Centre for Internet and Society

Privacy and Surveillance Talk by Sunil Abraham

praskrishna — 2013-09-13T09:47:09Z

For more details visit https://cis-india.org/internet-governance/blog/privacy-surveillance.pdf

Privacy and Surveillance in India

praskrishna — 2013-09-13T09:49:25Z

Sunil Abraham, Executive Director from the Centre for Internet and Society will give a talk on privacy and surveillance in India at this event organised by the Centre for Culture, Media and Governance, Jamia Millia Islamia on September 18, 2013. The talk will be held at Network Governance Lab, CCMG, Jamia Millia Islamia in New Delhi at 11.30 a.m.

Click to read the brochure

Abstract

The talk will cover the development of privacy policy in India over the last 3 years, particularly in relation to projects such as NATGRID, CMS and UID. Special attention will be paid to the Justice A.P. Shah committee report, the last leak of the privacy bill from the DoPT and also the citizen draft of the privacy bill developed by the Centre for Internet and Society. International experiences such as Snowden's disclosures and the development of communication surveillance principles developed by EFF and others will be compared and contrasted with the Indian context.

About the Speaker

Sunil is the executive director of the Centre for Internet and Society (CIS), Bangalore. CIS is a 4 year old policy and academic research organisation that focuses on accessibility by the disabled, intellectual property rights policy reform, openness [Free/Open Source Software, Open Standards, Open Content, Open Access and Open Educational Resources], internet governance, telecom, digital natives and digital humanities.

He is also the founder of Mahiti, a social enterprise aiming to reduce the cost and complexity of information and communication technology for the voluntary sector by using free software. Sunil continues to serve on the board of Mahiti. He is an Ashoka fellow and was elected for a Sarai FLOSS Fellowship. For three years, Sunil also managed the International Open Source Network, a project of United Nations Development Programme's Asia-Pacific Development Information Programme, serving 42 countries in the Asia-Pacific region.

Sunil currently serves on the advisory boards of Open Society Foundations - Information Programme, Mahiti, Samvada and International Centre for Free/Open Source Software.

For more details visit https://cis-india.org/news/jamia-millia-islamia-new-delhi-september-18-2013-privacy-and-surveillance-in-india

Privacy and Security Implications of Public Wi-Fi - A Case Study

praskrishna — 2016-12-09T14:01:44Z

For more details visit https://cis-india.org/internet-governance/files/privacy-and-security-implications-of-public-wi-fi-a-case-study

Privacy and Security Implications of Public Wi-Fi - A Case Study

vanya — 2016-12-12T12:29:49Z

Today internet is an essential necessity in everyday work and recognizing its vital role, governments across the world including the Indian government, are giving access to public Wi-Fi. However, use of public Wi-Fi brings along with it certain privacy and security risks. This research paper analyses some of these concerns, along with the privacy policies of key ISPs in India providing public Wi-Fi service in Bangalore-namely D-VoIS and Tata Docomo, as a case study to provide suitable recommendations.

Download (PDF)

1. Introduction

2. Global Scenario

3. Overview of Public Wi-Fi in India

4. Indian Policy and Legal Conundrum

5. Public Wi-Fi and Privacy Concerns

5.1. Data Theft

5.2. Tracking an Individual

5.3. Makes the Electronic Devices Prone to Hacking and Setting up Fake Networks

5.4. Illegal Use of Data

6. Ranking Digital Rights Project

6.1. D-VoIS, Bangalore

6.2. Tata Docomo, Bangalore

7. Compliance of Privacy Policies with Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

8. Conclusion and Recommendations

8.1. Commitment

8.2. Freedom of Expression

8.3. Privacy

1. Introduction

Recognizing internet as a critical tool for day-to-day work and facilitating increased access to it in the past few years,^[1] the Indian Government as well as Governments across the world have rolled out plans for offering public Wi-Fi. However, privacy risks of using public Wi-Fi have also been flagged across jurisdictions, which will be discussed in this paper. Apart from highlighting key privacy concerns associated with the use of free public Wi-Fi, this case study aims to analyse the privacy policies of two of the Internet Service Providers in India-namely Tata Docomo^[2] and D-VoiS^[3], which offer public Wi-Fi services in Bangalore city against the indicators listed under the Ranking Digital Rights project^[4], as well as the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011^[5]. Based on this analysis, this paper shall list key recommendations to these ISPs to ensure sound privacy policies and practices with a view to have a balanced framework and ecosystem in light of key privacy considerations, especially in light of public Wi-Fi.

2. Global Scenario

Security and privacy concerns around the use of free and public Wi-Fi have been raised in India^[6] as well as across the globe. In various cities like Bangalore, Delhi, Hyderabad, New York, London, Paris, etc., privacy experts have raised concerns over the public Wi-Fi systems at metro stations, malls, payphones and other such public places.^[7]

For many years, New York City has been in the process of developing a “free” public Wi-Fi project called LinkNYC^[8] to bring wireless Internet access to the residents of the city. However, privacy concerns have been raised by the users and privacy advocates like the New York Civil Liberties Union, where the latter also issued a letter to the Mayor's office regarding this^[9] as the collection of potentially sensitive personal, locational and behavioral data, without adequate safeguards could result in sharing of such data without the data subject’s consent or knowledge. For example, one of the concerns raised has been regarding retention of user's data by CityBridge, the company behind the LinkNYC kiosks, often indefinitely, for building a massive database which carries a risk of security breaches and unwarranted surveillance by the police. ^[10] Also, users are concerned that their internet browsing history may reveal sensitive information about their political views, religious affiliations or medical issues^[11], since registration is required to use LinkNYC by submitting their email addresses and by agreeing to allow CityBridge to collect information about the websites they visit, the duration for which they linger on certain information on a webpage and the links they click on. On the contrary, the privacy policy of CityBridge states that this massive amount of personally identifiable user information would be cleared only if there have been 12 months of user inactivity, raising an alarm in light of privacy concerns.^[12]

In the year 2015, the Information Commissioner’s Office (ICO) conducted a review of public Wi-Fi services on a UK high street, where it was found that the Wi-Fi networks requested for varying levels of personal data, which was also processed for marketing purposes. The results highlighted that while some networks did not request any personal data, others asked for varying amounts, including information regarding name, postal and email address, mobile number, gender, as well as asking for a date of birth as a mandatory requirement (except for gender). During the sign-up process, though some Wi-Fi networks provided users with the choice to opt-in or opt-out for receiving electronic newsletters and updates, others offered no choice at all.^[13] As a result of the review process, the ICO notified Wi-Fi network providers that it had reviewed and advised them of improvements that they could make to their service and issued guidance^[14] regarding the dangers of using public Wi-Fi^[15]. ICO also recommended users to take time to read all the information given by providers of Wi-Fi services before connecting.

In 2006, the European Data Retention Directive 2006/24/EC^[16] was introduced for the retention of communications data by providers of public electronic communications services for national security. The Directive provides an obligation for providers of publicly available electronic communications services and public communications networks to retain traffic and location data for the purpose of the investigation, detection, and prosecution of serious crime.^[17] Also, the Data Retention (EC Directive) Regulations 2009^[18] were introduced to implement the Directive in the UK. However, this was challenged on grounds of insufficient safeguards for the privacy rights of individuals, given the substantial interference which it facilitated with those rights.^[19]

To ensure protection of user’s data and information, the Data Protection Act 1998^[20] in UK obliges businesses retaining people’s data to comply with the law, which involves informing people about what data is being collected and ensure that the data is stored securely.^[21] . Therefore, in case of ISP’s providing public Wi-Fi service, this would relate to the information people provide when they log on, such as their email address. Under the Act, the data protection principles must be complied with by the data controllers and it needs to be ensured that the information is used fairly and lawfully, for limited and stated purposes, used in a way that is adequate, relevant and not excessive, kept for no longer than is absolutely necessary, handled according to people’s data protection rights, kept safe and secure and not transferred outside the European Economic Area without adequate protection.^[22] This would soon be updated and synced with the European Union’s General Data Protection Directive (GDPR).

3. Overview of Public Wi-Fi in India

In India, the public Wi-Fi in some cases has been offered free for a limited duration, in several cities across the country. For example, in 2014, Bangalore became the first city in the country to establish free public Wi-Fi- Namma Wi-Fi (802.11N) to make Bangalore a smart and connected city. The service is offered at MG Road, Brigade Road and four other locations in Bangalore including Traffic and Transit Management Centres (TTMCs) at Shanthinagar, Yeshwanthpur, Koramangala and CMH Road in Indiranagar.^[23] The internet and Wi-Fi service provider for Namma Wi-Fi is D-VoiS Broadband Ltd,a city-based firm.^[24] However, it seems the State Government plans to pull the plug on the project, funds, lack of awareness and difficulty in access as key constraints.^[25] Tata Docomo has inked an agreement with GMR Airports to offer Wi-Fi services at several International Airports in the country, including the Bangalore International Airport. It offers access to access free Wi-Fi service for 45 minutes, following which they users are required to pay for the service online, to continue using the Wi-Fi service.^[26]

Delhi has also introduced free Wi-Fi at its premier shopping hubs of Connaught Place and Khan Market in the year 2014, and BSNL launched a free WiFi service at Karnataka’s Malpe beach in the year 2016 making it the first WiFi beach in the three coastal districts of the state.^[27] The State Governments of Mumbai, Kolkata, Patna and Ahmedabad also offer free Wi-Fi services in limited areas.^[28] As part of the flagship programme by Indian Government, Digital India, the Government announced the rollout of Wi-Fi services by June 2015 at select public places in 25 Indian cities with population of over 10 lakh and tourist destinations by December 2015.^[29] Also, the Government has plans to digitise India by rolling out free Wi-Fi in 2500 towns and cities over a span of 3 years.^[30] Google plans to deploy WiFi at 100 railway stations in partnership with Railtel. Under this scheme, Mumbai Central was the first station to get free Wi-Fi in the year 2016.^[31] Also, Google's Project Loon aims to provide internet connectivity in remote and rural areas in India, which is currently being tested in other countries.^[32].

4. Indian Policy and Legal Conundrum

In light of national security concerns around the misuse of public Wi-Fi, the Department of Telecommunication, GoI, published a regulation^[33] dated February 2009, defining procedures for the establishment and use of public Wi-Fi to prevent misuse of public Wi-Fi and to be able to track the perpetrator in case of abuse. Indeed, the DOT has stated that “Insecure Wi-Fi networks are capable of being misused without any trail of user at later date”.^[34]

As per the 2009 Regulations, DoT has instructed ISPs to enforce centralized authentication using Login ID and Password for each user to ensure that the identity of the user can be traced.^[35] Regarding Wi-Fi services provided at public places, the Regulations state that bulk login IDs shall be created for controlled distribution, with authentication done at a centralized server. The subscribers are required to use public Wi-Fi by registering with temporary user ID and password, in the following methods:

Obtaining copy of photo identity of the subscriber, to be maintained by Licensee for one year; or
Providing details of user ID and password via SMS on subscriber's mobile phone , to be used as his/her identity by keeping the mobile number for one year.

Additionally, the data protection regime in India is governed by section 43A of the Information Technology Act, 2000 and the Rules^[36] notified under it. It obliges corporate bodies which possess, deal or handle any sensitive personal data to implement and maintain reasonable security practices, failing which they would be held liable to compensate those affected by any negligence attributable to this failure. The said Rules also define requirements and safeguards that every Body Corporate is legally required to incorporate into the company's privacy policy. The Rules put restrictions on body corporates on collecting sensitive personal information, and also states that it must obtain prior consent from the “provider of information” regarding “purpose, means and modes of use of the information, along with limiting disclosure of such information.^[37] Most of the ISPs in India being a private company, like D-VoiS and Tata Docomo, are obliged to comply with these provisions. Also, under the model License Agreement for Unified License^[38] by Ministry of Communication & IT, Department of Telecommunications, Government of India, where the Unified Access License Framework allows for a single license for multiple services such as telecom, the internet and television and provides certain security guidelines, privacy of communications is to be maintained by the Licensee (the ISPs in this case) and network security practices and audits are mandated along with penalties for contravention in addition to what is prescribed under the Information Technology Act,2000. It also provides for ensuring unauthorized interception of messages does not take place. Therefore, the ISPs providing public Wi-Fi services in various cities across India would be governed by the data protection regime and could be held liable under these provisions in case of non-compliance with the security measures so stated.

In July 2016, the Telecom Regulatory Authority of India (hereinafter referred as “TRAI”) floated a Consultation paper on Proliferation of Broadband through Public Wi-Fi Networks^[39] with an objective to examine the need of encouraging public Wi-Fi networks in the country from a public policy point of view and discuss the issues as well as solutions in its proliferation. The paper recognises the fact that India is still in a green field deployment phase in terms of adoption of public Wi-Fi services and requires solutions for resolving the challenges and risks being faced in the process and lay a strong foundation to evolve towards a meaningful position in the advancement of initiatives related to Internet of Things, Smart Cities, etc.^[40] This is an important step towards fulfilment of the Digital India scheme of the Indian Government to ensure better connectivity. In the paper, TRAI has advocated development of a payment platform which allows easy access to Wi-Fi services across internet service providers (ISPs) and through any payment instrument.^[41] Besides that, the paper raises issues of various regulatory, licensing or policy measures required to encourage ubiquitous city-wide Wi-Fi networks as well as expansion of Wi-Fi networks in remote or rural areas, along with the issue of encouraging interoperability between the Wi-Fi networks of different service providers, both within the country and internationally, as well as between cellular and Wi-Fi networks.^[42]

5. Public Wi-Fi and Privacy Concerns

Since proliferation of public Wi-Fi in India is happening at a moderate pace, the paper discusses key issues towards this, one of them being the logistics of deploying this service. This section briefly states and acknowledges privacy and security concerns as an important factor that may be posing issues in the adoption of public Wi-Fi services in the country. Since there have been numerous cases of security vulnerabilities in public Wi-Fi networks worldwide, security of networks and cyber crimes is a key issue for consideration.^[43]

Deployment of public wireless access points has made it more convenient for people to access the Internet outside of their offices or homes. Despite advantages like ease of accessibility, connectivity and convenience, public Wi-Fi connection pose serious concerns as well. “The proliferation of public Wi-Fi is one of the biggest threats to consumer data”, says David Kennedy, founder of TrustedSec, a specialised information security consulting company based in the United States of America.^[44] Also, the networks become an easier target with little public awareness about the existence of such threats wherein users expose valuable personal data over Wi-Fi hotspots. The recently released Norton Cyber Security Report 2016^[45] shows how the benefit of constant connectivity is often outweighed by consumer complacency, leaving consumers and their Wi-Fi networks at risk. For the purpose of this report, Norton surveyed 20,000 people (over a 1,000 from India ) which reflects that though users in India may be increasingly becoming aware of the cyber threats they face due to use of public Wi-Fi, they don’t fully understand the accompanying risks and their online behaviour is often contradictory.^[46] Also, it is important to consider that the services which claim to be free, actually generate revenue by advertisements, where the model works by providing free access to internet in exchange for user's’ personal and behavioral data, which is subsequently used to target ads to them.^[47]

Some of the privacy harms stemming from use of public Wi-Fi are listed below.

5.1. Data Theft

With hackers finding it easy to access personal information of the data subjects, data can be hijacked by unauthorized internet access by spoofing the MAC and IP addresses of the authenticated user’s device or by use of default settings (saved passwords or IPs).^[48] The following kinds of data is at a risk of being stolen and further misused:

demographic and locational data^[49]
forms of personal information acting as identifiers like financial information, social and personal information^[50]
private information like passwords to social networking sites, email accounts and banking websites^[51]
historical data from the devices^[52]

5.2. Tracking an Individual

Like cell phones, Wi-Fi devices have unique identifiers that can be used for tracking purposes which can cause potential security issues. Tracking by using a Wi-Fi hotspot can also lead to third party harms like stalking.^[53] To receive or use a service, often websites require the user to share their personal information such as name, age, ZIP code, or personal preferences, which is many times shared with advertisers and other third parties, without the knowledge or consent of the users.^[54]

5.3. Makes the Electronic Devices Prone to Hacking and Setting up Fake Networks

A recent experiment conducted by the chief scientist at mobile security firm Appknox at the Bengaluru International Airport, India, found that the wireless devices could be easily hacked over the airport’s free Wi-Fi network due to the easily exploitable security holes in the software made by Apple, Google, and Microsoft.^[55] A similar experiment was backed by the European law enforcement agency, Europol, where a mobile hotspot was created in central London^[56] and the hacker was able to gain access to passwords, apps, and even credit card and banking information with ease.^[57] Lack of secure softwares and prevalence of open, unprotected Wi-Fi has made it fairly easy for hackers to set up fake twin access points that give them access to data histories and personal information.^[58] This makes is easy to track data histories of users. Even if certain softwares use encryption codes, a simple decryption software can be used to obtain the information.^[59]

5.4. Illegal Use of Data

By authorities: the authorities have easier access to people’s browsing details and habits, and with justification in the name of national security, could be used to monitor the people without their consent.^[60]

Wi-Fi provider: can sell the user’s demographic and location information. ^[61] Also, it was revealed in a study that the personal information of users is often transmitted by service providers without encryption. Anyone along the path between the user and the service’s data center can then intercept this information, opening users to grave privacy and security risks.^[62]

By hackers: steal information and hack into unsuspecting victim’s bank accounts and misuse corporate financial information and secrets^[63]

6. Ranking Digital Rights Project

The "Ranking Digital Rights" project, an ongoing international non-profit research initiative, aims to promote greater respect for freedom of expression and privacy by focusing on the policies and practices of companies in the information communications technology (ICT) sector^[64], rank such companies in this light, and undertake research to develop the ranking methodology.^[65]

In November 2015, the Ranking Digital Rights project launched the Corporate Accountability Index. Since several actors like the Internet and telecommunications companies, software producers, and device and networking equipment manufacturers exert growing influence over the political and civil lives of people all over the world, it is important to state that these organisations share a responsibility to respect human rights. For this purpose, 16 Internet and telecommunications companies were evaluated according to 31 indicators, which focused on corporate disclosure of policies and practices that affect users’ freedom of expression and privacy.^[66]

The data produced by the index can help companies improve their policies, practices and help them identify challenges faced by companies in meeting their corporate obligations to respect human rights like Freedom of Expression and Privacy in the digital space.^[67] Some of the key corporate practices which affect these rights are :

How companies handle government requests to hand over user data or restrict content;
How companies enforce their own terms of service;
What information companies collect about users and how long they retain it; and
To whom they share or sell user information.^[68]

The 2015 Corporate Accountability Index assesses transparency levels of the World’s most powerful Internet and telecommunications companies regarding their commitments, policies and practices that affect users’ freedom of expression and privacy and evaluates what companies share about these practices and offers recommendations for improvement. The methodology adopted relies on publicly available information so that advocates, researchers, journalists, policy makers, investors, and users can understand the extent to which different companies respect freedom of expression and privacy, and make appropriate policy, investment, and advocacy decisions. Also, public disclosures would enable researchers and journalists to investigate and verify the accuracy of company statements.^[69]

For the purpose of this research, we would apply this index and the indicators to the internet service provider of public Wi-Fi in Bangalore-D-VoiS Ltd. and Tata Docomo to understand how comprehensive their privacy policies are when compared to global standards and make informed recommendations. Analysing policies against the index can help these companies identify best practices, as well as the obstacles they face in meeting their corporate obligations to respect human rights in the very digital spheres they helped to create.^[70] The information has been gathered and analysed on the basis of publicly available information, and this can help companies empower users to make informed decisions about how they use technology, which would help build trust between users and companies in the long run.^[71]

6.1. D-VoIS^[72], Bangalore

For the purpose of this case study, the Privacy Policies of D-VoIS have been analysed on the basis of the Corporate Accountability index, and the answers can be accessed in Annex 1.

