Centre for Internet and Society

Portal augurs well for transparency

praskrishna — 2011-07-26T15:16:47Z

Data.gov.in will have meta-data, which will facilitate discovery of data and access from portals of ministries, says T Ramachandra. The article was published in the Hindu on 25 July 2011.

The unveiling of an official data access and sharing policy and the commissioning of a data portal (data.gov.in), which is on the anvil, will pave the way for digitally opening up the Central government data to the public.

"The data portal will be having meta-data [data about data], which will facilitate the discovery of the data and access from the portals of respective government departments/ministries. At present, the data policy is likely to cover the Central government and all activities funded by the Government of India," said R. Siva Kumar, CEO of National Spatial Data Infrastructure, and head of Natural Resources Data Management System, Department of Science and Technology.

Governmental data-holding organisations will prepare a negative list of non-shareable sensitive data, weighing the need to restrict public access given such considerations as security and privacy, against the obligation to share it with civil society and the scientific community. Apart from this, access to certain categories of data will be restricted.

The broad guidelines spelt out in the Right to Information Act will be followed and the list will be periodically reviewed. "All data outside the negative list will be proactively disseminated, and an oversight committee will facilitate policy implementation," said Dr. Kumar.

But does this mean that the public have to make specific requests for the unlocking of data-sets? “Data will be available through the data portal, and there will be no specific unlocking required. However, access to certain data may be through registration/authorisation,” he responded.

The sharing of such data might be tied to a pricing policy. "Pricing will be decided by the respective department/ministry. However, standardised parameters will be made available as guidelines for fixing the price," he said.

The draft of the proposed National Data Sharing and Accessibility Policy the government published some time ago indicates that the departments themselves can decide whether the data belongs to the ‘open access', ‘registered access,' or ‘restricted access' categories, with the policy neither mandating nor coming up with guidelines on how to do so, said Pranesh Prakash, programme manager, Centre for Internet and Society (CIS), a Bangalore-based NGO.

The CIS has recommended that the policy have the same scope as the RTI Act, and that all ‘public authorities,' as defined under the Act, be covered by it. Only the restricted categories (laid down in Sections 8 and 9 of the RTI Act) should be allowable for ‘restricted access.'

In a study on open government data in the Indian context, the CIS suggested that any policy be oriented towards meeting the requirements of a broad spectrum of citizenry. Specifically, sections that do not get to immediately benefit from advances in information technology. “Data mashing and private sector information products are important goals,” but the government itself should be proactive in creating the applications that show potential uses for the data.

The World Wide Web Consortium (W3C), the global body that sets web standards, has said governments, by putting their data on the Internet, facilitate greater transparency, deliver more efficient public services and encourage greater public and commercial use and re-use of government information.

Anil Bairwal, National Coordinator of the Association for Democratic Reforms, which is involved in disseminating election-related data through its website Electionwatch, says there is “huge public interest” in data, and that accessibility was of prime importance. For instance, election-related data was made available by the authorities in the PDF/image file formats. “This forces us to do a manual interpretation of every affidavit, which consumes a lot of time and energy. It would be helpful if this data was available in a portable open format via an online tool.”

Other countries have already made strides in furthering open data. Prominent examples are the U.K. government website, data.gov.uk, and the U.S. government's www.data.gov website, which is key to President Barack Obama's Open Government Initiative.

Read the original article published in the Hindu here

For more details visit https://cis-india.org/news/portal-augurs-well-for-transparency

Porn: Law, Video, Technology

praskrishna — 2011-09-27T11:25:57Z

Namita’s legal inquiry into the relationship between technologies and the law finds a new point of entry into existing debates by looking at the legal construction of pleasure through different technologies of mass consumption in order to revisit the arguments around pornography and obscenity effect in recent times. She produces a comprehensive overview of different debates, both in the West and in India, to concentrate on how the visual aesthetics of pornography, the new circuits of pornographic consumption and the privilege of affect over regulation lead to possibilities of interaction and negotiation with heteronormative power structures in the country.

For more details visit https://cis-india.org/raw/histories-of-the-internet/porn-law-video

Porn: Law, Video, Technology

praskrishna — 2011-09-28T09:30:40Z

Namita Malhotra focuses on pornography, pleasure and law, where she finds a new point of entry into existing debates by looking at legal construction of pleasure through different technologies of mass consumption. She revisits the arguments around pornography, obscenity and affect in recent times. Malhotra produces a comprehensive over-view of different debates, both in the West and in India, to concentrate on how the visual aesthetics of pornography, the new circuits of pornographic consumption, the privilege of affect over regulation lead to possibilities of interaction and negotiation with heternormative power structures in the country. The monograph demonstrates how the grey zones of pornography and the law’s inability to deal with it, offer new conceptual tools of understanding the spaces of digital interaction and identity.

