data or program residing within a computer, computer system or computer network; or (b) by any means to usurp the normal operation of the computer, computer system, or computer network;

[6].Section 66 of the IT Act. Anon, 2009. Bangalore techie convicted for hacking govt site. Deccan Herald. Available at: http://goo.gl/jCvAh. [Accessed March 29, 2011];

[7].The Information Technology (Due Diligence observed by Intermediaries Guidelines) Rules, 2011;

[8].‘Intermediary’ has been defined very expansively under section 2(w) of the Act to mean, with respect to any electronic record, “any person who on behalf of another person receives, stores or transmits that record, or provides any service with respect to that record and includes telecom service providers, network service providers, Internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes

[9].‘Private area’ has been defined in section 66E as “the naked or undergarment clad genitals, pubic area, buttocks or female breast”.

[10].Defined as “circumstances in which a person can have a reasonable expectation that (i) he or she could disrobe in privacy, without being concerned that an image of his or her private area was being captured or (ii) any part of his or her private area would not be visible to the public regardless of whether that person is in a public or private place”. See explanation to Section 66E

[11]."Cheating by personation" is a crime defined under section 416 the Indian Penal Code. According to that section, “a person is said to "cheat by personation" if he cheats by pretending to be some other person, or by knowingly substituting one person for another, or representing that he or any other person is a person other than he or such other person really is." The explanation to the section adds that "the offence is committed whether the individual personated is a real or imaginary person". Two illustrations to the section further elaborate its meaning: (a) A cheats by pretending to be a certain rich banker of the same name. A cheats by personation (b) A cheats by pretending to be B, a person who is deceased. A cheats by personation.

[12].Communication device" has been defined to mean "cell phones, personal digital assistance (sic) or combination of both or any other device used to communicate send or transmit any text, video, audio or image".

[13].2005. Cyber Crime Cell, Mumbai: Case of Phishing. Mumbai Police. Available at: http://www.cybercellmumbai.com/case-studies/case-of-fishing [Accessed March 23, 2011].

[14]. Although no maximum limit is prescribed for the fine under this section, Section 63 of the Indian Penal Code declares that “Where no sum is expressed to which a fine may extend, the amount of fine to which the offender is liable is unlimited, but shall not be excessive”.

[15].Hafeez, M., 2009. Crime Line: Curiosity was his main motive, say city police. Crime Line. Available at: http://mateenhafeez.blogspot.com/2009/05/curiosity-was-his-main-motive-say-city.html [Accessed March 23, 2011].

[16]. Holla, A., 2009. Wronged, techie gets justice 2 yrs after being jailed. Mumbai Mirror. Available at: http://www.mumbaimirror.com/index.aspx?page=article&sectid=2&contentid=200906252009062503144578681037483 [Accessed March 23, 2011].

[18]. By contrast, rules framed under Section 69B designates only the Secretary to the Government of India in the Department of Information Technology under the Ministry of Communications and IT as the “competent authority” to issue orders of interception.

[19].It is unclear what these “operational reasons” could mean. The text of the rules provide no useful guidance.

[20].“Cyber security breach” is defined as meaning “any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly acceptable security policy resulting in unauthorized access, denial of service, disruption, unauthorized use of a computer resource for processing or storage of information or changes to date, information without authorization”. Rule 2(f) of the Monitoring and Collecting of Traffic Data Rules 2009.

[21].Rule 7 of the Interception Rules 2009; Rule 3(3) of the Monitoring and Collecting of Traffic Data Rules 2009

[22].Rule 8 of the Interception Rules 2009

[23]. Rule 9 of the Interception Rules 2009

[24].Rule 10 of the Interception Rules 2009;

[25].Rule 11 of the Interception Rules 2009

[26].Rule 7 of the Interception Rules 2009

[27].Rule 22 of the Interception Rules 2009

[28]. Ibid

[29].Section 69 of the IT Act.

[30].The intermediary is required to assist in the decryption only to the extent that the intermediary has control over the decryption key. See Sub-Rule 13(3) of the Interception Rules 2009. Rule 17 enjoins the holder of a decryption key to provide decryption assistance when directed to by the competent authority.

[31].Rule 16 of the Interception Rules 2009

[32].Rule 18 of the Interception Rules 2009

[33]. Rule 20 of the Interception Rules 2009; Rules 10 & 11 of the Monitoring and Collecting of Traffic Data Rules 2009. Failure to maintain secrecy of data may attract punishment under Section 72 of the Information Technology Act.

[34].Supra n. 6 for definition

[35].Section 43A defines "'body corporate" as any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities;

[36].This does not necessarily mean that these entitles are exempt from taking reasonable care to safeguard information that they collect, maintain or control – only that remedies against the government must be sought under general common law, rather than under the IT Act.

[37].Anon, 2005. The MphasiS Scandal – And How it Concerns U.S. Companies Considering Offshore BPO. Carretek. Available at: http://www.carretek.com/main/news/articles/MphasiS_scandal.htm [Accessed March 29, 2011]. See also Anon, 2005. MphasiS case: BPOs feel need to tighten security. Indian Express. Available at: http://www.expressindia.com/news/fullstory.php?newsid=44856 [Accessed March 29, 2011].

[38]. The Information Technology (Reasonable security practices and procedures and sensitive personal information) Rules, 2011. Available at http://www.mit.gov.in/sites/upload_files/dit/files/senstivepersonainfo07_02_11.pdf, last accessed February 15th, 2011.

[39].Rule 5 of the Draft Rules.

[40]. This is perhaps a bit vague, since the potential ‘lawful uses’ are numerous and could be inexhaustible. It is unclear whether “lawful usage” is coterminous with “the uses which are disclosed to the individual at the time of collection”. In addition, this rule is framed rather weakly since it does not impose a positive obligation (although this is implied) to destroy information that is no longer required or in use.

[41].“Provider of data” is not the same as individuals to whom the data pertains, and could possibly include intermediaries who have custody over the data. We feel this privacy policy should be made available for view generally – and not only to providers of information. In addition, it might be advisable to mandate registration of privacy policies with designated data controllers.

[42]. This is well framed since it does not permit body corporates to frame privacy policies that detract from Rule 6.

[43].One wonders about the convoluted language used here when a simpler phrase like “take reasonable steps” alone might have sufficed - reasonableness has generally been interpreted by courts contextually. As the Supreme Court has remarked, “`Reasonable’ means prima facie in law reasonable in regard to those circumstances of which the actor, called upon to act reasonably, knows or ought to know. See Gujarat Water Supply and Sewage Board v. Unique Erectors (Guj) AIR 1989 SC 973.

[44].Sub-Rule 5(7).