Summary

On the basis of the indicators and the information available, it can be ascertained that:

The Company has a freely available and understandable Privacy Policy and Terms of Use, though only in the English language.

The company does not commit to notify users in case of changes in the privacy policy of the company.

The company states circumstances in which it would restrict use of its services, along with reasons for content restriction.

The Company commits to the principle of data minimization, discloses circumstances when it shares information with third parties, and provides users with options to control the company’s collection and sharing of their information

Deploys industry standards for security of products and services.

Analysis

Commitment: D-VoIS fares low on Commitment since it has made no overarching public commitments to protect users’ freedom of expression or privacy in a manner that meets the Index’s criteria. The Company lacks adequate top-level policy commitments to users’ freedom of expression and privacy, establishing executive and management oversight over these issues, creating a process for human rights impact assessment, and lacks stakeholder engagement and a grievance mechanism.

Freedom of Expression: The Company also fares low on Freedom of Expression as the terms of services, though easily available, are only in English language. Also, it does not commit to notify users about changes to the terms of service. While the company discloses what content and activities it prohibits , it provides no information about how the company notifies these restrictions to the users.

Regarding transparency about content restriction requests, since the Indian law prevents the company from disclosing government requests for content removal^[73], but it does not prevent the company from publishing more information about private requests for content restriction. D-VoIS does not provide any information with respect to this.

Privacy: D-VoIS is required by law to have a privacy policy available on its website, this policy is available in English, but not in other languages spoken in India. Also, D-VoIS does not disclose what user information is collected, how and why, nor does it offer users meaningful access to their information. D-VoIS does not disclose any information regarding retention of user information, and the company could improve its disclosures about what user information it collects and how long it is retained.

Though the company discloses information about its security practices, it does not disclose any information regarding its efforts to educate users about security threats. It also does not disclose information regarding requests by non-governmental entities for user data.

6.2. Tata Docomo^[74], Bangalore

The Privacy Policy and Terms & Conditions of Tata Docomo have been analysed on the basis of the Corporate Accountability index, and the answers can be accessed in Annex 2.

Summary

On the basis of the indicators and the information available, it can be ascertained that:

The Company has a freely available and understandable Data Privacy Policy and Terms of Use, though only in English language.

The Company has established electronic and administrative safeguards designed to secure the information collected to prevent unauthorized access to or disclosure of that information and to ensure it is used appropriately.

The company states circumstances in which it would restrict use of its services, along with reasons for content restriction. The company’s disclosed policies and practices demonstrate how it works to avoid contributing to actions that may interfere with the right to freedom of expression, except where such actions are lawful, proportionate and for a justifiable purpose.

The Company clearly states the kind of information collected, ways of collection and the reasons for collection as well as sharing.

Deploys industry standards for security of products and services

Analysis

Commitment: Tata Docomo fares low on Commitment since it has made no overarching public commitments to protect users’ freedom of expression or privacy in a manner that meets the Index’s criteria. Though the Company has established electronic and administrative safeguards designed to secure the information collected, it lacks adequate top-level policy commitments to users’ freedom of expression and privacy, establishing executive and management oversight over these issues, creating a process for human rights impact assessment, and lack of stakeholder engagement.

Freedom of Expression: The Company fares low on Freedom of Expression as the terms of services, though easily available, are only in English language. Also, it does not commit to notify users about changes to the terms of service. While the company discloses what content and activities it prohibits , it provides no information about how the company notifies these restrictions to the users.

Regarding transparency about content restriction requests, since the Indian law prevents the company from disclosing government requests for content removal, it does not prevent the company from publishing more information about private requests for content restriction. Tata Docomo does not provide any information with respect to that.

Privacy: Tata Docomo is required by law to have a privacy policy available on its website, this policy is available in English, but not in other languages spoken in India. No information is publically available regarding users option to control company's collection of information. Tata Docomo discloses that user information shall be retained as long as required and does not mention a specific duration for the same. Though the company discloses information about its security practices, it does not disclose any information regarding its efforts to educate users about security threats. It also does not disclose information regarding requests by non-governmental entities for user data.

7. Compliance of Privacy Policies with Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

The Privacy Policy and Terms & Conditions of D-VoIS and Tata Docomo have been analysed on the basis of the security measures and procedures stated under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 to ascertain how sound and compliant the framework is with the existing data protection regime in India. The comparison can be accessed in Annex 3.

Comparing the requirements listed under the Rules with the policies of both the companies, it can be said that though the websites of both companies provide privacy policies and are easily accessible, they lack crucial information regarding consent of the user before collection as well as sharing of information. Also, though the policies state the purpose of sharing such data with third parties, it does not state the purpose of collection of the information. The policies are also silent regarding the requirements to be complied with before transferring personal data into another jurisdiction . There is also no information about the companies having a grievance officer. Additionally, though the terms of services of D-VoIS state that the customer may choose to restrict the collection or use of their personal information, both companies do not specifically provide for an opt out mechanism to its users.

8. Conclusion and Recommendations

To allay the numerous concerns regarding privacy and security with respect to public Wi-Fi’s, the ISPs must have a sound Privacy Policy in place. For this purpose, adherence to the indicators as listed under the Corporate Accountability Index, along with requirements for security of personal information stated under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 and improving the policies accordingly shall greatly contribute to protection of Freedom of Expression and ensure Privacy of user information. Ensuring compliance with the existing data protection regime in the country becomes more important in light of the growing privacy and security concerns due to proliferation of free and public Wi-Fi service in India. Adequate measures like acquiring consent for collection and sharing of user data, commitment by company executives to ensure protection of rights of individuals, adoption of security standards, creating awareness about security concerns, etc. by such corporate must be considered to ensure protection of personal information and reduce the likelihood of a data breach. Both D-VoIS and Tata Docomo must consider the following recommendations in order to meet the criteria set by the Ranking Digital Rights project, ensuring commitment towards protection of right to freedom of expression and privacy of the users.

8.1. Commitment

Set in place an oversight mechanism to monitor how the company’s policies and practices affect freedom of expression and privacy. In case the Company already has that in place, information regarding the same must be made publically available for greater transparency.
Also, they must conduct regular, comprehensive, and credible due diligence, such as human rights impact assessments, to identify how all aspects of their business impact freedom of expression and privacy.
In addition to that, they must Provide for a remedy or grievance mechanism. The Telecom Regulatory Authority of India also requires that all service providers have redress mechanisms. In case the Company already has that in place, information regarding the same must be made publically available for greater transparency.

8.2. Freedom of Expression

The Companies must make an effort to make the Terms of Service available in the most commonly spoken languages by its users, besides English.
Also, it is recommended that the Companies must ensure to provide meaningful notice to users regarding change in terms of service.
Besides disclosing what content and activities the companies prohibit, they must disclose information regarding how it enforces these prohibitions and should provide examples regarding the circumstances under which it may suspend service to individuals or areas to help users understand such policies.
The Companies must also disclose information regarding the process for evaluating and responding to requests from third parties to restrict content or service. Additionally, it must disclose how long it retains user information, publish process for evaluating and responding to requests from government and other third parties for stored user data and/or real-time communications.

8.3. Privacy

Though both the Companies disclose that the user information shall be shared with third parties, and Tata Docomo discloses what information is collected and how, yet there should be no legal impediment for the companies to improve its disclosures about what user information it collects, with whom it is shared, and how long it is retained to protect the privacy of the users.
Though Tata Docomo allows the users to review and correct their Personal Information collected by the Company, D-VoIS must release information regarding whether the users are able to view, download or otherwise obtain all of the information about them that the company holds. In case it does not allow, the Company must duly change its policy regarding the same.
The Companies must also publish information to help users defend against cyber threats.

^[1] The Financial Express, ‘Free wi-fi: Digital Dilemma’, February 22, 2015,

http://www.financialexpress.com/article/economy/free-Wi-Fi-digital-dilemma/45804/

^[2] Tata Docomo, http://www.tatadocomo.com/

^[3] D-VoIS Communication Pvt. Ltd. http://www.dvois.com/

^[4] Ranking Digital Rights, https://rankingdigitalrights.org/

^[5] the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. Available at : http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf

^[6] See : http://indianexpress.com/article/technology/technology-others/public-wifi-can-be-used-to-steal-private-information-it-security-expert/, http://www.aljazeera.com/indepth/features/2016/03/india-unlocking-public-wi-fi-hotspots-160308072320835.html , http://www.business-standard.com/article/technology/indians-most-willing-to-share-personal-data-over-public-wifi-116083000673_1.html and http://articles.economictimes.indiatimes.com/2015-05-20/news/62413108_1_corporate-espionage-hotspots-bengaluru-airport

^[7] Scroll, ‘Free wifi in Delhi is good news but here is the catch’, November 21, 2014, http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch

^[8] LinkNYC, https://www.link.nyc/

^[9] See : http://www.nyclu.org/files/releases/city%20wifi%20letter.pdf

^[10] The Huffingtonpost, ‘Maybe You Shouldn't Use Public Wi-Fi In New York City’, March 16, 2016, http://www.huffingtonpost.in/entry/public-wifi-nyc_us_56e96b1ce4b0b25c9183f74a

^[11] NYCLU, ‘City’s Public Wi-Fi Raises Privacy Concerns’, March 16, 2016,

http://www.nyclu.org/news/citys-public-wi-fi-raises-privacy-concerns

^[12] NYCLU, ‘City’s Public Wi-Fi Raises Privacy Concerns’, March 16, 2016,

http://www.nyclu.org/news/citys-public-wi-fi-raises-privacy-concerns

^[13]Information Commissioner’s Office Blog, ‘Be wary of public Wi-Fi’September 25, 2015, https://iconewsblog.wordpress.com/2015/09/25/be-wary-of-public-Wi-Fi/

^[14]Information Commissioner’s Office Blog, ‘Be wary of public Wi-Fi’September 25, 2015, https://iconewsblog.wordpress.com/2015/09/25/be-wary-of-public-Wi-Fi/

^[15]Marketing Law, ‘The ICO sounds a warning on public wi-fi and privacy’, November 24, 2015,

http://marketinglaw.osborneclarke.com/data-and-privacy/the-ico-sounds-a-warning-on-public-Wi-Fi-and-privacy/

^[16]Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32006L0024

^[17] Feiler, L., "The Legality of the Data Retention Directive in Light of the Fundamental Rights to Privacy and Data Protection", European Journal of Law and Technology, Vol. 1, Issue 3, 2010, http://ejlt.org/article/view/29/75

^[18] The Data Retention (EC Directive) Regulations 2009 http://www.legislation.gov.uk/ukdsi/2009/9780111473894/pdfs/ukdsi_9780111473894_en.pdf

^[19] Purple, ‘Update on the legal implications of offering public WiFi in the UK’, September 10, 2014, http://purple.ai/update-legal-implications-offering-public-wifi-uk/

^[20] Data Protection Act 1998, http://www.legislation.gov.uk/ukpga/1998/29/contents

^[21] Wireless Social, http://www.wireless-social.com/how-it-works/legal-compliance/

^[22] Data Protection Act 1998, https://www.gov.uk/data-protection/the-data-protection-act

^[23]The Hindu, ‘Free wifi on M.G. Road and Brigade Road from Friday’, January 23, 2014, http://www.thehindu.com/news/cities/bangalore/free-wifi-on-mg-road-and-brigade-road-from-friday/article5606757.ece

^[24]The Telegraph, ‘Free Wi-fi on tech city streets- Bangalore offers five public hotspots’, January 25, 2014, http://www.telegraphindia.com/1140125/jsp/nation/story_17863705.jsp#.VwIv_Zx97IU

^[25]Economic Times, ‘Karnataka Govt pulls the plug on public Wi-Fi spots in Bengaluru’, March 15, 2016, http://tech.economictimes.indiatimes.com/news/internet/karnataka-govt-pulls-the-plug-on-public-Wi-Fi-spots-in-bengaluru/51404414

^[26] Medianama, ‘Why Don’t Indian Airports Offer Free WiFi To Passengers?’, May 22, 2013, http://www.medianama.com/2013/05/223-indian-airports-free-wifi/

^[27]Hindustan Times, ‘BSNL launches free public WiFi at Karnataka’s Malpe beach’, January 25, 2016, http://www.hindustantimes.com/tech/bsnl-launches-free-public-wifi-on-karnataka-s-malpe-beach/story-XVM06KQKIcoyqV8CLJoYzJ.html

^[28]TechTree, ‘Problems With Free City-Wide Wi-Fi Hotspots In India’, September 28, 2015,

http://www.techtree.com/content/features/9914/problems-free-city-wide-Wi-Fi-hotspots-india.html#sthash.2ZSf9kq7.dpuf

^[29]India Today, ‘25 Indian cities to get free public Wi-Fi by June 2015’, December 17, 2014, http://indiatoday.intoday.in/technology/story/25-indian-cities-to-get-free-public-Wi-Fi-by-june-2015/1/407214.html

^[30]Business Insider, ‘Modi Government To Roll Out Free Wi-Fi In 2,500 Towns And Cities To Make India Digital’, January 23, 2015, http://www.businessinsider.in/Modi-Government-To-Roll-Out-Free-Wi-Fi-In-2500-Towns-And-Cities-To-Make-India-Digital/articleshow/45989339.cms

^[31]RailTel launches free high-speed public Wi-Fi service with Google at Mumbai Central, http://www.railtelindia.com/images/Mumbai.pdf

^[32]Economic Times, ‘Google may get government nod to conduct pilot for Project Loon in India’, May 24, 2016,

http://economictimes.indiatimes.com/tech/internet/google-may-get-government-nod-to-conduct-pilot-for-project-loon-in-india/articleshow/52408455.cms

^[33]Department of Telecommunications, Ministry of Communications & IT, Government of India, February 23, 2009, http://www.dot.gov.in/sites/default/files/Wi-%20fi%20Direction%20to%20UASL-CMTS-BASIC%2023%20Feb%2009.pdf

^[34] Scroll, ‘Free wifi in Delhi is good news but here is the catch’ November 21, 2014, http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch

^[35]MojoNetworks, ‘Complying with DoT Regulation on Secure Use of WiFi: Less in Letter, More in Spirit’, http://www.mojonetworks.com/fileadmin/pdf/Implementing_DoT_Regulation_on_WiFi_Security.pdf

^[36] Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011

^[37]The Centre for Internet & Society, ‘Privacy and the Information Technology Act — Do we have the Safeguards for Electronic Privacy?’, April 7, 2011, http://cis-india.org/internet-governance/blog/privacy/safeguards-for-electronic-privacy

^[38]License Agreement for Unified License, http://www.dot.gov.in/sites/default/files/Unified%20Licence.pdf

^[39] Telecom Regulatory Authority of India, ‘Consultation Paper on Proliferation of Broadband through Public Wi-Fi Networks’ July 13, 2016, https://www.mygov.in/sites/default/files/mygov_1468492162190667.pdf

^[40] Telecom Regulatory Authority of India, ‘Consultation Paper on Proliferation of Broadband through Public Wi-Fi Networks’ July 13, 2016, https://www.mygov.in/sites/default/files/mygov_1468492162190667.pdf

^[41] The Economic Times, ‘Trai floats consultation paper to boost broadband through Wi-Fi in public places’, July 14, 2016, http://economictimes.indiatimes.com/articleshow/53195586.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

^[42] Telecom Regulatory Authority of India, ‘Consultation Paper on Proliferation of Broadband through Public Wi-Fi Networks’ July 13, 2016, https://www.mygov.in/sites/default/files/mygov_1468492162190667.pdf

^[43]Mint, ‘Trai issues paper on public Wi-Fi networks’ July 14, 2016, http://www.livemint.com/Industry/1jVgso2R2Lz4NR5IYFaCtN/Trai-issues-paper-on-public-WiFi-networks.html

^[44]Forbes,’How To Avoid Data Theft When Using Public Wi-Fi’, March 4, 2014, http://www.forbes.com/sites/amadoudiallo/2014/03/04/hackers-love-public-wi-fi-but-you-can-make-it-safe/#373c75e32476

^[45]Symantec, ‘Norton Cyber Security Insights Report’, 2016, https://www.symantec.com/content/dam/symantec/docs/reports/2016-norton-cyber-security-insights-report.pdf

^[46]The Indian Express, ‘Indian cybercrime victims don’t learn from past experience: Norton Report’, November 18, 2016, http://indianexpress.com/article/technology/tech-news-technology/indian-users-complacent-when-it-comes-to-cyber-security-norton-report/

^[47]Mashable, ‘This is the real price you pay for 'free' public Wi-Fi’, January 26, 2016, http://mashable.com/2016/01/25/actual-cost-free-Wi-Fi/?utm_cid=mash-com-Tw-main-link#WmAJGJ_COiq5

^[48]MojoNetworks, ‘Complying with DoT Regulation on Secure Use of WiFi: Less in Letter, More in Spirit’, http://www.mojonetworks.com/fileadmin/pdf/Implementing_DoT_Regulation_on_WiFi_Security.pdf

^[49]Network Computing, ‘Public WiFi, Location Data & Privacy Anxiety’, July 4, 2015, http://www.networkcomputing.com/wireless/public-wifi-location-data-privacy-anxiety/1496375374

^[50]Network Computing, ‘Public WiFi, Location Data & Privacy Anxiety’, July 4, 2015, http://www.networkcomputing.com/wireless/public-wifi-location-data-privacy-anxiety/1496375374

^[51]The Indian Express, ‘Public Wifi can be used to steal private information: IT Security Expert’, May 19, 2015, http://indianexpress.com/article/technology/technology-others/public-wifi-can-be-used-to-steal-private-information-it-security-expert/#sthash.xiuWtL6v.dpuf

^[52]Medium, ‘Maybe Better If You Don’t Read This Story on Public WiFi’, October 14, 2014, https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.3061h6lsv

^[53]Network Computing, ‘Public WiFi, Location Data & Privacy Anxiety’, July 4, 2015, http://www.networkcomputing.com/wireless/public-wifi-location-data-privacy-anxiety/1496375374

^[54]University of Washington, Computer Science and Engineering, ‘When I am on Wi-Fi, I am Fearless:” Privacy Concerns & Practices in Everyday Wi-Fi Use’, https://djw.cs.washington.edu/papers/wifi-CHI09.pdf

^[55]Breitbart, ‘Fre Public Wi-Fi poses security risks’, May 19, 2015, http://www.breitbart.com/big-government/2015/05/19/free-public-wifi-poses-security-risk/

^[56]The Guardian, ‘Londoners give up eldest children in public Wi-Fi security horror show’, September 29, 2014, https://www.theguardian.com/technology/2014/sep/29/londoners-Wi-Fi-security-herod-clause

^[57] Medium, ‘Maybe Better If You Don’t Read This Story on Public WiFi’, October 14, 2014, https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.3061h6lsv

^[58]ABC13, ‘Hackers set up fake Wi-Fi hotspots to steal your information, July 10, 2015, http://abc13.com/technology/hackers-set-up-fake-Wi-Fi-hotspots-to-steal-your-information/835223/

^[59]Medium, ‘Maybe Better If You Don’t Read This Story on Public WiFi’, October 14, 2014, https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.3061h6lsv

^[60] Scroll, ‘Free wifi in Delhi is good news but here is the catch’ November 21, 2014, http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch

^[61] Scroll, ‘Free wifi in Delhi is good news but here is the catch’ November 21, 2014, http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch

^[62]University of Washington, Computer Science and Engineering, ‘When I am on Wi-Fi, I am Fearless:” Privacy Concerns & Practices in Everyday Wi-Fi Use’, https://djw.cs.washington.edu/papers/wifi-CHI09.pdf

^[63] Breitbart, ‘Fre Public Wi-Fi poses security risks’, May 19, 2015, http://www.breitbart.com/big-government/2015/05/19/free-public-wifi-poses-security-risk/

^[64] Ranking Digital Rights, https://rankingdigitalrights.org/who/frequently-asked-questions/

^[65] Business & Human Rights Resource Centre, ‘Ranking Digital Rights Project’, http ://business-humanrights.org/en/documents/ranking-digital-rights-project

^[66] Ranking Digital Rights, https://rankingdigitalrights.org/about/

^[67] Ranking Digital Rights, https://rankingdigitalrights.org/about/

^[68] Ranking Digital Rights, https://rankingdigitalrights.org/who/frequently-asked-questions/

^[69] Ranking Digital Rights, https://rankingdigitalrights.org/who/frequently-asked-questions/

^[70] Ranking Digital Rights, https://rankingdigitalrights.org/about/

^[71] Ranking Digital Rights, https://rankingdigitalrights.org/who/frequently-asked-questions/

^[72] D-VoIS Communication Pvt. Ltd. http://www.dvois.com/

^[73]Section 16 of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 states that all request and complaints must be kept confidential.

^[74] Tata Docomo, http://www.tatadocomo.com/

For more details visit https://cis-india.org/internet-governance/blog/privacy-and-security-implications-of-public-wi-fi-a-case-study

Privacy after Big Data

praskrishna — 2017-01-27T00:08:39Z

For more details visit https://cis-india.org/internet-governance/files/privacy-after-big-data

Privacy & Media Law

Sonal Makhija — 2012-12-14T10:26:51Z

In her research, Sonal Makhija, a Bangalore-based lawyer, tries to delineate the emerging privacy concerns in India and the existing media norms and guidelines on the right to privacy. The research examines the existing media norms (governed by Press Council of India, the Cable Television Networks (Regulation) Act, 1995 and the Code of Ethics drafted by the News Broadcasting Standard Authority), the constitutional protection guaranteed to an individual’s right to privacy upheld by the courts, and the reasons the State employs to justify the invasion of privacy. The paper further records, both domestic and international, inclusions and exceptions with respect to the infringement of privacy.

Introduction

Last year’s satirical release, Peepli [Live], accurately captured what takes place in media news rooms. The film revolves around a debt-ridden farmer whose announcement to commit suicide ensue a media circus. Ironically, in the case of the Radia tapes, the same journalists found themselves in the centre of the media’s frenzy-hungry, often intrusive and unverified style of reporting.[1] Exposés, such as, the Radia tapes and Wikileaks have thrown open the conflict between the right to information, or what has come to be called ‘informational activism’, and the right to privacy. Right to information and the right to communicate the information via media is guaranteed under Article 19(1) (a) of the Constitution of India. In State of Uttar Pradesh v Raj Narain,[2] the Supreme Court of India held that Article 19(1) (a), in addition, to guaranteeing freedom of speech and expression, guarantees the right to receive information on matters concerning public interest. However, more recently concerns over balancing the right to information with the right to privacy have been raised, especially, by controversies like the Radia-tapes.

For instance, last year Ratan Tata filed a writ petition before the Supreme Court of India alleging that the unauthorised publication of his private conversations with Nira Radia was in violation of his right to privacy. The writ, filed by the industrialist, did not challenge the action of the Directorate-General of Income Tax to record the private conversations for the purpose of investigations. Instead, it was challenging the publication of the private conversations that took place between the industrialist and Nira Radia by the media. Whether the publication of those private conversations was in the interest of the public has been widely debated. What the Tata episode brought into focus was the need for a law protecting the right to privacy in India.

India, at present, does not have an independent statute protecting privacy; the right to privacy is a deemed right under the Constitution. The right to privacy has to be understood in the context of two fundamental rights: the right to freedom under Article 19 and the right to life under Article 21 of the Constitution.

The higher judiciary of the country has recognised the right to privacy as a right “implicit in the right to life and liberty guaranteed to the citizens of this country by Article 21”. The Indian law has made some exceptions to the rule of privacy in the interest of the public, especially, subsequent to the enactment of the Right to Information Act, 2005 (RTI). The RTI Act, makes an exception under section 8 (1) (j), which exempts disclosure of any personal information which is not connected to any public activity or of public interest or which would cause an unwarranted invasion of privacy of an individual. What constitutes an unwarranted invasion of privacy is not defined. However, courts have taken a positive stand on what constitutes privacy in different circumstances.

The purpose of this paper is to delineate the emerging privacy concerns in India and the existing media norms and guidelines on the right to privacy. At present, the media is governed by disparate norms outlined by self-governing media bodies, like the Press Council of India, the Cable Television Networks (Regulation) Act, 1995 and the Code of Ethics drafted by the News Broadcasting Standard Authority (NBSA). The paper examines the existing media norms, constitutional protection guaranteed to an individual’s right to privacy and upheld by courts, and the reasons the State employs to justify the invasion of privacy. The paper records, both domestic and international, inclusions and exceptions with respect to the infringement of privacy.

The paper traces the implementation of media guidelines and the meanings accorded to commonly used exceptions in reporting by the media, like, ‘public interest’ and ‘public person’. This paper is not an exhaustive attempt to capture all privacy and media related debates. It does, however, capture debates within the media when incursion on the right to privacy is considered justifiable. The questions that the paper seeks to respond to are: When is the invasion on the right to privacy defensible? How the media balances the right to privacy with the right to information? How is ‘public interest’ construed in day-to-day reporting? The questions raised are seen in the light of case studies on the invasion of privacy in the media, the interviews conducted with print journalists, the definition of the right to privacy under the Constitution of India and media’s code of ethics.

Constitutional Framework of Privacy

The right to privacy is recognised as a fundamental right under the Constitution of India. It is guaranteed under the right to freedom (Article 19) and the right to life (Article 21) of the Constitution. Article 19(1) (a) guarantees all citizens the right to freedom of speech and expression. It is the right to freedom of speech and expression that gives the media the right to publish any information. Reasonable restrictions on the exercise of the right can be imposed by the State in the interests of sovereignty and integrity of the State, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence. Article 21 of the Constitution provides, "No person shall be deprived of his life or personal liberty except according to procedure established by law." Courts have interpreted the right to privacy as implicit in the right to life. In R.Rajagopal v. State of T.N.[3]; and PUCL v. UOI[4], the courts observed that the right to privacy is an essential ingredient of the right to life.

For instance, in R. Rajagopal v State of Tamil Nadu, Auto Shankar — who was sentenced to death for committing six murders — in his autobiography divulged his relations with a few police officials. The Supreme Court in dealing with the question on the right to privacy, observed, that the right to privacy is implicit in the right to life and liberty guaranteed to the citizens of the country by Article 21. It is a ‘right to be left alone.’ "A citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, child-bearing and education among other matters.” The publication of any of the aforesaid personal information without the consent of the person, whether accurate or inaccurate and ‘whether laudatory or critical’ would be in violation of the right to privacy of the person and liable for damages. The exception being, when a person voluntarily invites controversy or such publication is based on public records, then there is no violation of privacy.

In PUCL v. UOI,[5]which is popularly known as the wire-tapping case, the question before the court was whether wire-tapping was an infringement of a citizen’s right to privacy. The court held that an infringement on the right to privacy would depend on the facts and circumstances of a case. It observed that, "telephone conversation is an important facet of a man's private life. Right to privacy would certainly include telephone-conversation in the privacy of one's home or office. Telephone-tapping would, thus, infract Article 21 of the Constitution of India unless it is permitted under the procedure established by law." It further observed that the right to privacy also derives from Article 19 for "when a person is talking on telephone, he is exercising his right to freedom of speech and expression."

In Kharak Singh v. State of U.P,[6] where police surveillance was being challenged on account of violation of the right to privacy, the Supreme Court held that domiciliary night visits were violative of Article 21 of the Constitution and the personal liberty of an individual.

The court, therefore, has interpreted the right to privacy not as an absolute right, but as a limited right to be considered on a case to case basis. It is the exceptions to the right to privacy, like ‘public interest’, that are of particular interest to this paper.

International Conventions

Internationally the right to privacy has been protected in a number of conventions. For instance, the Universal Declaration of Human Rights, 1948 (UDHR) under Article 12 provides that:

"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, or to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

The UDHR protects any arbitrary interference from the State to a person’s right to privacy. Similarly, International Covenant on Civil and Political Rights, 1976 (ICCPR) under Article 17 imposes the State to ensure that individuals are protected by law against “arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. [7]

Thus, ensuring that States enact laws to protect individual’s right to privacy. India has ratified the above conventions. The ratification of the Conventions mandates the State to take steps to enact laws to protect its citizens. Although, human right activists have periodically demanded that the State take adequate measures to protect human rights of the vulnerable in society, the right to privacy has received little attention.

Similarly, Article 16 of the Convention on the Rights of the Child (CRC) provides protection to a minor from any unlawful interference to his/her right to privacy and imposes a positive obligation on States who have ratified the convention to enact a law protecting the same. India does have safeguards in place to protect identity of minors, especially, juveniles and victims of abuse. However, there are exceptions when the law on privacy does not apply even in case of a minor.

The right to privacy, therefore, is not an absolute right and does not apply uniformly to all situations and all class of persons. For instance, privacy with respect to a certain class of persons, like a person in public authority, affords different protection as opposed to private individuals.

Public Person

In case of a representative of the public, such as a public person, the right to privacy afforded to them is not of the same degree as that to a private person. The Press Council of India (PCI) has laid down Norms of Journalistic Conduct, which address the issue of privacy. The PCI Norms of Journalistic Conduct, recognises privacy as an inviolable human right, but adds a caveat; that the degree of privacy depends on circumstances and the person concerned.

In the landmark judge’s asset case, CPIO, Supreme Court of India vs Subhash Chandra Agarwal,[8] the court recognised the tension between the right to information and the right to privacy, especially, with respect to public persons. The case arose from an application filed by a citizen who was seeking information under the RTI Act on whether judges of high courts and Supreme Court were filing asset declarations in accordance with full resolution of the Supreme Court. The court held that information concerning private individuals held by public authority falls within the ambit of the RTI Act. It remarked that whereas public persons are entitled to privacy like private persons, the privacy afforded to private individuals is greater than that afforded to those in public authority, especially in certain circumstances.

The court commented:

"A private citizen's privacy right is undoubtedly of the same nature and character as that of a public servant. Therefore, it would be wrong to assume that the substantive rights of the two differ. Yet, inherent in the situation of the latter is the premise that he acts for the public good, in the discharge of his duties, and is accountable for them. The character of protection, therefore, afforded to the two classes — public servants and private individuals, is to be viewed from this perspective. The nature of restriction on the right to privacy is therefore, of a different order; in the case of private individuals, the degree of protection afforded is greater; in the case of public servants, the degree of protection can be lower, depending on what is at stake."

In testing whether certain information falls within the purview of the RTI Act, the court said one should consider the following three tests:

whether the disclosure of the personal information is with the aim of providing knowledge of the proper performance of the duties and tasks assigned to the public servant in any specific case;
whether the information is deemed to comprise the individual's private details, unrelated to his position in the organization, and,
whether the disclosure will furnish any information required to establish accountability or transparency in the use of public resources.

Would this rule hold true for information on relatives/ friends of public persons? The rule is that, unless, private information on relatives/friends of public person’s impacts public interest and accountability, the information should not be revealed.

In 2010, the media reported that Sunanda Pushkar, a close friend of the Minister of State for External Affairs, Shashi Tharoor, holds a significant holding in the IPL Kochi team. The media exposure led to the exit of Shashi Tharoor from the government. While the media’s questioning of Pushkar’s holdings was legitimate, the media’s reporting on her past relationships and how she dressed had no bearing on public interest or accountability.[9] The media accused Pushkar of playing proxy for Tharoor in the Rs. 70 crore sweat equity deal. Much of the media attention focussed on her personal life, as opposed to, how she attained such a large stake in the IPL Kochi team. It minutely analysed her successes and failures, questioned her ability and accused her of having unbridled ambition and greed for money and power.[10]

If one was to consider the rules of privacy set by the court in the judges assets’ case much of the personal information published by the media on Tharoor and Pushkar, failed to shed light on the IPL holdings or the establishment of the nexus between the IPL holdings and the government involvement.

The tests delineated by the court in considering what personal information regarding a public authority may be shared under the RTI Act, can be adopted by the media when reporting on public officials. If personal information divulged by the media does not shed light on the performance of a public official, which would be of public interest, then the information revealed violates the standards of privacy. Personal details which have no bearing on public resources or interests should not be published.

The media coverage of the Bombay terror attacks displayed the same lack of restraint, where the minutest details of a person’s last communication with his/her family were repeatedly printed in the media. None of the information presented by the media revealed anything new about the terror attack or emphasised the gravity of the attack.

A senior journalist, who talked off the record and reported on the Mumbai terror attacks, agreed that the media overstepped their limits in the Mumbai terror attacks. As per her, violation of privacy takes place at two stages: the first time, when you overstep your boundaries and ask a question you should not have, and the second, when you publish that information. Reflecting on her ten years of reporting experience, she said, “Often when you are covering a tragedy, there is little time to reflect on your reporting. Besides, if you, on account of violating someone’s privacy, choose not to report a story, some competing paper would surely carry that story. You would have to defend your decision to not report the story to your boss.” The competitiveness of reporting and getting a story before your competitor, she agreed makes even the most seasoned journalists ruthless sometimes. Besides, although PCI norms exist, not many read the PCI norms or recall the journalistic ethics when they are reporting on the field.[11]

The PCI Norms reiterate that the media should not intrude "the privacy of an individual, unless outweighed by genuine overriding public interest, not being a prurient or morbid curiosity."[12] The well accepted rule, however, is that once a matter or information comes in the public domain, it no longer falls within the sphere of the private. The media has failed to make the distinction between what is warranted invasion of privacy and what constitutes as an unwarranted invasion of privacy. For instance, identity of a rape or kidnap victim that would further cause discrimination is often revealed by the media.