[45].Sub-Rule 5(6). It is unclear what would count as a ‘necessary’ circumstance and who would be the authority to determine such necessity.

[46].Sub-Rule 5(8).

[47].Sub-Rule 5(5).

[48].Sub-Rule 5(9).

[49]. Sub-Rule 6(1) There are two problems with this rule. First, it requires prior permission only from the provider of information, and not the individual to whom the data pertains. In effect this whittles down the agency of the individual in being able to control the manner in which information pertaining to her is used. Second, it is not clear whether this information includes “sensitive personal information”. The proviso to this rule includes the phrase “sensitive information”, which would suggest that such information would be included. This makes it even more important that the rule require that prior permission be obtained from the individual to whom the data pertains and not merely from the provider of information.

[50].Sub-Rule 6(3).

[51].Sub-Rule 6(4).

[52].This is a curious insertion since it begs the question as to the utility of such a statement issued by the requesting agency. What are the sanctions under the IT Act that may be attached to a government agencies that betrays this statement? Why not instead, insert a peremptory prohibition on government agencies from disclosing such information (with the exception, perhaps, of securing conviction of offenders)?

[53].This sub-rule does not distinguish between orders issued by a court and those issued by an administrative/quasi-judicial body.

[54]. “Wrongful loss” and “wrongful gain” have been defined by Section 23 of the Indian Penal Code. Accordingly, "Wrongful gain" is gain by unlawful means of property which the person gaining is not legally entitled. "Wrongful loss"- "Wrongful loss" is the loss by unlawful means of property to which the person losing it is legally entitled.” The section also includes this interesting explanation “Gaining wrongfully, losing wrongfully- A person is said to gain wrongfully when such person retains wrongfully, as well as when such person acquires wrongfully. A person is said to lose wrongfully when such person is wrongfully kept out of any property as well as when such person is wrongfully deprived of property”. Following this, it could be possible to argue that the retention of data beyond the period of its use would amount to a “wrongful gain”.

[55]. Section 3(39) of the General Clauses Act defines a person to include “any company or association or body of individuals whether incorporated or not”. An interesting question here would be whether the State can be considered “a person” so that it can be held liable for unauthorized disclosure of personal information. In an early case of Shiv Prasad v. Punjab State AIR 1957 Punj 150, the Punjab High Court had excluded this possibility. However, the case law on this point has not been consistent. In Ramanlal Maheshwari v.Municipal Committee, the MP High Court held that the Municipal Council could be treated as a ‘person’ for the purpose of levying a fine attached to a criminal offence. Statutory corporate bodies (such as the proposed UID Authority of India) have been held to be ‘persons’ for purposes of law . See Commissioners, Port of Calcutta v. General Trading Corporation, AIR 1964 Cal 290. Here under the Calcutta Port Act, Port Commissioners were declared to be a “body corporate”, and hence were held to be a ‘person’.

[56].See supra n. 44.

[57]. See G.S.R.240(E) New Delhi, the 25th March, 2003 available at < http://www.mit.gov.in/content/it-act-notification-no-240> .

[58].See Section 46(1A).

[59].Schedule I, Part X of the Limitation Act “Suits for which there is no prescribed period.”

[60].The powers of the Cyber Appellate Tribunal under Section 58 include the powers of (a) summoning and enforcing the attendance of any person and examining him on oath; (b) requiring the discovery and production of documents or other electronic records; (c) receiving evidence on affidavits; (d) issuing commissions for the examination of witnesses or documents; (e) reviewing its decisions; (f) dismissing an application for default or deciding it ex parte.

[61].Information Technology (Qualification and Experience of Adjudicating Officers and Manner of holding Enquiry) Rules, 2003 [GSR 220(E)] Available at <http://cca.gov.in/rw/resource/notification-gsr220e.pdf?download=true>.

[62]. Ibid Rule 4(b).

[63]. Section 75.

[64]. Ibid, Rule 4(k).

[65]. Section 63 of the Act.

[66].Prior to amendment in 2008, contraventions listed in Section 43 were only liable to be compensated by damages through civil proceedings. Thus in 2007, the Madras High Court annulled an FIR lodged in a police station which listed an activity mentioned in 43(g). See S. Sekar vs The Principal General Manager < http://indiankanoon.org/doc/182565/> This position has however been changed with the new Section 66 which makes all actions listed in Section 43 an offence when committed with dishonest or fraudulent intent. Thus an FIR can be lodged with respect to these activities as well.

[67].An incomplete list of cyber crime cells of police in different states can be viewed at <http://infosecawareness.in/cyber-crime-cells-in-india>.

[68]. Home and Transport3 Secretariat, Notification no. HD 173 POP 99 Bangalore, Dated 13th September 2001 Available at < http://cyberpolicebangalore.nic.in/pdf/notification_1.pdf>.

[69]. Sections 468 and 469 of the Code of Criminal Procedure, 1973.

[70]. Section 77A of the Information Technology Act.

Click below to download files of your choice:

PDF [347 kb]
Open Office [51 kb]
Word File [55 kb]

For more details visit https://cis-india.org/internet-governance/blog/privacy/safeguards-for-electronic-privacy

On the Path to Global Open Access: A Few More Miles to Go

praskrishna — 2011-08-20T14:35:29Z

This editorial by PLoS Medicine Editors Virginia Barbour, Jocalyn Clark, Susan Jones, Melissa Norton, and Emma Veitch was published in the magazine's March 2011, Volume 8, Issue 3.

It has been a couple of months now since the withdrawal of access via HINARI to medical journals in Bangladesh by several publishers caused an upset in the medical publishing world [1]. HINARI (Health Internetwork Access to Research Initiative) is a WHO-supported program [2] that partners with subscription-based publishers to allow researchers in the world's poorest countries to access some of their journals under certain conditions (for example, researchers have to access the journal in defined institutions). After much lobbying from researchers, editors, and others following the withdrawal, HINARI access has been—for the time being at least—reinstated, though with a substantial lack of clarity over the longer term plans of a number of the publishers [3]. Although traumatic for the researchers who lost access, the incident has triggered a useful debate on the value of open access (OA; immediate, permanent free access and permanently guaranteed unrestricted reuse, as enshrined in a Creative Commons license [4] and as practiced by publishers such as PLoS) versus free access with no legal rights attached. It is hard to think of a better example to demonstrate the precariousness of this latter type of free access, which can mean that access may be withdrawn for no reason.

Now that the heat of the HINARI debate has died down, it is an opportune time to consider how this dispute, and others like it, can be used constructively to move toward a position where universal OA to the medical literature becomes the norm.