Safeguarding Identity of Children

The Juvenile Justice (Care and Protection of Children) Act lays down that the media should not disclose the names, addresses or schools of juveniles in conflict with the law or that of a child in need of care and protection, which would lead to their identification. The exception, to identification of a juvenile or child in need of care and protection, is when it is in the interest of the child. The media is prohibited from disclosing the identity of the child in such situations.

Similarly, the Convention on the Rights of the Child (CRC) stipulates that:

Article 16

No child shall be subjected to arbitrary or unlawful interference with his or her privacy, family, or correspondence, nor to unlawful attacks on his or her honour and reputation.
The child has the right to the protection of the law against such interference or attacks.

Article 40 of the Convention, states that the privacy of a child accused of infringing penal law should be protected at all stages of the proceedings.

Almost all media, print and broadcast, fail to observe these guidelines. Prashant Kulkarni[13] (name changed), who was a photographer with Reuters a few years ago, said that in Reuters photographs taken by photojournalists could not be altered or edited, to ensure authenticity.

As far as taking photographs of certain vulnerable persons is concerned, he admitted to photographing street children who are drug addicts on the streets of Mumbai. The photographs were published by Reuters. However, when he was on an assignment for an NGO working with children, the NGO cautioned him about photographing children who are drug addicts, to protect their identity. Similarly, identity of HIV and AIDS patients, including children, should be protected and not revealed. Children affected with HIV and AIDS should not be identified by name or photograph, even if consent has been granted by the minor’s parents/guardian.

As a rule, Kulkarni said, he does not seek consent of individuals when he is taking their photographs, if they are in a public place. If they do not object, the assumption is that they are comfortable with being photographed. The PCI norms do not expressly provide that consent of a person should be sought. But, journalists are expected to exercise restraint in certain situations. Likewise, identifying juveniles in conflict with law is restricted. This includes taking photographs of juveniles that would lead to their identification.

Kulkarni, who extensively covered the Bombay train blasts in 2006, explains, "At the time of the Bombay train explosions, I avoided taking pictures that were gory or where dead people could be identified. However, I did take photographs of those injured in the blast and were getting treated in government hospitals. I did not expressly seek their consent. They were aware of being photographed. That is the rule I have applied, even when I was on an assignment in West Africa. I have never been on an assignment in Europe, so am not sure whether I would have applied the same rule of thumb. Nonetheless, now as a seasoned photographer, I would refrain from taking pictures of children who are drug addicts."

Safeguarding Identity of Rape Victims

Section 228A of the Indian Penal Code makes disclosure of the identity of a rape victim punishable. In the recent Aarushi Talwar murder case and the rape of an international student studying at the Tata Institute of Social Sciences (TISS) the media frenzy compromised the privacy of the TISS victim and besmirched the character of the dead person.[14] In the TISS case, the media did not reveal the name of the girl, but revealed the name of the university and the course she was pursuing, which is in violation of the PCI norms. In addition to revealing names of individuals, the PCI norms expressly states that visual representation in moments of personal grief should be avoided. In the Aarushi murder case, the media repeatedly violated this norm.

The media in both cases spent enough newsprint speculating about the crimes. Abhinav Pandey[15] (name changed), a senior journalist reporting on crime, agrees that the media crossed its boundaries in the TISS case by reporting sordid details of how the rape took place. "Names of victims of sexual crime cannot be reported. In fact, in many instances the place of stay and any college affiliation should also be avoided, as they could be easily identified. Explicit details of the offence drawn from the statement given by the victim to the police are irrelevant to the investigation or to the public at large. Similarly, names of minors and pictures, including those of juveniles, have to be safeguarded."

"Crime reporters receive most of their stories from the police. Therefore, one has to be careful before publishing the story. At times in the rigour of competitive journalism, if you decide to publish an unverified story, as a good journalist you should present a counter-point. As a seasoned journalist it is easy to sense when a story is being planted by the police. If you still want to carry the story, one has to be careful not to taint the character of a person," he adds.

"For instance, in my reporting if I find that the information will not add to the investigation, I will not include it in my copy. Last year, we had anonymous letters being circulated among crime reporters which alleged corruption among senior IPS officers. Instead of publishing the information contained in those letters with the names of the IPS officers, we published a story on corruption and cronyism on IPS officers. In the Faheem Ansari matter, who was an accused in the 26/11 trial, I had received his email account password. Accessing his account also amounts to violation of privacy. But, we only published the communication between him and some handlers in Pakistan, which we knew would have an impact on the investigation. Our job requires us to share information in the public domain, sometimes we would violate privacy. Nonetheless, one has to be cautious."

Trial by Media & Media Victimisation

The PCI norms lay down the guidelines for reporting cases and avoiding trial by media. The PCI warns journalists not to give excessive publicity to victims, witnesses, suspects and accused as that amounts to invasion of privacy. Similarly, the identification of witnesses may endanger the lives of witnesses and force them to turn hostile. Zaheera Sheikh, who was a key witness in the Gujarat Best Bakery case, was a victim of excessive media coverage and sympathy. Her turning hostile invited equal amount of media speculation and wrath. Her excessive media exposure possibly endangered her life. Instead, of focussing on the lack of a witness protection program in the country, the media focussed on the twists and turns of the case and the 19 year old’s conflicting statements. The right of the suspect or the accused to privacy is recognised by the PCI to guard against the trial by media.

Swati Deshpande,[16] a Senior Assistant Editor (Law) at the Times of India, Mumbai, observes that, “As a good journalist one will always have more information than required, but whether you publish that information or exercise restraint is up to you.” In a span of 11 years of court reporting, as per her, there have been instances when she has exercised the option of not reporting certain information that could be defamatory and cannot be attributed. If an allegation is made in a court room, but is not supported by evidence or facts, then it is advisable that it be dropped from the report.

"In the Bar Dancers’ case which was before the Bombay High Court, the petition made allegations of all kinds against certain ministers. I did not report that, although I could have justified it by saying it is part of the petition, and I was just doing my job. The allegation was neither backed by facts nor was it of public interest. As a rule one should report on undisputed facts. Then again, with court reporting one is treading on safer grounds, as opposed to other beats."

"In cases of rape when facts are part of the judgement, you report facts that are relevant to the judgement or give you an insight on why the court took a certain view and add value to the copy. One should avoid a situation where facts revealed are offensive or reveal the identity of the victim. The past history of both the victim and the accused should not be reported."

She admitted, that "Media reporting often gives the impression that the accused has committed the crime or the media through its independent investigation wing has found a particular fact. When in fact, it has relied entirely on the information given by the police and failed to question or verify the facts by an independent source. The result is that most crime reporting is one-sided, because the information received from the police is rarely questioned."

As per her, to a certain degree the publication of Tata–Radia conversations did violate Tata’s privacy. "Media needs to question itself prior to printing on how the information is of public interest. Of course, as a journalist you do not want to lose out on a good story, but there needs to be gate keeping, which is mostly absent in most of the media today."

In the Bofors pay-off case[17] the High Court of Delhi, observed that, “The fairness of trial is of paramount importance as without such protection there would be trial by media which no civilised society can and should tolerate. The functions of the court in the civilised society cannot be usurped by any other authority.”[18] It further criticised the trend of police or the CBI holding a press conference for the media when investigation of a crime is still ongoing. The court agreed that media awareness creates awareness of the crime, but the right to fair trial is as valuable as the right to information and freedom of communication.

The 200th report of the Law Commission dealt with the issue of Trial by media: Free Speech vs Fair Trial under Criminal Procedure. The report, focussed on the pre-judicial coverage of a crime, accused and suspects, and how it impacts the administration of justice. The Contempt of Courts Act, under section 2 defines criminal contempt as:

"…the publication, (whether by words, spoken or written or by signs, or by visible representations, or otherwise), of any matter or the doing of any other act whatsoever which
(i) … … … …
(ii) prejudices or interferes or tends to interfere with the due course
of any judicial proceedings; or
(iii) interferes or tends to interfere with or obstructs or tends to obstruct, the administration of justice in any manner."

Section 3(1) of the Act exempts any publication and distribution of publication, "if the publisher had no reasonable grounds for believing that the proceeding was pending”. In the event, the person is unaware of the pendency, any publication (whether by words spoken or written or signs or visible representations) interferes or tends to interfere with or obstructs “the course of justice in connection with any civil or criminal proceeding pending at the time of publication, if at that time he had no reasonable grounds for believing that the proceeding was pending." The report emphasizes that publications during the pre-trial stage by the media could affect the rights of the accused. An evaluation of the accused’s character is likely to affect or prejudice a fair trial.

If the suspect’s pictures are shown in the media, identification parades of the accused conducted under Code of Civil Procedure would be prejudiced. Under Contempt of Court Act, publications that interfere with the administration of justice amount to contempt. Further, the principles of natural justice emphasise fair trial and the presumption of innocence until proven guilty. The rights of an accused are protected under Article 21 of the Constitution, which guarantees the right to fair trial. This protects the accused from the over-zealous media glare which can prejudice the case. Although, in recent times the media has failed to observe restraint in covering high-profile murder cases, much of which has been hailed as media’s success in ensuring justice to the common man.

For instance, in the Jessica Lal murder case, the media took great pride in acting as a facilitator of justice. The media in the case whipped up public opinion against the accused and held him guilty even when the trial court had acquitted the accused. The media took on the responsibility of administering justice and ensuring the guilty are punished, candle light vigils and opinion polls on the case were organised by the media. Past history of the accused was raked up by the media, including photographs of the accused in affluent bars and pubs in the city were published after he was acquitted. The photographs of Manu Sharma in pubs insinuated how he was celebrating after his acquittal.

The Apex Court observed that the freedom of speech has to be carefully and cautiously used to avoid interference in the administration of justice. If trial by media hampers fair investigation and prejudices the right of defence of the accused it would amount to travesty of justice. The Court remarked that the media should not act as an agency of the court.[19]

The Court, commented, "Presumption of innocence of an accused is a legal presumption and should not be destroyed at the very threshold through the process of media trial and that too when the investigation is pending."[20]

Sting Operations

On 30 August, 2007 Live India, a news channel conducted a sting operation on a Delhi government school teacher forcing a girl student into prostitution. Subsequent to the media exposé, the teacher Uma Khurana[21] was attacked by a mob and was suspended by the Directorate of Education, Government of Delhi. Later investigation and reports by the media exposed that there was no truth to the sting operation. The girl student who was allegedly being forced into prostitution was a journalist. The sting operation was a stage managed operation. The police found no evidence against the teacher to support allegations made by the sting operation of child prostitution. In this case, the High Court of Delhi charged the journalist with impersonation, criminal conspiracy and creating false evidence. The Ministry of Information and Broadcasting sent a show cause notice to TV-Live India, alleging the telecast of the sting operation by channel was “defamatory, deliberate, containing false and suggestive innuendos and half truths."[22]

Section 5 of the Cable Television Networks (Regulation) Act, 1995 and the Cable Television Network Rules (hereafter the Cable Television Networks Act), stipulates that no programme can be transmitted or retransmitted on any cable service which contains anything obscene, defamatory, deliberate, false and suggestive innuendos and half truths. The Rules prescribes a programming code to be followed by channels responsible for transmission/re-transmission of any programme.

The programme code restricts airing of programmes that offend decency or good taste, incite violence, contains anything obscene, defamatory, deliberate, false and suggestive innuendos and half truths, criticises, maligns or slanders any individual in person or certain groups, segments of social, public and moral life of the country and affects the integrity of India, the President and the judiciary. The programme code provided by the Rules is exhaustive. The Act empowers the government to restrict operation of any cable network it thinks is necessary or expedient to do so in public interest.

The court observed that false and fabricated sting operations violate a person’s right to privacy. It further, observed, "Giving inducement to a person to commit an offence, which he is otherwise not likely and inclined to commit, so as to make the same part of the sting operation is deplorable and must be deprecated by all concerned including the media.” It commented that while “…sting operations showing acts and facts as they are truly and actually happening may be necessary in public interest and as a tool for justice, but a hidden camera cannot be allowed to depict something which is not true, correct and is not happening but has happened because of inducement by entrapping a person."[23]

The court criticised the role of the media in creating situations of entrapment and using the ‘inducement test’. It remarked that such inducement tests infringe upon the individual's right to privacy. It directed news channels to take steps to prohibit “reporters from producing or airing any programme which are based on entrapment and which are fabricated, intrusive and sensitive.[24]

The court proposed a set of guidelines to be followed by news channels and electronic media in carrying out sting operations. The guidelines direct a channel proposing to telecast a sting operation to obtain a certificate from the person who recorded or produced the same certifying that the operation is genuine to his knowledge. The guidelines propose that the Ministry of Information and Broadcasting should set up a committee which would have the powers to grant permission for telecasting sting operations. The permission to telecast a sting operation should be granted by the committee only if it is satisfied about the overriding public interest to telecast the sting operation. The guidelines mandate that, in addition, to ensuring accuracy, the operation should not violate a person’s right to privacy, "unless there is an identifiable large public interest” for broadcasting or publishing the material. However, the court failed to define what constitutes 'larger public interest'.

The PCI norms also lay down similar guidelines which require a newspaper reporting a sting operation to obtain a certificate from the person involved in the sting to certify that the operation is genuine and record in writing the various stages of the sting. The decision to report the sting vests with the editor who merely needs to satisfy himself that the sting operation is of public interest.

In addition, to the Cable Television Networks Act and the PCI norms, the News Broadcasting Standard Authority (NBSA) was set up in 2008 as a self-regulatory body by News Broadcasters Association.[25] The primary objective of the NBSA is to receive complaints on broadcasts. The NBSA has drafted a Code of Ethics and Broadcasting Standards governing broadcasters and television journalists. The Code of Ethics provides guiding principles relating to privacy and sting operations that broadcasters should follow.

With respect to privacy, the Code directs channels not to intrude into the private lives of individuals unless there is a “clearly established larger and identifiable public interest for such a broadcast.” Any information on private lives of persons should be “warranted in public interest.” Similarly, for sting operations, the Code directs that they should be used as “a last resort” by news channels and should be guided by larger public interest. They should be used to gather conclusive evidence of criminality and should not edit/alter visuals to misrepresent truth.

In a recent judgement on a supposed sting operation conducted by M/s. Associated Broadcasting Company Pvt. Limited[26] on TV9 on ‘Gay culture rampant in Hyderabad’, the NBA took suo motu notice of the violation of privacy of individuals with alternate sexual orientation and misuse of the tool of sting operation. NBA in its judgement held that the Broadcaster had violated clauses on privacy, sting operations and sex and nudity of the Code of Ethics. It further, observed, that the Broadcaster and the story did not reveal any justifiable public interest in using the sting operation and violating the privacy of individuals. In this particular case, the Broadcaster had revealed the personal information and faces of supposedly gay men in Hyderabad to report on the ‘underbelly’ of gay culture and life. However, the news report, as NBSA observed, did not prove any criminality and was merely a sensational report of gay culture allegedly prevalent in Hyderabad.

The PCI norms provide that the press should not tape-record conversations without the person’s express consent or knowledge, except where it is necessary to protect a journalist in a legal action or for “other compelling reason.” What constitutes a compelling reason is left to the discretion of the journalist.

It was in the 1980s, that the first sting operation on how women were being trafficked was carried out by the Indian Express reporter Ashwin Sarin. As part of the sting, the Express purchased a tribal girl called Kamla. Subsequently, in 2001, the sting operation conducted by Tehelka exposed corruption in defence contracts using spy cams and journalists posing as arms dealers. The exposé on defence contracts led to the resignation of the then defence minister George Fernandes. Sting operations gained legitimacy in India, especially in the aftermath of the Tehelka operation, exposing corruption within the government. The original purpose of a sting operation or an undercover operation was to expose corruption. Stings were justifiable only when it served a public interest. Subsequent to the Tehelka exposé, stings have assumed the status of investigative journalism, much of which has been questioned in recent times, especially, with respect to ethics involved in conducting sting operations and the methods of entrapment used by the media. Further, stings by Tehelka, where the newspaper used sex workers to entrap politicians have brought to question the manner in which stings are operated. Although, the overriding concern surrounding sting operations has been its authenticity, as opposed to, the issue of personal privacy.

For instance, in March 2005 a television news channel carried out a sting operation involving Bollywood actor Shakti Kapoor to expose the casting couch phenomenon in the movie industry. The video showing Shakti Kapoor asking for sexual favours from an aspiring actress, who was an undercover reporter, was received with public outrage. Nonetheless, prominent members of the media questioned the manner in which the sting was conducted. The sting was set up as an entrapment. The court has taken a strong view against the use of entrapment in sting operations. In the case of the Shakti Kapoor sting, privacy of the actor was clearly violated. The manner in which the sting was conducted casts serious doubt on who was the victim.[27]

Additionally, the sting violated the PCI norms. It failed to provide a record of the various stages of how the sting operation was conducted. In United Kingdom, the media when violating privacy of a person has to demonstrate that it is in the interest of the public.

International Law on Media & Privacy Ethics

United Kingdom

The Press Complaints Commission (PCC), UK is a self-regulatory body similar to NBA. The PCC has put down code of ethics to be followed by journalists. The PCC guidelines provide that everyone has the right to privacy and editors must provide reason for intrusions to a person’s privacy. This includes photographing individuals in private places without their consent. Interestingly, private places include public or private property "where there is a reasonable expectation of privacy." In India however, as Kulkarni pointed out, photographs are taken without the consent of an individual if he/she is in a public space.