On the positive side, the debate has brought many new voices into the discussion around access, particularly those on the online discussion forum HIFA2015 [5], where the diversity and strength of opinions expressed was most likely the key instrument in ensuring that the publishers' withdrawal from HINARI was not only brought to light, but also largely reversed.

The debacle also allowed constructive discussions around the substantial limitations of HINARI and its inability to provide a long-term sustainable solution to access in the developing world. It also allowed airing of many OA issues, including the difference between free and open access [4]; the logistical difficulties experienced by some researchers in accessing online journals, such as those in locations with low bandwidth; the suspicion of some researchers of online-only journals; and concerns over publication fees.

Thus the argument about how to implement such access, particularly in the developing world, is far from over. The issues above are very familiar to OA advocates. When PLoS Medicine was getting started seven years ago, we encountered many of the same questions from the (admittedly mostly developed-world) authors and readers we canvassed then. The phenomenal growth of OA since then has reassured many of those who initially questioned the model and its sustainability: submissions and publications are increasing each year at PLoS and in other open-access journals, reflecting the increased confidence of authors in this model. OA papers are also highly accessed, though our data suggest that most of this access, and most of the authors, still come from the developed world.

The HINARI incident thus highlights the fact that HINARI is, sadly, still needed both because of traditional publishers who have not yet implemented OA, even in the developed world, and because substantial gaps remain in our knowledge about how OA will work for the developing world. Hence, there is some way to go before this model of publishing can become the norm worldwide. Despite the best intentions of open-access publishers, we have failed to reach out adequately to debate with researchers and readers in the less-developed world about the potential benefits of open access. Instead, as is often the case when the developed world prescribes for the less-developed world, we have assumed that what works well in Paris, London, or San Francisco will work just as well in Addis Ababa, Beirut, or Lima.

Some examples of these active concerns about OA: first, are OA journals being delivered in the best format for readers in the developing world? If print really is better in some places, are we doing our best to ensure that the online journals are optimized for rapid downloading and printing of articles? If access to online journals will be primarily via mobile devices rather than computers, are we delivering the content in appropriate formats? Second, do we understand the reputation metrics outside of Europe or the US that will ensure that the new OA journals are trusted and meet the requirements authors face for academic promotions or other professional needs [6]? Even more importantly, are there OA journals available that cater to the needs of readers and authors across the developing world? Should publishers be helping groups to start their own journals, rather than assuming that the existing OA journals will be accepted?

Medical journals have many roles, but, above all, dissemination of medical information is key. This crucial role was stated clearly back in1997 by Neil Pakenham-Walsh (the founder of HIFA2015) and colleagues, and it is no less relevant now [7]: "Providing access to reliable health information for health workers in developing countries is potentially the single most cost effective and achievable strategy for sustainable improvement in health care."

Much therefore remains to be done in improving access to health information in the developing world. By providing a logistical framework for open access (by the adoption of appropriate licenses), and by showing what can be done in the developed world with OA journals, OA publishers have done much to make it possible more widely. The next crucial step is to engage with readers, researchers, and authors in the developing world to understand better their information needs so that we don't fall into the trap of pushing information in only one direction. Open access is about facilitating the movement of knowledge—in all directions.

References

Kmietowicz K (2011) Publishers withdraw 2500 journals from free access scheme in Bangladesh. BMJ 342: d196. doi:10.1136/bmj.d196.

HINARI (2011) HINARI Access to Research in Health Programme. Available:http://www.who.int/hinari/en/. Accessed 16 February 2011.

Wise A (2011) Elsevier statement on Research4Life. Lancet 377: 377. FIND THIS ARTICLE ONLINE

PLoS (2011) Definition of Open Access. Available: http://www.plos.org/oa/definition.php. Accessed 16 February 2011.

HIFA2015 (2011) A Global Campaign: Healthcare Information for All by 2015. Available:http://www.hifa2015.org/. Accessed 16 February 2011.

Chan L, Kirsop B, Arunachalam S (2011) Towards Open and Equitable Access to Research and Knowledge for Development. PLoS Med 8: 1016. doi:10.1371/journal.pmed.1001016.

Packenham-Walsh N, Priestley C, Smith R (1997) Meeting the information needs of health workers in developing countries. BMJ 314: 90. FIND THIS ARTICLE ONLINE

For more details visit https://cis-india.org/news/path-2-global-open-access

March 2011 Bulletin

praskrishna — 2012-07-30T10:59:46Z

Greetings from the Centre for Internet and Society! In this issue we are pleased to present you the latest updates about our research, upcoming events, and news and media coverage.

Researchers@Work

RAW is a multidisciplinary research initiative. CIS believes that in order to understand the contemporary concerns in the field of Internet and society, it is necessary to produce local and contextual accounts of the interaction between the Internet and socio-cultural and geo-political structures. To build original research knowledge base, the RAW programme has been collaborating with different organisations and individuals to focus on its three year thematic of Histories of the Internets in India. Monographs finalised from these projects are online for peer review.

New Blog Entry by Zainab Bawa in Transparency and Politics

A History of Transparency, Politics and Information Technologies in India

Digital Natives with a Cause?

Digital Natives with a Cause? is a knowledge programme initiated by CIS and Hivos, Netherlands. It is a research inquiry that seeks to look at the changing landscape of social change and political participation and the role that young people play through digital and Internet technologies, in emerging information societies. Consolidating knowledge from Asia, Africa and Latin America, it builds a global network of knowledge partners who want to critically engage with the dominant discourse on youth, technology and social change, in order to look at the alternative practices and ideas in the Global South. It also aims at building new ecologies that amplify and augment the interventions and actions of the digitally young as they shape our futures.

Column on Digital Natives

A fortnightly column on ‘Digital Natives’ authored by Nishant Shah is featured in the Sunday Eye, the national edition of Indian Express, Delhi, from 19 September 2010 onwards. The following was published recently:

Watson knows the Question [Indian Express, March 6, 2011]

Blog Entries by Maesey Angelina

Maesey Angelina works as a programme officer at Hivos, Jakarta on gender, women and development while exploring research initiatives on Digital Natives in Indonesia. She spent one month in CIS, working on her dissertation, exploring the Blank Noise project under the Digital Natives with a Cause framework. She writes a series of blog entries. The new ones are:

Blog Entries by Samuel Tettner

Samuel Tettner is a Digital Natives Coordinator in CIS. He has written the following blog entries:

Accessibility

Estimates of the percentage of the world's population that is disabled vary considerably. But what is certain is that if we count functional disability, then a large proportion of the world's population is disabled in one way or another. At CIS we work to ensure that the digital technologies, which empower disabled people and provide them with independence, are allowed to do so in practice and by the law. To this end, we support web accessibility guidelines, and change in copyright laws that currently disempower the persons with disabilities.

Featured Research

Accessible Mobile Handsets in India: An Overview

Blog Entry

Note on the Authorities under the Working Draft of Persons with Disabilities Act, 2011 (9th February 2011)

Intellectual Property

CIS believes that access to knowledge and culture is essential as it promotes creativity and innovation and bridges the gaps between the developed and developing world positively. Hence, the campaigns for an international treaty on copyright exceptions for print-impaired, advocating against PUPFIP Bill, calls for the WIPO Broadcast Treaty to be restricted to broadcast, questioning the demonization of 'pirates', and supporting endeavours that explore and question the current copyright regime. Its latest endeavour has resulted into these:

Featured Research

Pirates, Plagiarisers, Publishers [ Written by Prashant Iyengar and originally published in the Economic & Political Weekly, February 26, 2011, Vol XLVI No 9]

Submission

Comments to the Ministry on WIPO Broadcast Treaty (March 2011)

Openness

Workshops organised

Design!publiC [Taj Vivanta, New Delhi, March 18, 2011]
Open Access to Scientific Information Indian International Centre [New Delhi, March 16, 2011]

Internet Governance

Although there may not be one centralized authority that rules the Internet, the Internet does not just run by its own volition: for it to operate in a stable and reliable manner, there needs to be in place infrastructure, a functional domain name system, ways to curtail cyber crime across borders, etc. The Tunis Agenda of the second World Summit on the Information Society (WSIS), paragraph 34 defined Internet governance as “the development and application by governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet.” CIS involvement in the field of Internet governance has taken the following shape:

Submissions

CIS is doing a project, ‘Privacy in Asia’. It is funded by Privacy International (PI), UK and the International Development Research Centre, Canada and is being administered in collaboration with the Society and Action Group, Gurgaon. The two-year project commenced on 24 March 2010 and will be completed as agreed to by the stakeholders. It was set up with the objective of raising awareness, sparking civil action and promoting democratic dialogue around challenges and violations of privacy in India. In furtherance of these goals it aims to draft and promote over-arching privacy legislation in India by drawing upon legal and academic resources and consultations with the public.

Submission

Privacy and Governmental Database

Workshops organized

Privacy Matters - A Public Conference in Ahmedabad [Ahmedabad, March 26, 2011]
Public Talk by Dr. Ian Brown on Privacy, Trust and Biometrics [Centre for Contemporary Studies, IISc, Bangalore, March 21, 2011]
Electronication: Ragas and the Future [Jaaga, Bangalore, March 6, 2011]
Role of the Internet in Fostering Freedom of Expression and Strengthening Activism in India - A Workshop in Delhi [Constitution Club, New Delhi, March 4, 2011]
Global Challenges to Freedom of Expression [Constitution Club, New Delhi, March 4, 2011]

Telecom

The growth in telecommunications in India has been impressive. While the potential for growth and returns exist, a range of issues need to be addressed for this potential to be realized. One aspect is more extensive rural coverage and the second aspect is a countrywide access to broadband which is low at about eight million subscriptions. Both require effective and efficient use of networks and resources, including spectrum. It is imperative to resolve these issues in the common interest of users and service providers. CIS campaigns to facilitate this:

Featured Research

India's untapped potential: Are a billion people losing out because of spectrum?

Column

Shyam Ponappa is a Distinguished Fellow at CIS. He writes regularly on Telecom issues in the Business Standard and these articles are mirrored on the CIS website as well.

Big-Bang Budgets? [published in the Business Standard on March 3, 2011]

Forthcoming Events

CIS is organising some conferences/workshops in the month of March/April:

Web Sites Accessibility Evaluation Methodologies: A New Imperative for State Parties to the Convention on the Rights of Persons with Disabilities[Hyderabad International Convention Centre, Hyderabad]
Shadow Search Project (SSP) in CIS [CIS, Bangalore]
Facebook Resistance Workshop [CIS, Bangalore]

News & Media Coverage

Networking its way to better governance (Hindu, March 28, 2011]
‘Learn from failed UK NIR project’ (Deccan Chronicle, March 22, 2011]
Design!publiC - News from Livemint (Livemint, March 18, 2011)
Muzzling the Internet (Outlook, March 17, 2011)
Battle for the Internet (Down to Earth, Issue: March 15, 2011)
Cause and effect Facebook-style (Hindustan Times, March 13, 2011)
Catch-all approach to Net freedom draws activist ire (Sunday Guardian, March 13, 2011)
Lives suspended in the Web (Indian Express, March 11, 2011)
Draft IT guidelines may gag internet freedom (Times of India, March 11, 2011)
Govt proposal to muzzle bloggers sparks outcry (Times of India, March 10, 2011)
New Indian Rules May Make Online Censorship Easier (Yahoo News, March 7, 2011)
Anti-Social Network (Mail Today, February 27, 2011)

Follow us elsewhere

Get short, timely messages from us on Twitter
Follow CIS on identi.ca
Join the CIS group on Facebook
Visit us at www.cis-india.org

CIS is grateful to Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/march%20-2011-bulletin

Towards Open and Equitable Access to Research and Knowledge for Development

praskrishna — 2011-08-18T05:04:54Z

There is growing recognition that the capacity to conduct research and to share the resulting knowledge is fundamental to all aspects of human development, from improving health care delivery to increasing food security, and from enhancing education to stronger evidence-based policy making. This article by Leslie Chan, Barbara Kirsop and Prof. Subbiah Arunachalam was published in PLoS (Public Library of Science) on March 29, 2011.

For more details visit https://cis-india.org/openness/blog-old/open-equitable-access-to-research-knowledge

The Draft Electronic Delivery of Services Bill, 2011 – Comments by CIS

praskrishna — 2011-08-02T07:37:37Z

The Draft Electronic Delivery of Services Bill, 2011 (“Bill”) is a Bill to provide for delivery of government services manadatorily through electronic means by phasing out manual delivery of services. It is heartening to note that the Bill shifts the approach to electronic delivery of services by Government agencies to one as part of the citizens' right to service delivery through electronic means rather than a luxury or benefit doled out by the Government. The Bill introduces bodies exclusively accountable for ensuring that electronic delivery of services by the Government at the state and central levels. While this is a welcome move on the part of the Government there are a few comments we, at the Centre for Internet and Society, have on the present version of the Bill:

Accessibility
The Bill does not make it mandatory for all Government services to be accessible to all including persons with disabilities. The Bill refers to the term “access”, as defined in Section 2(1)(a) from the prespective of merely gaining physical access to the services or availability of such services1 rather than from the perspective of catering to the ability of a person with print (or other) disbilities from gaining access to the services in the normal format. It is very important that the electronic services are delivered in a format which is accessible to all persons including persons with disbilities, elderly persons etc. It should be mandatory for the Government to comply with Web Content Accessibility Guidelines (WCAG) and National Informatics Centre (NIC) guidelines for web accessibility. It is also important to ensure accessibility of all documents produced during service delivery by Government agencies.
Linguistic Accessibility
Section 5(2)(b) of the Bill requires the Government to prescribe a framework for all its agencies to ensure web presence or enablement which refers to rendering electronic services in the language chosen by the user. In pursuance of the same, it is important for delivery of services to be available in all national languages of India to begin with in addition to the content being encoded in Unicode font for all languages. It is important to note that there are not many open fonts available for Indian languages. Hence, it must be ensured that the Government allocates sufficient funds to ensure linguistic accessbility of the services delivered, while ensuring implementation of the provisions of the Bill.
Public Scrutiny
In order to ensure transparency of Government services and process of service delivery, it is essential that the Bill incorporates a provision to enable citizens to gain access to information provided by the Government as part of the service delivery process unless disclosing such information would amount to violation of any applicable law. Similarly, provision should be made for making public all RTI applications filed with the Government and responses to them.
Use of Free and Open Source Software
Considering that electronic service delivery by Government agencies is effected through public money, it is important that Governments are urged to use Free and Open Source Software (FOSS) for service delivery. This cuts costs to a great extent and also make the process more transparent and capable of customisation to varied needs of different departments. It is important to insert a provision requiring the Government to use FOSS as far as possible and in the event of any use of proprietary software, the Government should clearly explain the reason for such use, the costs incurred for the same, the additional benefit derived out of its use and other relevant details.
Open Standards
The Bill must stress on use of open standards for all computer resources and service delivery systems by Government agencies. As is the case with FOSS, such use brings down operation costs drastically and makes the service delivery process transparent and available for all to use. Use of ODF formats for documents, HTML for websites, ISA standards for hardware is recommended. It is also useful to ensure compliance with W3C guidelines by the concerned Government departments during implementation of the Bill.
Whistleblower Exception
The Bill does not contain any safeguards to ensure free and fearless disclosure of any wilful violation of the law impacting larger public interest. It is important to include a provision protecting any person exposing any violation of the provisions of the Bill or blowing the cover off any scam or farudulent activity decieving the public committed by service providers under the Bill. Such protection can be given by ensuring that the actions of such whistleblower, to the extent required for the exposure, does not constitute an offence under the provisions of the Bill.
Penalties for Offences
- Chapter 4 of the Bill gives a detailed list of acts constituting an offence under the Act including Section 15 which specifically relates to offences by companies. It is critical to ensure that the punishment and penalities for offences extend not only to citizens and companies but also to Government officials who misuse information they are privy to under the provisions of the Bill. In fact, a separate provision specifically applicable to the various offences which could be committed by Government officials under the Bill can reduce misuse of its provisions by the Government.
- It is to be noted that several provisions listed under Chapter 4 of the Bill covering offences and penalties are a reproduction of the provisions for the same under the Information Technology Act, 2000 (“IT Act”). Such reprodution is unnecessary and acts which are already deemed to be offences and have punishments prescribed for them under the IT Act (or any other legislation for the time being in force in India) need not be covered again in the Bill. This will avoid duplication and confusion in the legislations.
- Section 19(1) of the Bill provides that no alleged offence under the Bill can be tried in a court of law unless the Central Electronic Delivery of Services Commissioner (“Central Commissioner”) or the State Electronic Delivery of Services Commissioner (“State Commissioner”) authorises the same by issuing a complaint in this regard to the relevant court. This provision directly conflicts with a citizen's constitutional right to seek legal redress since it takes away his freedom to approach a court of law for redressal of his grievance without the permission of the Commissioners. It is recommended that the provision be either deleted or suitably modify so that it is not in violation of this constitutional right.
Bottoms up Approach
A decentralised approach should be adopted along the lines of the Panchayati Raj system giving the citizen a greater say in the framework and implementation of service delivery by Government agencies. Implementation can be at the Panchayat and District levels apart from State levels. Citizens must be able to access and update their information. Furthermore, they should be able to define to a certain extent, access control to their information. This will automatically make them eligible or ineligible for various government services.
Charges for service delivery
Section 4 of the Bill authorises the Government to allow service providers to collect charges for electronic service delivery while Section 3(2) provides for the Government to regulate the manner and method of payment of such charges. It is critical to ensure that such charges levied under the provisions of the Bill do not exceed the charges levied by the Government agency for manual delivery of services. Charges for manual service delivery may include charges for photocopy, printing, paper, postage etc., all of which are totally eliminated during service delivery through electronic means. Thus, levying the same charges, let alone greater charges for electronic service delivery is totally unnecessary and places an additional burden on the citizen ultimately defeating the very purpose of the Bill.
Security in payment of charges
Section 3(2) of the Bill provides for the Government to regulate the manner and method of payment of charges for delivery of services.It is important that each transaction that takes place is done securely and without the exposure of an individuals confidential details. There are many ways to structure the transaction of payment of fees to achieve this goal. We reccommend that the SCOSTA smart card structure is used for completing and processing a transaction.
Data Security and Privacy
Section 5(1)(e) of the Bill requires the Government to ensure integrity, security and confidentiality of data collected, preserved and retained. We recommend that in addition to this, the Government also ensures integrity, security and confidentiality of data or information that is transferred, accessed or deleted. We also recommend that the Bill requires the Government to prescribe a framework under Section 5(2) for agency privacy policies to ensure that they are interoperable and consistent between different departments of the Government.
Functions of the Central Commissioner
Section 8 of the Bill grants the Central Commissioner the power to perform any or all of the functions listed in the provision including Section 8(f) which refers to the power of the State Commissioner in conducting the work of the State Government agencies. A Central Government authority may not have a say in all matters under the purview of the State Governments. This aspect has been left out for consideration while drafting this provision and hence it needs to be relooked at.
Cut-off Date for Implementation
While the Bill mandates a cut off period of 180 days for the Government to finalise on the scope, framework and manner of service delivery under its provisions, it states that the Government “may” prescribe a framework for implementation of the provisions. It is recommended, for the purpose of ensuring speedy implementation of the provisions, that the term “may” in Section 5(2) be replaced by “shall”.
Transparency of Government Agencies
Transparency and accountability of the Government towards the citizen is as important as the transparency of the citizen towards the Government. Therefore, the provisions of the Bill must ensure that the Government activities are transparent to the citizens by making available to the citizens, details of the responsible officials under the Bill, manner of service delivery and other relevant information in this regard.