Like the PCI norms, the PCC Code lays down guidelines to follow when reporting on minors (below 16 years of age) who have been victims of sexual assault. As per the guidelines, the identity of the children should be protected. Further, relatives or friends of persons convicted or accused of a crime should not be identified without their consent, unless the information is relevant to the story. References to a person’s race, colour, sexual orientation and gender should be avoided. For instance, the media reportage of the TISS rape case, which revealed the nationality and colour of the victim, would be in violation of the PCC Code. In the TISS rape case, the information on the nationality and colour of the victim was not only irrelevant to the story, but as amply demonstrated by the media it reinforced prejudices against white women as ‘loose or amoral’.[28]

As far as sting operations are concerned, the PCC lays down that the press must not publish material acquired by hidden camera or clandestine devices by intercepting private messages, emails or telephone calls without consent. However, revealing private information in cases of public interest is an exception to the general rule to be followed with respect to individual privacy. The PCC defines public interest to include, but it is not restricted to:

"i) Detecting or exposing crime or serious impropriety
ii) Protecting public health and safety
iii) Preventing the public from being misled by an action or statement of an individual or organisation"

It requires editors to amply demonstrate that a publication is of public interest. In case the material is already in public domain the same rules of privacy do not apply. However, in cases involving children below 16 years of age, editors must demonstrate exceptional public interest that overrides the interest of the child. Tellingly, the PCC recognises freedom of expression as public interest.

The PCC, to ensure that persons are not hounded by the media have started issuing desist orders. The PCC issues a desist notice to editors to prevent the media from contacting the person. Preventive pre-publication is when the PCC pre-empts a story that may be pursued or published and attempts to either influence the reporting of the story in a way that it is not in violation of a person’s privacy or persuades the media house not to publish the story. The PCC, however, does not have the powers to prevent publication.

Further, United Kingdom is a member of the European Convention on Human Rights (ECHR), which guarantees the right to privacy under Article 8 of the Convention: "Everyone has the right to respect for his private and family life, his home and his correspondence."

However, there is no independent law which recognises the right to privacy. The judiciary however has protected the right to privacy in several occasions, like in the famous J.K. Rowling case where the English Court held, that a minor’s photograph without the consent of the parent or guardian, though not offensive, violates the child’s right to privacy.[29]

France

The French legal system protects the right to privacy under: Article 9 of the Civil Code.

Article 9 of the Civil Code states:

Everyone has the right to respect for his private life. Without prejudice to compensation for injury suffered, the court may prescribe any measures, such as sequestration, seizure and others, appropriate to prevent or put an end to an invasion of personal privacy; in case of an emergency those measures may be provided for by an interim order. The right to privacy allows anyone to oppose dissemination of his or her picture without their express consent.

Article 9 covers both the public and private spheres, and includes not merely the publication of information but also the method of gathering information. Also, in France violation of one’s privacy is a criminal offence. This includes recording or transmitting private conversations or picture of a person in a private place without the person’s consent. This implies that privacy is not protected in a public place. Any picture taken of a person dead or alive, without their prior permission, is prohibited. Buying of such photographs where consent of a person also constitutes as an offence. Journalists, however, are not disqualified from the profession if they have committed such an offence.[30]

France has the Freedom of the Press of 29 July 1881 which protects minors from being identified and violent and licentious publication which targets minors. It punishes slander, publication of any information that would reveal the identity of a victim of a sexual offence, information on witnesses and information on court proceedings which include a person’s private life.[31]

Sweden

Privacy is protected in Sweden under its Constitution. All the four fundamental laws of the country: the Instrument of Government, the Act of Succession, the Freedom of the Press Act, and the Fundamental Law on Freedom of Expression protect privacy. The Instrument of Government Act of 1974 provides for the protection of individual privacy. It states that freedom of expression is limited under Article 13 of the Constitution:

"Freedom of expression and freedom of information may be restricted having regard to the security of the Realm, the national supply, public safety and order, the integrity of the individual, the sanctity of private life, or the prevention and prosecution of crime. Freedom of expression may also be restricted in economic activities. Freedom of expression and freedom of information may otherwise be restricted only where particularly important reasons so warrant."

Sweden has a Press Council which was established in 1916. The Council consists of the Swedish Newspaper Publishers' Association, the Magazine Publishers' Association, the Swedish Union of Journalists and the National Press Club. The Council consists of "a judge, one representative from each of the above-mentioned press organisations and three representatives of the general public who are not allowed to have any ties to the newspaper business or to the press organisations."

Additionally, there is an office of the Press Ombudsman which was established in 1969. Earlier the Swedish Press Council used to deal with complaints on violations of good journalistic practice. After the setting up of the Press Ombudsman, the complaints are first handled by the Press Ombudsman, who is empowered to take up matters suo motu. "Any interested members of the public can lodge a complaint with the PO against newspaper items that violate good journalistic practice. But, the person to whom the article relates to must provide a written consent, if the complaint is to result in a formal criticism of the newspaper."[33]

The Swedish Press Council reports that in the recent years, 350-400 complaints have been registered annually, of which most concern coverage of criminal matters and invasion of privacy.

Sweden, additionally, has a Code of Ethics which applies to press, radio and television. The Code of Ethics was adopted by the Swedish Co-operation Council of the Press in September 1995. The Code of Ethics for Press, Radio and Television in Sweden has been drawn up by the Swedish Newspaper Publishers' Association, the Magazine Publishers' Association, the Swedish Union of Journalists and the National Press Club.

The Code of Ethics lay down norms to be followed in respect of privacy. It states that caution should be exercised when publishing information that:

Infringes on a persons’ privacy, unless it is obviously in public interest,
Information on suicides or attempted suicides
Information on victims of crime and accidents. This includes publication of pictures or photographs[34]

Race, sex, nationality, occupation, political affiliation or religious persuasion in certain cases, especially when such information is of no importance, should not be published.

One should exercise care in use of pictures, especially, retouching a picture by an electronic method or formulating a caption to deceive the reader. In case a picture has been retouched, it should be indicated below the photograph.

Further, the Code asks journalists to consider “the harmful consequences that might follow for persons if their names are published” and names should be published only if it is in the public interest. Similarly, if a person’s name is not be revealed, the media should refrain from publishing a picture or any particulars with respect to occupation, title, age, nationality, sex of the person, which would enable identification of the person.

In case of court reporting or crime reporting, the Code states that the final judgement of the Court should be reported and given emphasis, as opposed to conducting a media trial. In addition, Sweden has incorporated the ECHR in 1994.

Japan

The Japan Newspaper Publishers & Editors Association or Nihon Shinbun Kyokai (NSK),[35] was established in 1946 as an independent and voluntary organisation to establish the standard of reporting, and protect and promote interests of the media. The organisation as part of its mandate has developed the Canon of Journalism, which provides for ethics and codes members of the body should follow. The Canon recognises that with the easy availability of information, the media constantly has to grapple with what information should be published and what should be held back. The Code provides that journalists have a sense of responsibility and should not hinder public interests. In addition, to ensuring accuracy and fairness, the Code states that respect of human rights, includes respect for human dignity, individual honour and right to privacy. Right to privacy is acknowledged as a human right.

Japan does not have an information ministry or organs like the PCC in the U.K. or the Press Ombudsman in Sweden. Apart from the Canon, the NSK has a code for marketing of newspapers, an advertising code and the Kisha club guidelines.[36]

Japan in 2003 formulated the Personal Information Protection Act, which regulates public and private sector. The Act, which came into effect in 2005, aims to ensure that all personal data collected by the public and private sector are handled with care. The Act requires that the purpose of collecting personal information and its use should be specified, information should be acquired by fair means, any information should not be supplied to third parties without prior consent of the individual concerned.

Netherlands

The right to privacy is protected under Article 10 of the Netherlands Constitution. Further, the Article also provides for the enactment of Rules for dissemination of personal data and the right of persons to be informed when personal data is being recorded.

Netherlands also has the Netherlands Press Council which keeps the media in check. The Code of the International Federation of Journalists and the Code of Conduct for Dutch Journalists was drafted by the Dutch Society of Editors-in-Chief to establish media reporting standards. These guidelines can be disregarded by the media only in cases involving social interest.

The Code recognises:

That a person’s privacy should not be violated when there is no overriding social interest;
In cases concerning public persons violation of privacy would take place, but they have the right to be protected, especially, if that information is not of public interest;
The media should refrain from publishing pictures and images of persons without prior permission of persons. Similarly, the media should not publish personal letters and notes without the prior permission of those involved;
The media should refrain from publishing pictures and information of suspects and accused; and
Details of criminal offence should be left out if they would add to the suffering of the victim or his/her immediate family and if they are not needed to demonstrate the nature and gravity of the offence or the consequences thereof.

Conclusion

The right to privacy in India has failed to acquire the status of an absolute right. The right in comparison to other competing rights, like, the right to freedom of speech & expression, the right of the State to impose restrictions on account of safety and security of the State, and the right to information, is easily relinquished. The exceptions to the right to privacy, such as, overriding public interest, safety and security of the State, apply in most countries. Nonetheless, as the paper demonstrates, unwarranted invasion of privacy by the media is widespread. For instance, in the UK, Sweden, France and Netherlands, the right to photograph a person or retouching of any picture is prohibited unlike, in India where press photographers do not expressly seek consent of the person being photographed, if he/she is in a public space. In France, not only is the publication of information is prohibited on account of the right to privacy, but the method in which the information is procured also falls within the purview of the right to privacy and could be violative. This includes information or photograph taken in both public and private spaces. Privacy within public spaces is recognised, especially, “where there is reasonable expectation of privacy.” The Indian norms or code of ethics in journalism fail to make such a distinction between public and private space. Nor do the guidelines impose any restrictions on photographing an individual without seeking express consent of the individual.

The Indian media violates privacy in day-to-day reporting, like overlooking the issue of privacy to satisfy morbid curiosity. The PCI norms prohibit such reporting, unless it is outweighed by ‘genuine overriding public interest’. Almost all the above countries prohibit publication of details that would hurt the feelings of the victim or his/her family. Unlike the UK, where the PCC can pass desist orders, in India the family and/or relatives of the victims are hounded by the media.

In India, the right to privacy is not a positive right. It comes into effect only in the event of a violation. The law on privacy in India has primarily evolved through judicial intervention. It has failed to keep pace with the technological advancement and the burgeoning of the 24/7 media news channels. The prevalent right to privacy is easily compromised for other competing rights of ‘public good’, ‘public interest’ and ‘State security’, much of what constitutes public interest or what is private is left to the discretion of the media.

Notes

[1]The Radia Tapes’ controversy concerns recording of conversations between the lobbyist Nira Radia and politicians, industrialists, bureaucrats and journalists with respect to the 2G spectrum scam. The tapes were recorded by the Income Tax Department. The role played by the media, especially some prominent journalists, in scam has been questioned. A handful of magazines and newspapers have questioned the media ethics employed by these journalists, whose recorded conversations are in the public domain or have been published by a few political magazines. The publication of the recorded conversations by a few media publications has received a sharp reaction from the said journalists. They have accused those media journals of unverified reporting and conducting a smear campaign against them.

[2]1975 AIR 865, 1975 SCR (3) 333.

[3](1994) 6 S.C.C. 632.

[4]AIR 1997 SC 568.

[5]AIR 1997 SC 568.

[6]AIR 1997 SC 568.

[7]International Covenant on Civil and Political Rights, Part III Art. 17. Available at: http://www2.ohchr.org/english/law/ccpr.htm [Last accessed 20//04/2011].

[8]W.P. (C) 288/2009

[9]PTI, Media just turned me into a 'slut' in IPL row: Sunanda Pushkar, 23/04/2010 Available at http://articles.timesofindia.indiatimes.com/2010-04-23/india/28149154_1_sunanda-pushkar-shashi-tharoor-ipl-kochi [Last accessed 20/04/2011].

[10]Vrinda Gopinath, "Got A Girl, Named Sue", 26/04/2010 Available at http://www.outlookindia.com/article.aspx?265098 [Last accessed 20/04/2011]

[11]Interview with Senior Assistant Editor, Hindustan Times, on 18.04.11.

[12]Guideline 6 (i) Right to Privacy, Norm if Journalistic Conduct, PCI.

[13]Interview with a freelance photographer and a former Reuters photographer on 16.04.11.

[14]Kumar, Vinod, “Raped American student’s drink not spiked in our bar,” 16.04.09 Available at http://www.mid-day.com/news/2009/apr/160409-Mumbai-News-Raped-American-student-date-drug-CafeXO-Tata-Institute-of-Social-Sciences.htm, Anon, “Party pics boomerangon TISS rape victim” , 04 .05.09, Available at http://www.mumbaimirror.com/index.aspx?page=article§id=15&contentid=2009050420090504031227495d8b4e80f [Last Accessed April 20,2011].

[15]Interview with Abhinav Pandey, crime reporter with a leading newspaper, on 21.04.11.

[16]Interview with Swati Deshpande, Senior Assistant Editor (Law), Times of India, on 15.04.11.

[17]Crl.Misc.(Main) 3938/2003

[18]Ibid.

[19]Sidhartha Vashisht @ Manu Sharma vs State (Nct Of Delhi), Available at http://www.indiankanoon.org/doc/1515299/.

[20]Ibid

[21]WP(Crl.) No.1175/2007

[22]Ibid

[23]Ibid

[24]Ibid

[25]NBA is a community formed by private television & current affairs broadcasters. As per the NBA website, it currently has 20 leading news channels and current affairs broadcaster as its members. Complaints can be filed against any of the broadcasters that are members of NBA on whom the Code of Ethics is binding.

[26]For additional details, please refer to the website: http://www.nbanewdelhi.com/authority-members.asp [Last Accessed April 20,2011]

[27]TNN, “'Full video will further embarrass Shakti', 15.03.2005 Available at http://articles.timesofindia.indiatimes.com/2005-03-15/mumbai/27849089_1_sting-operation-shakti-kapoor-film-industry.

[28]For more details please refer to the PCC website: http://www.pcc.org.uk/ [Last Accessed April 20,2011].

[29]Singh, A., May 2008, “JK Rowling wins privacy case over son's photos”http://www.telegraph.co.uk/news/uknews/1936471/JK-Rowling-wins-privacy-case-over-sons-photos.html [Last Accessed April 20,2011].

[30]For more details, please refer to: http://www.kbkcl.co.uk/2008/03/privacy-law-the-french-experience/ and http://ambafrance-us.org/spip.php?article640 [Last Accessed April 20,2011].

[31]For more details, please refer to:http://www.ambafrance-uk.org/Freedom-of-speech-in-the-French.html [Last Accessed April 20,2011].

[32]http://www.po.se/english/how-self-regulation-works [Last Accessed April 20,2011].

[33]Ibid.

[34]Please refer to this website for additional details: http://ethicnet.uta.fi/sweden/code_of_ethics_for_the_press_radio_and_television and http://www.po.se/english/code-of-ethics/85-code-of-ethics-for [Last Accessed April 20,2011].

[35]http://www.pressnet.or.jp/english/index.htm [Last Accessed April 20,2011].

[36]Kisha Clubs, are clubs where only a few media houses/newspapers have access to public institution information. They have been criticised for its lack of openness and encouraging monopoly on reporting.

For more details visit https://cis-india.org/internet-governance/blog/privacy/privacy-media-law

Principles for Internet Governance: NETmundial 2014 — What do the Contributions Reveal?

geetha — 2014-04-23T04:01:21Z

The Global Multi-stakeholder Meeting on the Future of Internet Governance (NETmundial) is scheduled for April 23-24, 2014. Towards its stated end of establishing "strategic guidelines related to the use and development of the Internet in the world", NETmundial sought contributions from stakeholders around the world on two topics: (1) Set of Internet governance principles; (2) Roadmaps for the further evolution of the Internet governance system.

This post analyses the contributions of the academic community to draw out broad agreements and divergences concerning Internet governance principles.

I. Introduction

In two days, a large measure of the global Internet community – governments, the private sector, civil society, technical community and academia – gather in São Paulo, Brazil, for the Global Multi-stakeholder Meeting on the Future of Internet Governance. The NETmundial (April 23-24, 2014), touted as the World Cup of Internet governance, is a global conference convened and supported by the Brazilian president, Dilma Rousseff, and organized by the Brazilian Internet Steering Committee (CGI.br) and /1Net, a forum comprising various stakeholders involved and interested in Internet governance. It hopes, importantly, “to establish strategic guidelines related to the use and development of the Internet in the world”. To this end, it sought open-ended Contributions from interested stakeholders on the topics, “Set of Internet governance principles” and “Roadmaps for the further evolution of the Internet governance system”. The agenda for NETmundial may be found here.

To fully utilize the 2 short days available, knowledge of the stakeholder positions, especially their broad agreements and divergences on the two topics, is of immense help. Through a series of posts, I analyse the contributions to NETmundial on the question of Internet governance principles, seeking to dig deep into definitions and interpretations of suggested principles, such as management of Critical Internet Resources (such as the Domain Name System), human rights including freedom of expression and privacy, cyber-security, inclusiveness and participation in Internet governance, etc. In separate posts, I shall analyse contributions of each sector (governments, the private sector, civil society, technical community, academia and ‘Other’) and finally, present an overall analysis of the contributions pitted against the Draft Outcome Document, which is presently under discussion.

II. The Contributions

The NETmundial has received 187 contributions from 46 countries. Sector break-ups are given below:

Sector	Number of Contributions (187)
Academia	20
Governments	28
Private Sector	43
Civil Society	61
Technical Community	16
‘Other’ (such as UNESCO, the European Commission, etc.)	19

A quick look at the contributors indicates that contributions are primarily from North America, Europe, South and East Asia, and South America. No or very few contributions were made from large parts of Africa and South East Asia, Central and West Asia, Eastern Europe and Western South America. We present a graphical representation of contributing countries here.

Of the contributions, stakeholders from various sectors contributed to the two topics listed above in the following manner:

Sector	Set of Internet Governance Principles	Roadmaps for Further Evolution of the Internet Governance System	Combined: Internet Governance Principles & Roadmaps
Academia	7	7	6
Government	7	4	17
Private Sector	11	3	29
Civil Society	25	21	15
Technical Community	8	5	3
‘Other’	7	4	8

Despite the above classification, I focus on all 187 contributions for analysis. This is as some contributions expressly set out principles while others do not. Therefore, eliciting and analyzing principles from stakeholder contributions has involved a certain amount of subjective maneuvering. However, such elicitation has been restricted on the following bases:

The contribution is externally categorized as falling under either “Set of Internet governance principles” or “Combined – Internet governance principles & Roadmaps”.
Internally, the document places principles under rubrics of ‘Internet governance principles’.
Internally, the document makes references to Internet governance principles before setting out (without rubrics) principles.

With this caveat, I go on to discuss the NETmundial contributions from the academic community to Internet governance principles.

Part I: Academia

Of the academic contributions, the main contributors are Africa (Kenya – 1, Sudan – 3), Europe (Germany – 1, Poland – 1, Portugal – 1, Russia – 2, Ukraine – 1), South America (Argentina – 1, Brazil – 3) and the United States (8). No Asian country has made an academic contribution, and as evident from above, academia is geographically severely under-represented. Furthermore, only 4 out of 20 contributions expressly set out Internet governance principles. These four are:

Semantics aside, certain broad, high-level consensus emerges within the academic community. On substantive principles of governance on the Internet, the greatest support is found for freedom of express and access to information, with 6 contributions emphasizing this. Equally important is Internet universality and non-discriminatory (3 contributions), universal access to the Internet (6). Protection of privacy and permissible levels of surveillance come a close second, with 5 contributions referring to these. Cyber-security (5), respect for human rights (4) and support for net neutrality (3) and cultural and linguistic diversity on the Internet (3) also emerge as issues of concern for the academic community. The UNESCO and academics from Sudan emphasize training and education to use the Internet. Inter-operability (2) and a single, unfragmented Internet (2) also find a place in the academic community’s contributions.

With regard to processual principles for Internet governance, inclusiveness and participation are the most important concerns (5). The academic community asks for an open, transparent and multi-stakeholder Internet governance system (4), calling for international cooperation (2) among governments and other stakeholders. Interestingly, one contribution requires that the role of governments in the multi-stakeholder model be limited to “the facilitation of the participation of their domestic stakeholder communities in Internet governance processes”, while a Brazilian contribution advocates a multilateral model.

While no contribution expressly calls for these principles to underscore global Internet governance, the author believes that a high-level consensus may be gleaned in favour of respect for and protection of human rights, especially freedom of expression, access to information, privacy and protection from unwarranted domestic or extraterritorial surveillance. This is further supported by cyber-security concerns. The call for universal access to the Internet, alongside mention of net neutrality, emphasizes inclusiveness and non-discrimination. Processually as well, inclusiveness and participation (including equal participation) of all stakeholders finds the largest support, reflected in the calls for multi-stakeholder models of Internet governance.

No glaring divergences exist with regard to human rights or principles of governance on the Internet. The only major divergence amongst academia is the call for multilateral or multi-stakeholder models of Internet governance. While a majority of the contributions call for multi-stakeholder models, the Brazilian contribution (linked above) calls for “Open, multilateral and democratic governance, carried out with transparency by stimulating collective creativity and the participation of society, Governments and the private sector”, while at the same time supporting a “real multi-stakeholder governance model for the Internet based on the full involvement of all relevant actors and organizations”. Indeed, even this divergence is marked by a common emphasis on open, transparent and inclusive participation in Internet governance.

For more details visit https://cis-india.org/internet-governance/blog/principles-of-internet-governance-net-mundial-2014

Press Release: Users’ rights and interests should be balanced with those of IP rights-holders: Global Congress

geetha — 2015-12-17T08:40:05Z

The Global Congress on Intellectual Property and Public Interest is being held at the National Law University, Delhi, on 15-17 December 2015. The global event is jointly organized by CIS, NLU Delhi, Open A.I.R., CREATe, Columbia University and American University. Below is the Press Release from Day 2 of the Global Congress.

Press Release

16 December 2015

Users’ rights and interests should be balanced with those of IP rights-holders

Today, on the 2^nd day of the Global Congress on Intellectual Property and Public Interest at NLU-Delhi, a range of issues were discussed across the parallel tracks. The Access to Medicines track opened with a keynote address by the honourable Justice Kirby, former judge of the High Court of Australia and current member of the UN Secretary General’s High Level Panel on Access to Medicines. The Openness track saw discussions on collaborative innovation, the future of openness and access to education, along with cross-sectoral perspectives on openness.

In the Intellectual Property and Development track, the discussions centred around the intersection of traditional knowledge, geographical indicators and indigenous rights, on agriculture and plant varieties with specific references to the Indian position, and an exploration of the global South’s research networks on IP, innovation and development. The track focused on a range of themes, including the development issues that arise from varying approaches to intellectual property, i.e., closed or open approaches, depending on the limitations placed on the sharing and use of knowledge produced with public funding.

The User Rights track is closely aligned with openness. Today, the track explored issues of copyright reform and digital democracy, along with concerns of increasing propertisation of data. A discussion around trade agreements and their impact and enforcement on copyright and the Internet allied with the above sessions.

Speakers shared their views on a variety of issues:

Access to Medicines

Justice Michael Kirby, former judge of the High Court of Australia and its longest serving judge, spoke on the changing challenges in the ‘access to medicine’ movement. There has been a sea change in the access to anti-retroviral drugs, he said, but also increasing challenges.

“The key question in access to medicines is this: How do you provide just returns for inventors, while at the same time respecting the universal right to essential healthcare? Developing states like India are increasingly at risk. In 2001, the UN Special Rapporteur on Access to Medicines expressed his concern about the fact that TRIPS flexibilities open to developing states are rarely used. This concern is deepening with the trend of United States, Japan Switzerland and other European countries convincing poorer states to give up their TRIPS exceptions and flexibilities.”

Anand Grover of Lawyers Collective was concerned that intellectual property is not delivering on its stated objectives, particularly in developed states.

“It is important,” he said, “to keep checking whether objectives are met through the patent system. Earlier, generic manufacturers were keen to employ a strategy that invited conflict from patent-holders and pharmaceutical companies. But increasingly, their strategies are backfiring; courts are leaning towards granting injunctions against generic manufacturers. This is a real concern.”

Shiba Phurailatpam of the Asia-Pacific Network of People living with HIV/AIDS spoke of the increasingly dismal scenario of access to affordable medicines in middle-income countries:

“Multinational companies are using World Bank classifications of GDP to deny affordable medicines to millions in the developing world. With the profits they are making in these countries, they then lobby their governments to push TRIPS-plus measures in our countries through FTAs and bilateral pressure. Meanwhile they are also entering into restrictive voluntary licenses with key Indian generic companies that exclude middle-income countries. 20 years of TRIPS has only strengthened pharmaceutical corporate power over the lives and health of patients. If we are serious about universal health care the monopolies on medicines have to end.”

Openness

“The digital environment cannot be developed without an important agenda on open policy and copyright reforms,” said Carolina Botero of the Karisma Foundation.

Lawrence Liang, legal researcher and expert on the practice and ethics of intellectual property and openness, said,

“Over the past decade and a half, the language of openness and ‘Access to Knowledge’ has emerged as an important counter to the dominant proprietary and protectionist approach of the global IP regime. By shifting the focus from proprietary systems to open ones, and from control to equitable access, the openness frame has created a political and ethical language with which people could redress the harmful effects of strong IP regimes. Open systems of knowledge production and dissemination such as Wikipedia and Open Access journals could play a key role in helping developing countries gain access to learning materials and knowledge which are locked into expensive databases. In that sense openness is an important political strategy to address questions of equity and distributive justice in the information era.”

Alek Tarkowski, Director of Centrum Cyfrowe Projekt in Poland, concurred,

“Open licensing models and modern copyright rules are complementary from the perspective of ensuring freedom of education."

Mishi Choudhary, Executive Director of SFLC.in, said that

“The government of India is right in embracing Free and Open Source Software, and in encouraging free sharing enabled by the suite of Creative Commons licences. It is crucial to understand that intellectual property is not an end in itself. The 21^st century needs innovation policy and collaborative innovation, not IP maximalism.”

Intellectual Property and Development

K.M. Gopakumar, legal advisor and senior researcher at Third World Network, said,

“The current IP regime prioritises the rights of intellectual property-holders without addressing development needs. A change in this status quo is the need of the hour. There is an urgent need for governments, specially in developing countries, to interrogate the international IP regime to achieve sustainable development goals, instead of simply following the propaganda of transnational corporations and their home governments.”

Lucienne Abrahams, Director of the LINK Centre for Digital Transformation in South Africa, argued that,

“Innovation to produce more effective medicines for dread diseases and pandemics, to produce clean technologies, and digital technologies, in the high technology hubs forming across the African continent, the Asian continent and other developing regions of the world, requires open innovation approaches to keep up with the demand of more than 4 billion people for new technologies to enhance quality of life and to address conditions of dire poverty. Patents and copyright provide too meager opportunities for development-oriented innovation.”

User Rights

Claudio Ruiz of Derechos Digitales spoke of the need for greater engagement between advocates and scholars towards openness:

“There needs to be a better connection between advocates and scholars towards openness, and therefore, develop a better Intellectual Property regime, especially for developing countries. The Users Rights track at the Global Congress is a great gathering to connect those worlds and therefore to fill the existent gaps in terms of research and advocacy.

“One of the most important challenges we are facing today is to fight existing narratives on intellectual property. Today, these are considered the only way to enhance and protect creation of content and culture. But new developments, especially those connected with technology and the Internet, are a huge opportunity to create new narratives around this topic and to create a safer space for users around the world who are seen today as pirates and copyright infringers. The last 40 years’ of international regulation on copyright has been mainly driven by private interest of copyright owners, the users and the general public being alien to these discussions. The development of the Internet today creates a great opportunity to connect users and the general public with the international regulation of copyright. Copyright regulation is not just about content owners, but about access to knowledge and information for everyone. That implies the need to address public interest as the main topic and not as a marginal one.”

“One of the most important issues for India and for the world today,” said Prabir Purkayastha of the Knowledge Commons Collective, “is the question of data rights. The world is grappling with these. The Internet economy today is based on converting personal information into private property. Data rights are critical from the perspective of privacy, and also whether data rights should constitute property rights.”

*

Photographs of the speakers can be found at this link: https://drive.google.com/folderview?id=0B60BN7sFZRQFSzNFSERkTmtrcEE&usp=sharing.

For more information, please contact me at geetha@cis-india.org.

For more details visit https://cis-india.org/a2k/blogs/press-release-users2019-rights-and-interests-should-be-balanced-with-those-of-ip-rights-holders-global-congress

Press Release: Medicines should not bankrupt patients or public health systems: Access to medicines at the Global Congress

geetha — 2015-12-17T08:33:54Z

PRESS RELEASE
DECEMBER 15, 2015: DAY 1

Medicines should not bankrupt patients or public health systems: Access to medicines at the Global Congress

No wealth? No health, then!

Today, on the 2nd day of the Global Congress on Intellectual Property and Public Interest, access to medicines has been a crucial theme. All the more so, since the UN Secretary General’s High Level Panel on Access to Medicines had its first meeting on December 11, 2015. At a critical crossroads for access to medicines, we are delighted to welcome Justice Michael Kirby, former justice of the High Court of Australia and a member of the High Level Panel, as a keynote speaker at the Global Congress. Justice Kirby will be speaking on 16 December 2015, the 3rd day of the Congress.

On day 1, reflecting on the critical questions in the ‘access to medicines’ movement, Matt Kavanagh of HealthGAP and University of Pennsylvania, said,
“In high-, middle- and low-income countries, people are going without access to new medicines for many disease areas including HIV, hepatitis C and cancer. This is because a year’s worth of meds can cost many times more than a year’s salary. This is driven by an IP system that is out of sync with the needs of the people. We are now seeing a global reckoning of how to reign in maximalist rights for intellectual property holders in favour of models that balance innovation, health and access.”

Dr. Germán Velásquez, Special Advisor for Health and Development at South Centre, agreed that,
“There has been a total failure in the model involving pharmaceutical patents. This is both an important problem and there is an urgent need to find alternatives to the patent system. The issue,” he said, “is the lack of an international authority. The World Health Organization no longer has teeth. What we need is a binding international treaty to tackle this crisis. Developed countries argue against this by claiming it will be financially burdensome for them, but a successful treaty on medical R&D would lead to better and more affordable medicines for everyone.”

Judit Rius of Médecins Sans Frontiéres concurred,
“There is ample evidence that the current intellectual property system has failed not only to deliver innovation, but also access. Prices of medicines are rising globally. The threats are more dire than ever with the Trans-Pacific Partnership (TPP). It contains a very aggressive and dangerous IP-maximising agenda that will endanger access to medicines and increase drug prices for the whole of the ASEAN region, and potentially at the global level. Not only this, but India is under immense pressure to abandon the public health safeguards that have made it the ‘pharmacy of the developing world’. We should be looking for global solutions, and for that, India is critical and this Congress is pertinently timed.”

The TPP and its IP-maximising agenda weigh heavy on the minds of many experts. James Love, Director of Knowledge Ecology International (KEI), a human rights group that works on intellectual property rights and innovation, said,
“Trade agreements that expand and extend drug monopolies create policy-induced inequality in health. Governments need to resist measures that increase drug prices, but also fashion alternative frameworks for financing innovation, based upon the delinkage of R&D costs from drug prices."

The TPP is imposing US-centric standards on the rest of the world, said Burcu Kilic, Legal and Policy Director for Public Citizen’s Global Access to Medicines Program.
“Being here and discussing 20 years’ of TRIPS, it becomes clear that the intellectual property agenda has changed a lot. Today, we discuss not only TRIPS, but also the TPP, which is a ‘made-in-America’ agreement regulating IP. It seeks to introduce what it calls “21st century high standards”, but the evidence is clear that those higher standards on IP will result in lower standards of health and reduced access to medicines.”

Dr. Susan K. Sell, intellectual property expert and Professor of Political Science and International Affairs at George Washington University, spoke of dangerous trends in access to medicines.
“The rise of investor-state dispute mechanisms is the ‘camel’s nose inside the tent’ in access to medicine,” said Dr. Sell. “The Eli Lilly case in Canada is important to IP rights-holders. They are trying to use a non-transparent channel to get public health rules struck down.”

Anand Grover of Lawyers Collective said, “Inter-state dispute resolution systems under BITs are private, non-transparent entities which are taking decisions that impact health and welfare.” Also, “product patents lead to monopoly and exorbitant prices, and process patents lead to relative competition. This is a message that is being lost in a lot of governments, including ours.”

Dr. Amit Sengupta of the Delhi Science Forum offered his views on the impact on India. “At the moment, there are principal shifts in public policy in India, with impacts on the generic drugs industry. The ‘pharmacy of the global South’ is under threat,” said Dr. Sengupta, “and this affects not only India, but also those in need in other states as well. The Global Congress is very relevant, in that we perceive India under pressure to ensure patent protection, while other states move towards emulating India’s health safeguards.”

*

Please find photographs of some of the quoted speakers in this folder:
https://drive.google.com/folderview?id=0B60BN7sFZRQFVGtZWDQ3c25MbDg&usp=sharing.

For further information, please contact:
Matthew Kavanagh: mkav@sas.upenn.edu
Burcu Kilic: bkilic@citizen.org
Geetha Hariharan: geetha@cis-india.org

For more details visit https://cis-india.org/a2k/blogs/press-release-medicines-should-not-bankrupt-patients-or-public-health-systems-access-to-medicines-at-the-global-congress

Press Release: India to Host 4th Global Congress on Intellectual Property and the Public Interest

geetha — 2015-12-14T09:21:01Z

The Centre for Internet and Society (CIS) is happy to announce that 4th edition of the Global Congress will be held at the National Law University, New Delhi (NLU-D) on 15-17 December 2015. The Congress is jointly organised by CIS, NLU-D, Open A.I.R., CREATe, Columbia University and American University.

In October this year, the 7-year-long negotiations leading up to the Trans-pacific Partnership (TPP) came to an end. The pluri-lateral TPP has not received the coverage it deserves; its provisions do more harm to users and developing countries than are easily spotted. For instance, the TPP has an anti-FOSS clause, which may prevent and prohibit governments like India from adopting open access and FOSS mandates in research.

This should cause public outrage. FOSS (Free and open source software), which allows users to freely use, study, adapt and modify the source code, plays a crucial role in access to knowledge and information. Many states, including India, mandate the use of FOSS in research and make open access mandatory. For instance, an IIM study says that India could save Rs. 8254 crores by implementing FOSS in schools and other institutions. But with the TPP, all this could change.

Access to knowledge is not the only sufferer. With our progressive patent regime, India is often called the pharmacy of the world. Indeed, we may go so far as to say that the poor depend on India for generic, affordable drugs. But the global story is far from India’s success. In many states, the pharmaceutical industry’s stronghanded lobbying has had drastic impacts on access to medicines. A disheartening exemplar is Martin Shkreli, the CEO of Turing Pharma and KaloBio Pharmaceuticals. To public outrage, Mr Shkreli announced an astronomic hike in the price of benznidazole, a drug commonly used in the treatment of Chagas diseas. Mr Shkreli plans to increase prices from US $50-$100 for a typical treatment, to US $60,000-100,000. What is worse: Mr Shkreli is neither the first nor the only man in the price-hike arena.

Intellectual property laws are meant to balance innovation and access, serving the interests of rights-owners and users alike. But today, global intellectual property regimes prioritise the interests of rights-owners, often neglecting the consequences on users and the general public. The result is expensive barriers to access to medicines, scientific and academic scholarship, and technologies for development.

The 4^th Global Congress on Intellectual Property and Public Interest, the first gathering in Asia of over 500 public interest-oriented intellectual property practitioners from across the world, seeks to balance users’ rights and interests with those of rights-owners. It brings together research, civil society, industry and regulatory and policy-making communities for active, intense engagement on key public-interest intellectual property issues

The Centre for Internet and Society (CIS) is happy to announce that 4^th edition of the Global Congress will be held at the National Law University, New Delhi (NLU-D) on 15-17 December 2015. The largest ever in Asia, the Congress is jointly organised by CIS, NLU-D, Open A.I.R., CREATe, Columbia University and American University.