For more details visit https://cis-india.org/internet-governance/blog/draft-electronic-delivery-services

India's untapped potential: Are a billion people losing out because of spectrum?

Shyam Ponappa — 2012-12-14T10:31:43Z

As one of the world’s fastest growing economies and with over 65% of its billion-plus population under 35, India has huge potential. But according to Shyam Ponappa of the Centre for Internet & Society, its spectrum management – the electromagnetic waves that are used from home appliances like microwaves and remote controls, to radios, cell phones, and of course, the internet – could be a huge barrier to the country’s economic and social development.

Until the global economic downturn that began about two years ago, the economic model for spectrum distribution in India and many developing countries was based on the free market. But Ponappa demonstrates in a new report for APC that spectrum is worth treating as a public utility the way we do roads, electricity and other basic infrastructure, which would allow for people in rural areas to access spectrum-dependant services like mobile phones and wifi and increase quality of services for all.

Currently in India, as in most other countries, spectrum is being treated as a property, where “chunks” of spectrum are sold to the mobile phone and telecommunications operators with the highest bid. Commonly there are 3 – 4 operators in a developed country; however, in India there are up to sixteen. The extreme competition has resulted in the Indian bidders paying outrageous fees that they are never able to recuperate. So while the government makes a profit on the sale, this profit comes at a societal cost.

Ponappa proposes pooling spectrum and to have a set of network providers, who in turn serve operators for retail users. This effectively opens up the spectrum and could make costs ten or fifteen times cheaper than they are now.

“It is appropriate to push the concept of open spectrum in developed markets who underwent their development phase some 60 – 100 years ago and put in place basic infrastructure systems. But in countries like India and the Asian sub-continent, it does not make sense to do this because we are not at the same stage of economic development,” Ponappa told APCNews.

“When markets are well structured and organised,” he continues, “[government control] can be less effective and efficient for society as a whole, compared with open competition. However developing economies don’t have the integrated systems in place that advanced economies do. India does not have an adequately developed network of copper, optical fibre or microwaves covering most of its population. And we are at a stage of development at which infrastructure is a fundamental determinant of productivity, as well as of a reasonable quality of life.”

Ponappa argues that in India’s case it would be advisable for governments to work with other stakeholders – corporations, state-owned agencies, and civil society – on a collaborative solution. “It would be much more conducive to a sound economy to have either the government step in and open up the commercial spectrum, or to have two to three main operators (possibly subsidised, but not necessarily) as we do with the provision of utilities,” he says. Yet, the free market mentality continues to reign, and a surfeit of operators is trying to make a profit in the telecommunications wireless sector.

Everybody wants a piece of the pie

In India, every operator is assigned a sliver of spectrum for their exclusive use and the rest is assigned to the government, the public sector and defence.

The result is high-cost infrastructure for operators (setting up networks with multiple sets of more advanced equipment because of the limited spectrum, with the capital constraints resulting in less extensive networks in rural areas) as well as for users (who have to pay for all this equipment).

“Too many operators make for increased capital costs for each operator, and cumulatively for all operators,” Ponappa explains.

And these higher costs are increasingly difficult to recover from consumer-generated revenue, as India undergoes huge price wars. Many operators may eventually go bankrupt. While no consumers ever complain about low costs –and India has some of the world’s lowest mobile rates– they will complain about poor quality and unreliable service. Consequently, consumers may not have to pay much to use mobile services, but they may not always be able to make or receive calls when they need to, and do not have access to broadband.

While most countries have moved on to 3G networks (which has more capacity for a given spectrum band than 2G, meaning better call quality) as many as four of India’s sixteen operators have not even developed their 2G networks. Making the switch to 3G seems like a good idea, but there are substantial costs associated with deploying these more advanced techniques to both operators (for network upgrades) and for end users (in terms of new handsets).

Too much competition in this case has made operators inefficient.

Spectrum as a national common good

If spectrum were treated as if it were a public utility, posits Ponappa, each operator would have access to a bigger chunk of spectrum, and the traffic-handling capacity of each would increase at a lower cost.

“With the current model the capacity of networks is suffering because networks cannot afford to expand or make technical improvements without economic losses. Other infrastructure services such as electricity and water supply are managed by utility companies, which are typically monopolies for a product-segment, or duopolies for purposes of competition. So why not treat spectrum the same way?” suggests Ponappa.

Ponappa suggests treating networks, and spectrum as a part of networks, as we would an oil pipeline, where everyone accesses the same one, and pays a fee for its use.

This would bring more people onto the network and increase revenues, since operating costs would be shared. The more revenue it can generate, the more efficient operators will be, using the same high-capacity circuits. The more revenue the main operators have, the more they could invest in up-to-date technology to extend their networks and provide a better service to clients. The better the technology, the more people could access the internet and other now vital sources of information, as well as focus on broadband and infrastructure to the country’s isolated rural areas, which today have rudimentary communications infrastructure.

India’s rural populations, the lost resource

As a predominantly rural country, lack of basic IT infrastructure means that the largest segment of India’s population has no access to information and communications technologies.

Ponappa grew up on a farm in a rural area some 200 km from Bangalore where even fixed line phone networks were unreliable. “We have multiple telephone lines because we never know which one will work,” he says.

Given India’s massive rural population, this means that there are hundreds of millions of people that are unable to access the internet. Services like quality distance education are not even an option if basic infrastructure such as fixed telephone lines is not in place and the country itself is losing out on the incalculable potential of this untapped human resource.

Download the report here [pdf - 280 kb]

See the report in the APC website

This article was written as part of the APC’s project work on Spectrum for development, an initiative that aims to provide an understanding of spectrum regulation by examining the situation in Africa, Asia and Latin America.

Photo by kiwanja. Used with permission under Creative Content licensing.

For more details visit https://cis-india.org/telecom/blog/untapped-potential

Second Expert Meeting on Human Rights and the Internet

praskrishna — 2011-06-08T10:01:55Z

The second expert meeting on human rights and the Internet is being organised by the Swedish Ministry for Foreign Affairs and the UN Special Rapporteur on Freedom of Opinion and Expression on 30 and 31 March 2011 in Stockholm (Sweden). Anja Kovacs will participate in this meeting.