The 4^th Congress is themed around “Three Decades of Openness; Two Decades of TRIPS” and will be organised in four parallel ‘tracks’ of (1) Openness, (2) Access to Medicines, (3) User Rights, (4) IP and Development. The Congress seeks to produce three outcomes — first, the mobilization of existing scholarly research directly into the hands of civil society advocates, business leaders and policy makers, leading to evidence-based policies and practices; second, the collaborative identification of urgent global and local research priorities towards generating joint research/advocacy agendas; and third, the solidification of an inter-disciplinary, cross-sector and global networked community of experts and practitioners focused on the public interest aspects of Access to Knowledge policy and practice.

Distinguished Speakers and Scholars

We are delighted to host a distinguished group of keynote speakers with a wide range of expertise. The Congress will open with plenary sessions featuring keynote speakers such as Prof. (Dr.) Ranbir Singh, Vice Chancellor of NLU-D, Mr. G.K. Raghavendar, Joint Secretary, Department of Industrial Policy and Promotion, Prof. (Dr.) Hong Xue, Director of the Institute for Internet Policy and Law at Beijing Normal University, Dr. Michael Geist, Canada Research Chair in Internet and E-Commerce Law at the University of Ottawa, and Dr. Nagla Rizk, Founding Director of the Access to Knowledge for Development Center (A2K4D) at the School of Business, The American University in Cairo.

Throughout the Congress, participants will break into rooms for theme-specific presentations, workshops and panel discussions. In a decentralised, democratic manner, experts in the field will curate thematic, problem-based discussions in parallel ‘tracks’ to explore content.

In an interview prior to the Congress, several experts shared their views on the burning issues in intellectual property. Sharing his views on access to medicines, Prof. Shamnad Basheer, founder of SpicyIP said, “The gap between generic interests and patient interests are widening. As a result of this, there is increasing pressure on civil society to fight the good fight and continue opposing frivolous pharma patents. Also, we need to look into the specifics and determine whether the innovation brought forth by an entity really furthers personal interests or the interests of the community or society at large. Good faith is a large part of this equation and it can help determine if what one is doing is in larger public interest or private interest.”

On the same issue, Prof. Susan Sell from George Washington University said, “There are big differences between NGOs in the access to medicine movement and pharmaceutical companies. There are many representatives of pharmaceutical firms that really believe in the morality of their position – that you need protection to innovate the next generation of drugs. They sincerely believe that the development of drought-resistant plants is something that is good for the world. So these people also make a moral claim whether or not you agree with it. The point is such claims are not purely cynical or instrumental on the part of such actors.”

Dr. Michael Geist, Law Professor at University of Ottawa commented on the movement advocating open access to scholarly and scientific literature. He raised his concerns on Article Processing Charges (APC), a model currently employed by publishers, saying, “The APC model may price open access out of the hands of many scholars. We need experimentation with different open models, recognizing the economic uncertainty of switching away from high-priced subscriptions. However, APC may entrench much of the current model and is among the least desirable (though increasingly common) publisher approaches to Open Access.”

Concurring with Dr. Geist’s statement, Mr. Zakir Thomas, an expert in the field of intellectual property rights and open source innovation, said, “Creating a national depository of open access journals which are properly cited and indexed, organized subject-wise and searchable online by all our academic institutions should be the next step. Open access is about access to knowledge. It will ensure that the work you do at your lab is now accessible by people at large.”

New at the Global Congress

The 4^th Congress comes with marked changes based on feedback from participants from the earlier editions. A Room of Scholars is planned, in which key research outputs such as advanced chapters or white papers may be presented. Another important addition will be structured Cross-Track Meetings, focusing on research cutting across tracks, so that the tracks may share learnings and research outputs, and enter into collaborative dialogue.

A ‘Youth Workshop on Intellectual Property, Public Health and Access to Medicines’ is a novel feature at this Congress. Organised at NLU-D by the Institute for Studies in Industrial Development (ISID), Peoples Health Movement (PHM) and Prayas, from 14-22 December 2015.

The detailed schedule for the Global Congress can be accessed here.

For more information regarding the Global Congress or participation, please contact our team:

Swaraj Paul Barooah, Organiser: swaraj.barooah@gmail.com
Shruthi Chandrasekaran, Organiser: shruthi.chandrasekaran@gmail.com
Geetha Hariharan, Press Officer: geetha@cis-india.org

***

About CIS

The Centre for Internet and Society (CIS, http://cis-india.org) is a non-for-profit organisation that undertakes interdisciplinary research from policy and academic perspectives on digital technologies and the Internet. Our focus areas of research include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), Internet governance, telecommunication reform, digital privacy and cyber-security. CIS’ academic wing seeks to understand the mediation and reconfiguration of social and cultural processes and structures by the Internet and digital media technologies.

For more details visit https://cis-india.org/a2k/blogs/press-release-india-to-host-4th-global-congress-on-intellectual-property-and-the-public-interest

Presentation on MLATS

praskrishna — 2012-12-21T07:11:08Z

For more details visit https://cis-india.org/internet-governance/blog/presentation-on-mlats.pdf

Presentation at TIFR: 'Scholarly Communication in the Age of the Commons'

sachia — 2011-04-02T15:42:49Z

CIS Distinguished Fellow Dr. Subbiah Arunachalam will give a talk titled 'Scholarly Communication in the Age of the Commons' at TIFR, Mumbai, on Friday, 24 July 2009.

Dr. Subbiah Arunachalam, Distinguished Fellow, Centre for Internet and Society, Bangalore, Scholarly communication in the age of the commons, 24/07/09, 1600Hrs, AG-66

Abstract

Scholarly communication plays a central role in the creation and assimilation of new knowledge, especially in the sciences. In its turn scholarly communication depends on developments in technology. Unfortunately, scientists who do cutting edge science often follow communication practices of a bygone era and are therefore holding back the development of knowledge. In this talk we will look at state-of-the-art developments in scholarly communication and literature-based evaluation of science and see how we in India can benefit by adopting them.

About Dr.Subbiah Arunachalam

Subbiah Arunachalam is an information scientist. He has been an editor of scientific journals, teacher of information science, librarian, and a science writer. As Secretary and Editor of publications of the Indian Academy of Sciences, Bangalore, during 1973-75, he reorganised the publications of the Academy and helped enlarge its Fellowship. Currently he is actively promoting open access to science and scholarship. His interests include scientometrics, science journalism and ICT-enabled rural development.

-----

See the original posting at the TIFR website here.

For more details visit https://cis-india.org/news/presentation-at-tifr-scholarly-communication-in-the-age-of-the-commons

Presentation at IDRC: ‘Scholarly Communication in the Age of the Commons -- A Southern Perspective’

sachia — 2011-04-02T15:59:03Z

Prof. Subbiah Arunachalam, CIS Distinguished Fellow, will give a talk titled 'Scholarly Communication in the Age of the Commons -- A Southern Perspective' at IDRC, Ottawa, Canada, on 13 July 2009.

Brown Bag Presentation: ‘Scholarly communication in the age of the commons - A southern perspective’ by Subbiah Arunachalam, Distinguished Fellow, Centre for Internet and Society, Bangalore, India

Date: July 13, 2009

Time: 1400 hr

Location: IDRC

150 Kent Street

Ottawa, ON, Canada

Room 950

RSVP: Nicole Leguerrier nleguerrier@idrc.ca

The toll-access journal system that was set up some 350 years ago and which has served well till a few decades ago evolved, for historical reasons, largely to serve the needs of North-North knowledge exchange and has failed to take cognizance of the aspirations of the South. The need for science to be performed everywhere and take roots in all countries is now well recognized. If OA is so very important to the South, why is the progress slow? While computers, internet access and bandwidths continue to pose problems in a number of southern countries, in general the situation is improving. The more important factor is scientists' apathy. Scientists in the South, by and large, do not exercise their rights to the full; often they give away on a platter copyright to their research papers to journal publishers. The publishers themselves indulge in practices that would entice publishing scientists and librarians to act in ways that would benefit the publishers. Funding agencies and governments of southern countries are not as proactive as they should be.

Focused advocacy on the advantages of the public commons approach can bring about some revolutionary changes. Such advocacy should be aimed at all levels of stakeholders. Some examples of what is being done in India will be presented.

Biography

Subbiah Arunachalam (Arun) is a Distinguished Fellow with the Centre for Internet and Society (CIS), Bangalore, a research and advocacy organization that was founded in August 2008. Before then, he was a volunteer for 12 years with the M S Swaminathan Research Foundation, a Chennai-based NGO, promoting the use of information and communication technologies to empower the poor and the marginalized and bring about holistic rural development.

Arun is an advocate of open access to scientific and scholarly literature and has conducted several workshops on knowledge management, electronic publishing, open access archiving, science communication, and South-South Exchange for sharing knowledge among development workers from Asia, Africa and Latin America. Arun has been a Visiting Professor at the Indian Institute of Technology, Chennai, University of Calcutta, Annamalai University, National Institute of Advanced Study, Bangalore, and Asian Collegeof Journalism, Chennai. Immediately after returning to India Arun will join the Institute of Mathematical Sciences, Chennai, as a visiting scientist. Arun has been a member of the Executive Committee of Global Knowledge Partnership (GKP) for two terms, and is currently a member of the International Advisory Board of IICD, The Hague, and a Trustee of both the Voicing the Voiceless Foundation, New Delhi, and the Electronic Publishing Trust for Development, UK.

---------------------------------------------------------------------------

Causerie-midi: La communication scientifique à l’ère des biens communs – perspectives du Sud, par Subbiah Arunachalam, chercheur associé de marque au Centre for Internet and Society, Bangalore (Inde)

Date: le 13 juillet 2009

Heure: 14 h

Lieu: CRDI

150, rue Kent

Ottawa (Ont.) Canada

pièce 950

RSVP: Nicole Leguerrier (nleguerrier@idrc.ca)

Pour des raisons historiques, le système des publications scientifiques payantes mis en place il y a trois siècles et demi et qui a produit des résultats satisfaisants jusqu’aux dernières décennies sert maintenant, en grande partie, l’échange de connaissances Nord-Nord et ne prend pas en compte les aspirations du Sud. La nécessité de favoriser partout l’activité scientifique et de conforter son enracinement dans tous les pays est aujourd’hui généralement admise. Si le libre accès revêt une telle importance pour le Sud, pourquoi les progrès sont-ils si lents ? Bien que les ordinateurs, l’accès Internet et la bande passante continuent de poser problème dans un grand nombre de pays du Sud, la situation a somme toute tendance à s’améliorer. Le facteur qui joue le plus est dès lors l’apathie des chercheurs. De façon générale, les scientifiques du Sud n’exercent pas pleinement leurs droits : ils cèdent les droits d’auteur sur leur article à l’éditeur de la revue. Et les éditeurs se livrent à des pratiques qui incitent les auteurs et les bibliothécaires à agir à leur avantage. Les bailleurs de fonds et les gouvernements des pays du Sud, quant à eux, ne sont pas aussi proactifs qu’ils le devraient.

Un plaidoyer axé sur les avantages des biens communs pourrait produire des changements révolutionnaires. Ce plaidoyer doit viser toutes les parties prenantes. M. Subbiah Arunachalam livrera des exemples d’initiatives en cours en Inde.

Notice biographique

Subbiah Arunachalam (Arun) est chercheur associé de marque au Centre for Internet and Society (CIS) de Bangalore, un organisme de recherche et de plaidoyer fondé en août 2008. Il a été auparavant bénévole, pendant 12 ans, à la Fondation de recherche M.S.Swaminathan, une ONG de Chennai ayant pour vocation d’encourager le recours aux technologies de l’information et de la communication afin de rendre les populations pauvres et marginalisées plus autonomes et de favoriser un développement rural global.

Arun est partisan du libre accès aux publications scientifiques et savantes et a animé plusieurs ateliers sur la gestion des connaissances, l’édition électronique, l’auto-archivage, les communications scientifiques et les échanges Sud-Sud afin de favoriser la mise en commun des connaissances parmi les professionnels du développement d’Asie, d’Afrique et d’Amérique latine. Il a été professeur invité à l’Institut indien de technologie de Chennai, à l’Université de Calcutta, à l’Université Annamalai et au National Institute of Advanced Studies de Bangalore. Il a siégé au comité exécutif de l’Alliance mondiale pour le savoir (GKP) pendant deux mandats et siège actuellement au comité consultatif international de l’Institut international pour la communication et le développement (IICD), à La Haye, ainsi qu’aux conseils d’administration de la fondation Voicing the Voiceless de New Delhi et de l’Electronic Publishing Trust for Development, au Royaume-Uni.

For more details visit https://cis-india.org/news/idrc-scholarly-communication

Presentation at Global Digital Humanities Symposium

sneha-pp — 2019-05-03T09:41:53Z

P.P. Sneha gave a virtual presentation of her work on digital cultural archives at the Global Digital Humanities Symposium organised by Michigan State University on March 21-22, 2019.

Puthiya Purayil Sneha (Centre for Internet and Society, Bangalore, India)

The archive has been an important context for conversations around digital humanities (DH) in India, as it has been globally. The last few decades have seen several large-scale efforts in digitalization across various sectors, including state institutions (National Museum, National Cultural Audio-Visual Archive (IGNCA)) universities (Jadavpur University, Ambedkar University,) and individual and collaborative efforts (Indian Memory Project, Indiancine.ma ) to name a few. The emergence of new fields like DH, digital cultures and cultural analytics also indicate several shifts in scholarship, pedagogy and practice, on the one hand alluding to the potential offered by democratizing technologies, but also reflecting persistent challenges related to the digital divide, and more specifically politics around the growth and sustenance of the humanities disciplines.

The growth of new areas of study and creative practice like DH has brought about a renewed focus on the creation of digital corpora, and the need for new technologies and methods of research, more specifically through the development of digital pedagogies. The contexts of these questions are however much wider, located in long-spanning efforts in digitization and digital literacy more broadly, which are still fraught with challenges of access, usage and context. Even as the colonial imagination of state archives remains prevalent in India, digital archival initiatives facilitated by infrastructure such as open source content management systems and tools like web annotation have opened up spaces for alternate narratives. Drawing upon excerpts from a report on mapping the field of DH in India, and ongoing conversations on the digital transition in archival practices, this presentation seeks to understand the politics of digital archiving in a postcolonial context, and how it informs larger trajectories of digitalisation, and the growth of fields like DH in India today.

For more info click here

For more details visit https://cis-india.org/raw/presentation-at-global-digital-humanities-symposium

Preliminary Submission on "Internet Governance Issues" to the Associated Chambers of Commerce & Industry of India

geetha — 2015-02-12T14:52:04Z

On January 30, 2015, Associated Chambers of Commerce & Industry of India (ASSOCHAM) held a consultation on Internet governance. A committee was set up to draft a report on Internet governance, with a focus on issues relevant to India. The Centre for Internet and Society (CIS) is represented on the committee, and has provided its preliminary comments to ASSOCHAM.

ASSOCHAM convened a meeting of its members and other stakeholders, at which CIS was represented. At this meeting, inputs were sought on Internet governance issues relevant for India, on which the industry body proposed to make comments to the Ministry of External Affairs, Government of India. Such a discussion, proposing to consolidate the views of ASSOCHAM members in consultation with other stakeholders, is a commendable move. This submission presents preliminary comments from the Centre for Internet and Society (CIS) in light of ASSOCHAM's consultation on Internet governance.

I. About CIS

1. CIS is a non-profit research organization that works, inter alia, on issues relating to privacy, freedom of expression, intermediary liability and internet governance, access to knowledge, open data and open standards, intellectual property law, accessibility for persons with disabilities, and engages in academic research on the budding Indian disciplines of digital natives and digital humanities.

2. CIS engages in international and domestic forums for Internet governance. We are a Sector-D member of the International Telecommunications Union (ITU),[1] and participated in the World Conference on International Telecommunications (WCIT), 2012 (Dubai) [2] and the Plenipotentiary Conference, 2014 (Busan).[3] We have also participated in the WSIS+10 Multistakeholder Preparatory Platform (MPP)[4] and the WSIS+10 High Level Event, organized by the ITU.[5]

3. CIS is also a member of the Non-Commercial Users Constituency (NCUC) at ICANN. Pranesh Prakash, our Policy Director, held a position on the NCUC Executive Committee from December 2013 to November 2014.[6]

4. CIS has been engaging at the Internet Governance Forum (IGF) since 2008, and has organized and participated in over 60 panels to date.[7] We have also organized panels at the Asia-Pacific Regional IGF (APrIGF). [8] Our Executive Director Sunil Abraham is a member of the Multistakeholder Advisory Group (MAG) for the India-IGF, and has attended in its meetings.[9] We are also in the process of developing international principles for intermediary liability, in collaboration with international civil society organisations like EFF and Article19. [10]

II. Structure of Submission

5. In this submission, we identify issues in Internet governance where engagement from and within India is necessary. In particular, brief descriptions of issues such as freedom of expression and privacy online, cyber-security, critical Internet resources and ICANN, multistakeholderism and net neutrality are provided.

III. Internet Governance Issues

6. The history of the Internet is unique, in that it is not exclusively government-regulated. Though governments regulate the Internet in many ways (for instance, by ordering website blocking or filtering, licensing of ISPs, encryption controls, investment caps, etc.), the running of the Internet is largely in the hands of private businesses, technical organisations and end-users.

7. International processes like the World Summit on Information Society (WSIS), and forums such as ICANN, the ITU, the IGF and the UN are involved in governing in the Internet in many ways. Regional organisations like the OECD, APEC and the Shanghai Cooperation Organisation (SCO) are also involved (for instance, in cyber-security matters).

8. The issues surrounding Internet governance are many, and range from telecom infrastructure and technical coordination to human rights and access to information.

Rights Online

9. The status of 'human rights online' has come under discussion, with the NETmundial Outcome Document affirming that offline rights must also be protected online. These issues are important in the context of, among others, the large scale violations of privacy in light of the Snowden Revelations,[11] and increased instances of website blocking and takedowns in different parts of the world.[12]

10. Internationally, issues of freedom of speech, privacy and access or the digital divide (though it is debatable that the latter is a human right) are discussed at the UN Human Rights Council, such as the resolution on human rights and the Internet, and the UN Human Rights Commissioner's report on the right to privacy in the digital age , which discusses the need for checks and balances on digital mass surveillance. During the Universal Periodic Review of India in 2012, India noted a recommendation from Sweden to " ensure that measures limiting freedom of expression on the internet is based on clearly defined criteria in accordance with international human rights standard ".

11. Freedom of speech and privacy are also relevant for discussion at the ITU.[13] For instance, at the Plenipotentiary meeting in 2014 (Busan), India proposed a resolution that sought, among other things, complete traceability of all Internet communications. [14] This has implications for privacy that are not yet addressed by our domestic laws. A Privacy Bill and such other protections are only in the pipeline in India.[15]

12. At ICANN as well, the root zone management function may affect freedom of expression. If, for instance, a top level domain (TLD) such as .com is erased from the root zone file, hundreds of thousands of websites and their content can be wiped from the World Wide Web. A TLD can be erased by Verisign if a request to that effect is raised or accepted by ICANN, and signed off on by the National Telecommunications and Information Administration (NTIA) of the US government. Similarly,the WHOIS database, which contains information about the holders of domain names and IP addresses, has implications for privacy and anonymity.

13. In India, the judiciary is currently adjudicating the constitutionality of several provisions of the Information Technology Act, 2000 (as amended in 2008), including S. 66A, S. 69A and S. 79. A series of writ petitions filed, among others, by the Internet Service Providers Association of India (ISPAI) and Mouthshut.com, relate to the constitutionality of the nature of content controls on the Internet, as well as intermediary liability. [16]

14. A judgment on the constitutionality of Ss. 66A, 69A and 79 are crucial for end-users and citizens, as well as companies in the Internet ecosystem. For instance, an uncertain intermediary liability regime with penalties for intermediaries - S. 79, IT Act and Intermediaries Guidelines Rules, 2011 - disincentivises ISPs, online news websites and other content providers like Blogger, Youtube, etc. from allowing free speech to flourish online. [17] The ongoing cases of Kamlesh Vaswani v. UOI and Sabu George v. UOI also have consequences for ISPs and search engines, as well as for fundamental rights.[18] International and domestic engagement is desirable, including in consultations with the Law Commission of India (for instance, the consultation on media laws).

Critical Internet Resources

15. Critical Internet Resources form the backbone of the Internet, and include management of IP addresses, the domain name system (DNS) and the root zone. [19] ICANN, a global non-profit entity incorporated in California, manages the IANA functions (Internet Assigned Numbers Authority) for the global Internet. These functions include allocating the global pool of IP addresses (IPv4 and IPv6) to Regional Internet Registries (RIRs), administering the domain name system and maintaining a protocol registry.

16. At present, the IANA functions are performed under a contract with the NTIA. On March 14, 2014, the NTIA announced its intention to transition oversight of the IANA functions to an as-yet-undetermined "global multi-stakeholder body". The deadline for this transition is September 30, 2015, though the NTIA has expressed its willingness to renew the IANA contract and extend the deadline. ICANN was charged with convening the transition process, and set up the IANA Coordination Group (ICG), a team of 30 individuals who will consolidate community input to create a transition proposal. At the moment, thenames (CWG-Names),numbers (CRISP) and protocols (IETF) communities are debating existing draft proposals. A number of new entities with which ICANN will have contractual arrangements have been proposed. At ICANN's meetings in Singapore (February 7-12, 2015) and Buenos Aires (June 2015), these proposals will be discussed.

17. At the same time, a parallel track to examine ICANN's own transparency and accountability has been introduced. The CCWG-Accountability is considering ICANN's accountability in two Workstreams: first, in light of the IANA transition and second, a revision of ICANN's policies and by-laws to strengthen accountability. ICANN's accountability and transparency are crucial to its continued role in Internet governance.

18. Several issues arise here: Should ICANN continue to remain in the US? Should the IANA Functions Department be moved into a separate entity from ICANN? Ought ICANN's by-laws be amended to create oversight over the Board of Directors, which is now seen to have consolidated power? Ought ICANN be more transparent in its financial and operational matters, proactively and reactively?

19. It is, for instance, beneficial to the stability of the Internet and to India if the IANA department is separate from ICANN - this will ensure aseparation of powers. Second, stronger transparency and accountability mechanisms are necessary for ICANN; it is a growing corporate entity performing a globally Internet function. As such, granular information about ICANN's revenues and expenses should be made public. See, for ex.,CIS' request for ICANN's expenses for travel and meetings, and ICANN's response to the same.

20. The most ideal forum to engage in this is ICANN, and within India, working groups on Internet governance at the Ministry level. As such, ASSOCHAM may seek open, transparent and inclusive consultations with the relevant departments of the Government (the Ministry of External Affairs, DeitY, Department of Telecommunications). At ICANN, industry bodies can find representation in the Business Constituency or the Commercial Stakeholders Group. Additionally, comments and proposals can be made to the ICG and the CCWG-Accountability by anyone.

Cyber-security

21. Cyber-security is often used as an umbrella-term, covering issues ranging from network security (DNSSEC and the ICANN domain), cyber-crime, and cyber-incidents such as the Distributed Denial of Service attacks on Estonian public institutions and the Stuxnet virus that attacked Iran's nuclear programme. Within the ITU, spam and child safety online are also assessed as security issues (See Study Group 17 under ITU-T).

22. At the international level, the UN Group of Governmental Experts has published three reports to date, arguing also that in cyber-security incidents, international humanitarian law will apply. International humanitarian law applies during armed attacks on states, when special rules apply to the treatment of civilians, civilian and military buildings, hospitals, wounded soldiers, etc.

23. The ITU also launched a Global Cybersecurity Agenda in 2007, aiming at international cooperation. Such cooperative methods are also being employed at the OSCE, APEC and the SCO, which have developed drafts of Confidence Building Measures. The Global Conferences on Cyberspace (London 2011, Budapest 2012, Seoul 2013, The Hague 2015) resulted in, inter alia, the Budapest Convention on Cybercrime. India has not ratified the Convention, and remains tight-lipped about its security concerns.

24. Surveillance and monitoring of online communications is a crucial issue in this regard. In India, the surveillance power finds its source in S. 5, Telegraph Act, 1888, and the Rule 419A of the Telegraph Rules, 1951. Further, S. 69 of the Information Technology Act, 2000 and the Interception Rules, 2009 enable the government and authorized officers to intercept and monitor Internet traffic on certain grounds. Information regarding the implementation of these Rules is scant.

25. In any event, the applicability of targeted surveillance should be subject to judicial review , and a balance should be struck between fundamental rights such as freedom of speech and privacy and the needs of security. An accountability model such as that present in the UK for the Interception of Communications Commissioner may provide valuable insight.

26. In India, the government does not make public information regarding its policies in cyber-security and cybercrime. This would be welcome, as well as consultations with relevant stakeholders.

Models of Internet Governance

27. Multi-stakeholderism has emerged as one of the catchphrases in Internet governance. With the display of a multi-stakeholder model at NETmundial (April 2014), controversies and opinions regarding the meaning, substance and benefits of multi-stakeholderism have deepened.

28. The debates surrounding stakeholder-roles in Internet governance began with ¶49 of the Geneva Declaration of Principles and ¶35 of the Tunis Agenda, which delineated clear roles and responsibilities. It created a 'contributory' multi-stakeholder model, where states held sovereign authority over public policy issues, while business and civil society were contributed to 'important roles' at the 'technical and economic fields' and the 'community level', respectively.

29. As the WGEC meeting (April 30-May 2, 2014) demonstrated, there is as yet no consensus on stakeholder-roles. Certain governments remain strongly opposed to equal roles of other stakeholders, emphasizing their lack of accountability and responsibility. Civil society is similarly splintered, with a majority opposing the Tunis Agenda delineation of stakeholder-roles, while others remain dubious of permitting the private sector an equal footing in public policy-making.

30. The positions in India are similarly divided. While there is appears to be high-level acceptance of "multi-stakeholder models" across industry, academia and civil society, there exists no clarity as to what this means. In simple terms, does a multi-stakeholder model mean that the government should consult industry, civil society, academia and the technical community? Or should decision-making power be split among stakeholders? In fact, the debate is more specific.

31. In India, the Multistakeholder Advisory Group (MAG) for the India-IGF was established in February 2014, and some meetings were held. Unfortunately, neither the minutes of the meetings nor action points (if any) are publicly available.

32. The Indian government's position is more complex. At the 68^th UN General Assembly session in 2011, India argued for a (multilateral) 50-member UN Committee on Internet-related Policies (CIRP). However, the Ministry for Communications and Information Technology (MCIT) has, over the years, presented differing views at the IGF and ITU through its two departments: DeitY and DoT. Further, at the meetings of the Working Group on Enhanced Cooperation (WGEC), India has presented more nuanced views, suggesting that certain issues remain within the governmental domain (such as cyber-security and child online protection). At the 9^th IGF (Istanbul, September 2014), Mr. R.S. Sharma of the DeitY echoed such a view of delineated roles for stakeholders.

33. A clear message from the Indian government, on whether it favours multistakeholderism or governmental policy authority for specific issues, would be invaluable in shaping opinion and domestic processes. In any event, a transparent consultative procedure to take into account the views of all stakeholders is desirable.

Emerging Issues

Net Neutrality

34. In simple terms, net neutrality concerns differential treatment of packets of data by carriers such as ISPs, etc. over networks. The issue has gained international attention following the U.S. FCC's regulatory stance, and the U.S. Court of Appeal's 2014 decision in Verizon v. FCC. Though this decision turned on the interpretation of 'broadband providers' under the Communications Act, 1934, net neutrality has since been debated in the US, both by the FCC and other stakeholders. There is no international consensus in sight; the NETmundial Outcome Document recognized net neutrality as an emerging issue (page 11, no. IV).

35. In India, a TRAI consultation on Over-The-Top Services on August 5, 2014 brought concerns of telecom and cellular operators to light. OTTs were seen as hijacking a portion of telcos' revenues, and as lacking consumer protection and privacy safeguards. While these concerns are legitimate, net neutrality regulation is not yet the norm in India. In any event, any such regulation must take into account the consequences of regulation on innovation, competition, and consumer choice, as well as on the freedom of the medium (which may have detrimental impacts freedom of expression).

36. Though net neutrality regulation is being mooted, there is as yet anarray of definitions of 'net neutrality'. The views of telcos themselves differ in India. Further study on the methods of identifying and/or circumventing net neutrality is necessary before a policy position can be taken.

IV. Conclusions

37. CIS welcomes ASSOCHAM's initiative to study and develop industry-wide positions on Internet governance. This note provides brief descriptions of several issues in Internet governance where policy windows are open internationally and domestically. These issues include freedom of expression and privacy under Part III (Fundamental Rights) of the Constitution of India. The Supreme Court's hearing of a set of cases alleging unconstitutionality of Ss. 66A, 69, 69A and 79 (among others) of the IT Act, 2000, as well as consultations on issues such as pornography by the Rajya Sabha Parliamentary Committee and media laws by the Law Commission of India are important in this regard.

38. International and domestic engagement is necessary in the transition of stewardship of the IANA functions, as well as ICANN's own accountability and transparency measures. Similarly, in the area of cyber-security, though several initiatives are afoot internationally, India's engagement has been cursory until now. A concrete position from India's stakeholders, including the government, on these and the question of multi-stakeholderism in Internet governance would be of immense assistance.

39. Finally, net neutrality is an emerging issue of importance to industry's revenues and business models, and to users' rights such as access to information and freedom of expression.

[1] CIS gets ITU-D Sector Membership, goo.gl/PBGKWt (l.a. 8 Feb. 2015).

[2] Letter for Civil Society Involvement in WCIT, goo.gl/gXpYQD (l.a. 8 Feb. 2015).

[3] See, ex., Hariharan, What India's ITU Proposal May Mean for Internet Governance, goo.gl/hpWaZn (l.a. 8 Feb. 2015).

[4] Panday, WSIS +10 High Level Event: Open Consultation Process MPP: Phase Six: Fifth Physical Meeting, goo.gl/3XR24X (l.a. 8 Feb. 2015).

[5] Hariharan, WSIS+10 High Level Event: A Bird's Eye Report, goo.gl/8XkwyJ (l.a. 8 Feb. 2015).

[6] Pranesh Prakash elected as Asia-Pacific Representative to the Executive Committee of NonCommercial Users Constituency, goo.gl/iJM7C0 (l.a. 8 Feb. 2015).

[7] See, ex., CIS@IGF 2014, goo.gl/Werdiz (l.a. 8 Feb. 2015).

[8] Multi-stakeholder Internet Governance: The Way Ahead , goo.gl/NuktNi; Minimising legal risks of online Intermediaries while protecting user rights, goo.gl/mjQyww (l.a. 8 Feb. 2015).

[9] First Meeting of the Multistakeholder Advisory Group for India Internet Governance Forum, goo.gl/NCmKRp (l.a. 8 Feb. 2015).

[10] See Zero Draft of Content Removal Best Practices White Paper, goo.gl/RnAel8 (l.a. 8 Feb. 2015).

[11] See, ex., UK-US surveillance regime was unlawful 'for seven years', goo.gl/vG8W7i (l.a. 9 Feb. 2015).

[12] See, ex., Twitter: Turkey tops countries demanding content removal, goo.gl/ALyO3B (l.a. 9 Feb. 2015).

[13] See, ex., The ITU convenes a programme on Child Online Protection, goo.gl/qJ4Es7 (l.a. 9 Feb. 2015).

[14] Hariharan, Why India's Proposal at the ITU is Troubling for Internet Freedoms, goo.gl/Sxh5K8 (l.a. 9 Feb. 2015).

[15] Hickok, Report of the Group of Experts on Privacy vs. The Leaked 2014 Privacy Bill, goo.gl/454qA6 (l.a. 9 Feb. 2015).

[16] See, Supreme Court Of India To Hear Eight IT Act Related Cases On 11th April 2014 - SFLC, goo.gl/XLWsSq (l.a. 9 Feb. 2015).

[17] See, Dara, Intermediary Liability in India: Chilling Effects on Free Expression on the Internet, goo.gl/bwBT0x (l.a. 9 Feb. 2015).

[18] See, ex., Arun, Blocking online porn: who should make Constitutional decisions about freedom of speech?,goo.gl/NPdZcK; Hariharan & Subramanian, Search Engine and Prenatal Sex Determination: Walking the Tight Rope of the Law, goo.gl/xMj4Zw (l.a. 9 Feb. 2015).

[19] CSTD, The mapping of international Internet public policy issues, goo.gl/zUWdI1 (l.a. 9 Feb. 2015).

For more details visit https://cis-india.org/internet-governance/blog/preliminary-submission-on-internet-governance-issues-to-assocham

Centre for Internet and Society

Privacy and Surveillance Talk by Sunil Abraham

Privacy and Surveillance in India

Abstract

About the Speaker

Privacy and Security Implications of Public Wi-Fi - A Case Study

Privacy and Security Implications of Public Wi-Fi - A Case Study

Download (PDF)

Contents

1. Introduction

2. Global Scenario

3. Overview of Public Wi-Fi in India

4. Indian Policy and Legal Conundrum

5. Public Wi-Fi and Privacy Concerns

5.1. Data Theft

5.2. Tracking an Individual

5.3. Makes the Electronic Devices Prone to Hacking and Setting up Fake Networks

5.4. Illegal Use of Data

6. Ranking Digital Rights Project

6.1. D-VoIS[72], Bangalore

Summary

Analysis

6.2. Tata Docomo[74], Bangalore

Summary

Analysis

7. Compliance of Privacy Policies with Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

8. Conclusion and Recommendations

8.1. Commitment

8.2. Freedom of Expression

8.3. Privacy

Privacy after Big Data

Privacy & Media Law

Introduction

Constitutional Framework of Privacy

International Conventions

Public Person

Safeguarding Identity of Children

Safeguarding Identity of Rape Victims

Trial by Media & Media Victimisation

Sting Operations

International Law on Media & Privacy Ethics

France

Sweden

Japan

Netherlands

Conclusion

Principles for Internet Governance: NETmundial 2014 — What do the Contributions Reveal?

I. Introduction

II. The Contributions

Press Release: Users’ rights and interests should be balanced with those of IP rights-holders: Global Congress

Users’ rights and interests should be balanced with those of IP rights-holders

Access to Medicines

Openness

Intellectual Property and Development

User Rights

Press Release: Medicines should not bankrupt patients or public health systems: Access to medicines at the Global Congress

Press Release: India to Host 4th Global Congress on Intellectual Property and the Public Interest

Distinguished Speakers and Scholars

New at the Global Congress

Presentation on MLATS

Presentation at TIFR: 'Scholarly Communication in the Age of the Commons'

Abstract

About Dr.Subbiah Arunachalam

Presentation at IDRC: ‘Scholarly Communication in the Age of the Commons -- A Southern Perspective’

Biography

Notice biographique

Presentation at Global Digital Humanities Symposium

Puthiya Purayil Sneha (Centre for Internet and Society, Bangalore, India)

Preliminary Submission on "Internet Governance Issues" to the Associated Chambers of Commerce & Industry of India

6.1. D-VoIS^[72], Bangalore

6.2. Tata Docomo^[74], Bangalore