List of Participants (draft)

Alison LeClaire Christie alison.leclairechristie@international.gc.ca	Minister-Counsellor and Deputy Permanent Representative, Canadian mission to UN in Geneva
Anabella Rivera libert.expresion@gmail.com	Executive Director, DEMOS, Guatemala
Anja Kovacs anja@cis-india.org	Fellow, The Centre for Internet and Society, Bangalore
Anna Nawrot anna.nawrot@rwi.lu.se	Researcher, Raoul Wallenberg Institute of Human Rights, Lund, Sweden
Annie Game agame@cjfe.org	Executive Director, CJFE-IFEX
Anriette Esterhuysen anriette@apc.org	Executive Director, Association for Progressive Communications, South Africa
Arthit Suriyawongkul arthit@gmail.com	Thai Neitzen Network, Centre for Popular Media Reform
Brett Solomon brett@accessnow.org	Executive Director, Access Now
Charlotta Bredberg charlotta.bredberg@sida.se	Thematic Coordinator for Democracy, Human Rights, Peace and Security, Global Programme Unit, Department for Global Cooperation, Sida
Cynthia Wong cynthia@cdt.org	Director, Project on Global Internet Freedom, Center for Democracy and Technology, Washington DC
Daniel Westman Daniel.Westman@juridicum.su.se	Researcher and Teacher, Faculty of Law, Stockholm University
Danny Aerts danny.aerts@iis.se	CEO, The Internet Infrastructure Foundation (.SE)
David Mothander davidmothander@google.com	Nordic Policy Counsel, Google, Stockholm
Dunja Mijatovic pm-fom@osce.org	OSCE Representative on Freedom of the Media
Eduardo Bertoni eberto2@palermo.edu	Director, Center for Studies on Freedom of Expression and Access to Information, Palermo University School of Law, Argentina
Eric King eric@privacy.org	Human Rights and Technology Advisor, Privacy International
Grace Githaiga ggithaiga@hotmail.com	Kenya ICT Action Network (KICTANET)
Guy Berger G.Berger@ru.ac.za	Professor, School of Journalism & Media Studies, Rhodes University, South Africa
Helena Bjuremalm helena.bjuremalm@sida.se	Senior Policy Specialist, Democracy Assistance, Sida
Hossam Bahgat Hossam@eipr.org	Executive Director, Egyptian Initiative for Personal Rights, Cairo
Jan Kleijssen jan.kleijssen@coe.int	Director, Directorate General of Human Rights and Legal Affairs, Council of Europe
Jean-Luc Delvert Jean-luc.DELVERT@diplomatie.gouv.fr	Counsellor, Human Rights Division, Ministry for Foreign Affairs, France
Jean-Pierre Kempeneers, jem.kempeneers@minbuza.nl	Head of the Human Rights Division, Ministry of Foreign Affairs, The Netherlands
Jermyn P Brooks jermynbrooks@aol.com	Chair, Global Network Initiative
Joana Varon joana@varonferraz.com	Researcher, Centre for Technology and Society, Rio De Janeiro
Joe McNamee joe@mcnamee.eu	EU Advocacy Coordinator, European Digital Rights Initiative
Joy Liddicoat joy@liddicoatlaw.co.nz	Project Coordinator, Internet Rights are Human Rights, APC, South Africa
Kurt Erik Lindqvist kurtis@netnod.se	CEO, NETNOD, Stockholm
Lee Hibbard Lee.HIBBARD@coe.int	Coordinator for Internet Governance and Information Society, Council of Europe
Lisa Horner LisaH@global-partners.co.uk	Head of Research & Policy, Global Dialogue, London
Lise Bergh lise.bergh@amnesty.se	Director, Amnesty International, Swedish Section
Louise Bermsjö louise.bermsjo@sida.se	Programme Manager for Democracy and Human Rights, Global Programme Unit, Department for Global Cooperation, Sida
Lucille Morillon internet@rsf.org	Head, Bureau of New Media, Reporters sans frontières
Maciej TOMASZEWSKI maciej.tomaszewski@ec.europa.eu	European Commission DG INFSO, Unit A3 Internet; Network & Information Security
Maria Häll maria.hall@enterprise.ministry.se	Deputy Director, Division for Information Technology Policy, Ministry of Enterprise, Energy and Communications, Sweden
Mats Ringborg mats.ringborg@foreign.ministry.se	Ambassador of Sweden to OECD and UNESCO
Matthew Barzun BarzunMW@state.gov	US Ambassador to Sweden
Michael Camilleri MCamilleri@oas.org	Attorney, office of the Special Rapporteur for Freedom of Expression, OAS
Nicklas Lundblad nlundblad@google.com	Senior Policy Counsel, Public Policy and Government Affairs, Google
Nicole Gregory nicole.gregory@fco.gov.uk	Head of Human Rights Section, Human Rights and Democracy Department, Foreign and Commonwealth Office, UK
Orest Nowosad onowosad@ohchr.org	Director, Special Procedures of the Office of the UN High Commissioner for Human Rights
Patrik Fältström patrik@frobbit.se	Distinguished Consulting Engineer, Cisco
Patrik Hiselius Patrik.Hiselius@teliasonera.com	Senior Advisor, Public Affairs, Group Communications, Telia Sonera
Paula Uimonen paula@spidercenter.org	Director, The Swedish Program for ICT in Developing Regions, Stockholm
Richard Allan, ric@fb.com	Director of Policy in Europe, Facebook
Richard Esguerra gwen@eff.org	Senior Activist, Global Internet Freedom Policy, Electronic Frontier Foundation
Robert Guerra guerra@freedomhouse.org	Project Director, Internet Freedom, Freedom House
Robert Hårdh Robert.Hardh@civilrightsdefenders.org	Executive Director, Civil Rights Defenders, Stockholm
Sally Elkhodary sally.khodary@anhri.net	Programs Director, The Arabic Network for Human Rights Information, Cairo
Sarah Labowitz LabowitzSB@state.gov	Office of the Coordinator for Cyber Issues, US State Dept
Staffan Jonson staffan.jonson@iis.se	Policy Adviser, The Internet Infrastructure Foundation (.SE)
Sylvie Coudray s.coudray@unesco.org	Division for Freedom of Expression, Democracy and Peace, UNESCO
Thomas Hajnoczi, Thomas.HAJNOCZI@bmeia.gv.at	Ambassador, Permanent Representative of Austria to Council of Europe
Toby Mendel toby@law-democracy.org	Executive Director, Centre for Law and Democracy
Vilhelm Konnander vilhelm.konnander@gmail.com	Global Voices
Wolfgang Benedek wolfgang.benedek@uni-graz.at	Professor, Faculty of Law, Graz University, Austria
Yaman Akdeniz yaman.akdeniz@bilgi.edu.tr Ženet Mujić zenet.mujic@osce.org	Associate Professor of Law, Faculty of Law, Istanbul Bilgi University Senior Adviser, office of the OSCE Representative on Freedom of the Media

Organisers

Frank la Rue Co-Chair of the meeting libert.expresion@gmail.com	UN Special Rapporteur on Freedom of Opinion and Expression
Olof Ehrenkrona Co-Chair of the meeting olof.ehrenkrona@foreign.ministry.se	Ambassador, Political Adviser to Foreign Minister Carl Bildt, MFA, Sweden
Per Sjögren per.sjogren@foreign.ministry.se	Head, Dept of International Law, Human Rights and Treaty Law, MFA, Sweden
Hans Dahlgren hans.dahlgren@foreign.ministry.se	Ambassador for Human Rights, MFA, Sweden
Måns Molander mans.molander@foreign.ministry.se	Head of Human Rights Section, MFA, Sweden
Johan Hallenborg johan.hallenborg@foreign.ministry.se	Special Adviser, HR Section, MFA, Sweden
Maria Koliopanou maria.koliopanou@foreign.ministry.se	Assistant, HR Section, MFA, Sweden
Karin Keil Pettersson karin.keil-pettersson@foreign.ministry.se	Assistant, HR Section, MFA, Sweden
Pauline Etemad pauline.etemad@foreign.ministry.se	Intern, HR Section, MFA Sweden
Rolf Ring rolf.ring@rwi.lu.se	Deputy Director, Raoul Wallenberg Institute of Human Rights and Humanitarian Law, Lund, Sweden
Gordana Jankovic Gordana.Jankovic@osf-eu.org	Director, Open Society Foundation Media Program
Vera Franz vfranz@osf-eu.org	Senior Program Manager, Information Program, Open Society Foundations
Stewart Chisholm Stewart.Chisholm@osf-eu.org	Senior Manager for Freedom of Expression, Open Society Media Program

For more details visit https://cis-india.org/notices/second-expert-meeting

India Should Watch Its Internet Watchmen

praskrishna — 2011-05-06T05:08:05Z

The month after terrorists attacked Mumbai in 2008, India's government initiated legislation enabling it to eavesdrop on electronic communication and block websites on grounds of national security. There was no public debate before the bill in question was introduced, and hardly any debate inside parliament itself before it passed in 2009. In the law, there were no guidelines about the extent to which an individual's right to privacy would be breached. And there was certainly no mention, and therefore, reassurance, that due process would be followed when it came to restricting access to websites. This article by Rahul Bhatia was published in the Wall Street Journal on March 28, 2011.

It's taken about two years for the first signs of misuse to show up. And there may be many more, as the government uses vague discretion instead of firm rules to police India's Internet. Various groups can exploit these discretionary powers to their own ends.

Earlier this month, the Indian Computer Emergency Response Team (CERT-In), the body appointed by the government to protect India's information infrastructure, blocked a text-message provider that sends out advertisements in bulk over mobile phone. It also blocked Typepad.com, a publishing platform used frequently by bloggers. Both restrictions have now been lifted.

Most contentiously, a Delhi court ordered CERT-In to block access to Zone-H.org, an Italian security giant that acts as a repository of hacked websites—that is, it collects screen grabs of sites that are infiltrated, which later proves valuable for studying the cyber crime in question. A representative of this website accused an Indian cyber security firm, E2 Labs, of using Zone-H's logo and images to promote its own cyber security school courses. E2 Labs dragged Zone-H to court in 2009 and, on grounds of defamation, had Zone-H's website blocked. What muddies the waters is that E2 Labs claims to work for the government.

Nobody knows what threat, if any, these websites posed to national security. Users who tried accessing them simply received a one-line message from their service providers that the sites had been blocked due to "instructions from the Department of Telecom." That message later disappeared, replaced by the standard error message: "Page Not Found."

Many bloggers immediately started comparing this case to the situation they found themselves in 2006, when the government banned Blogspot.com right after Mumbai's suburban train system was hit by bomb blasts. The Department of Telecom then did not offer an official reason, leaving people guessing that this was some kind of response to that terrorist attack.

That's happening again. The guidelines under which CERT-In operates say that all information related to website blocking is classified. Moreover, its mandate does not include communicating with the public. Which is why everyone is in the dark. Nobody even knows how widespread the blockade is. There's no hint of the process involved. There's no course for redress for those who own the affected sites.

Inquiries from journalists about the Department of Telecom's method of functioning have gone unanswered. When cornered by the press this month, India's Information Technology minister Kapil Sibal, who oversees this department, passed responsibility to the ministry of home affairs, which manages the nation's internal security.

Perhaps there are legitimate reasons for blocking these websites. India has faced its share of terrorist attacks that have, in the last decade, begun to affect the country's urban centers. Terrorists have gotten more sophisticated. The 2008 Mumbai assault especially put pressure on security personnel to be electronically vigilant, because the terrorists used satellite phones and internet technology to communicate. Since then, the government has ramped up its scrutiny of the Internet, including getting into a high-profile dispute last year with Blackberry-maker Research in Motion. Blogs are fair game, too, seeing as how terrorist groups have been known to use them for recruiting and communication. But if there are good reasons this time for blocking the sites in question, they're unknown and unexplained.

That lack of explanation is cause for alarm. First, there's the impact on businesses. Intermediary guidelines proposed by the Department of Information Technology put the onus on service providers to remove any material that, in addition to endangering national security, "causes inconvenience or annoyance," is "grossly offensive or menacing in nature," or "belongs to another person." These open-ended guidelines mean service providers have to spend a good chunk of their time dealing with government officials to determine, say, what is offensive.

The larger impact is on the rule of law. The clumsiness with which New Delhi has blocked these sites undermines any legitimacy the laws have. Lawyers I've spoken with already say that the guidelines, which are open to wide interpretation, violate the country's constitution.

This legal debacle has implications beyond any immediate security concerns. Despite being a democracy with a vigorous free press, India can't afford to take freedom of speech for granted. The concern here is that a statute intended to protect the country from terrorism may also give new legal cover to people trying to restrict speech for other reasons.

Already, thanks in part to the lack of political support for free speech, varied groups hijack cracks or loopholes in the legal framework to their populist ends. For instance, a colonial-era law against religious insults was used in 2007 to appease Hindu nationalists who wanted the government to punish Muslim painter M.F. Hussain for depicting "Mother India" in the nude. That case suggests that the new ill-considered and badly implemented rules for online policing could be exploited by political or business interests.

India undoubtedly faces a serious terrorism problem. But New Delhi needs to defend itself through laws that don't end up impinging on free speech in damaging, undemocratic ways.

Mr. Bhatia is a writer with Open Magazine in Mumbai.

Read the original story here

For more details visit https://cis-india.org/news/internet-watchmen