For more details visit https://cis-india.org/raw/histories-of-the-internet/porn-law.pdf

Poor Guarantee of Online Freedom in India

praskrishna — 2012-06-17T04:18:26Z

The debate over the "Intermediaries Guidelines" as part of the Information Technology Act, 2000 in Parliament brought focus to the issue of censorship and lack of accountability of governing bodies vis-à-vis the internet in the country. This cannot be divorced from the larger questions related to the threats to freedom of expression from both the state and various societal actors today.

This article by Geeta Seshu was published in the Economic & Political Weekly, Vol XLVII No. 24, June 2012.

An annulment motion against the Information Technology (Inter-mediaries Guidelines) Rules, 2011 moved by Member of Parliament (MP) P Rajeev of the Communist Party of India (Marxist) in the Rajya Sabha, was the first serious attempt by internet freedom activists to get the Information Technology (IT) Act, 2000 discussed and reviewed by the country’s lawmakers.

Not unexpectedly, the motion, specifically against the rules governing intermediaries – clause (zg) of subsection (2) of Section 87 read with subsection (2) of Section 79 of the >IT Act, 2000 – was not carried. However, the discussion that preceded it at least demonstrated the concerns of parliamentarians about what internet freedom activists have termed the “draconian” provisions of the IT Act.

It is about time, really, that parliamentarians sit down to review what they very quickly acquiesced to in December 2009. It is also about time that the debate over the provisions of the IT Act be conducted in the public domain, instead of in closed-door meetings with expert groups and committees comprising a narrow set of stakeholders favoured by the government or its various wings.

The discussion in the Rajya Sabha largely centred around the vague and sweeping terminology of the range of content that anyone could take objection to. P Rajeev said that while he supported the regulation of the internet, he was not in favour of its control. The rules were ultra vires the IT Act, he said. Echoing his concern, leader of the opposition Arun Jaitley of the Bharatiya Janata Party, D Raja of the Communist Party of India and N K Singh of the Janata Dal (United) – to name just a few – also said that the internet was different from other media and censoring it was untenable.

Finally, union minister for information technology, Kapil Sibal, was forced to give an assurance to the house that he would call a meeting of MPs, industry and all stakeholders and implement whatever consensus emerges after a discussion on the specific words members had objections to.

There was no mention from the minister on a host of other problem areas in the rules as they are currently framed, including the very sweeping definition of an “intermediary” itself (any entity which on behalf of another receives, stores or transmits any electronic record – which means internet service providers, web hosting providers, search engines, online payment sites, cybercafes and bloggers too). No mention either of the rules for intermediaries to takedown notices within 36 hours of receiving a complaint, irrespective of whether these are fair and reasonable. No mention of whether the rules need to provide procedures for hearing and adjudicating complaints before any content is taken down.

The IT Guidelines

In several ways, the rules have gone way beyond what was laid down in the IT Act, but they also add considerably to the original reasonable restrictions laid down under Article 19 (2) of the Constitution of India. Some of the terms that can invite objections under the guidelines are:

(a) Belongs to another person and to which the user does not have any right to; (b) grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophiliac, libellous, invasive of another’s privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever; (c) harm minors in any way; (d) infringes any patent, trademark, copyright or other proprietary rights; (e) violates any law for the time being in force; (f) deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature; (g) impersonate another person; (h) contains software viruses or any other computer code, files or programmes designed to interrupt, destroy or limit the functionality of any computer resource; (i) threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting any other nation.

With this wide-ranging and entirely arbitrary set of potential violations, the possibility of misuse is also immense. In its comments submitted in response to the draft rules, Privacy India and the Centre for Internet and Society (CIS) pointed out that Sections 79(1) and (2) of the amended IT Act itself did provide for exemptions for third party liabilities of intermediaries, something that the rules have now virtually set aside.[1]

Other comments submitted by these organisations about security and privacy of cybercafe users deal with minors and with the general architecture of cybercafes. In the first instance, the organisations expressed concern that undue restrictions on the use of the internet by minors (photo identity cards, accompanied by adults, etc) would hamper their access to the internet and would actually discourage poorer children from using the internet.

In the second instance, the detailed restrictions on the layout of the cybercafés – the height of cabins and the directions of the screens, etc, would, they felt, be intrusive and violate the privacy of internet users in cybercafes. Besides, vulnerable sections like sexual minorities or HIV positive patients may even be open to identity theft, they feared.

The discussion on the rules unfortunately did not come close to addressing these fears. While the lawmakers generally accepted the importance of regulation of the internet and electronic communication, there is still very little clarity on exactly how this must be done, the extent to which regulation must take place and the agency that will be entrusted with this task.

The IT Act, 2000 was first passed in an era when the country was transitioning to an electronic age. E-commerce was uppermost in the minds of policymakers, their eyes firmly fixed on the new economy. But soon enough, it was clear that technology was developing rapidly and an expert committee was constituted to revise the act and suggest amendments that would incorporate technological changes.

Lack of Accountability

In the wake of the 26 November 2008 attack in Mumbai, national security and intelligence were powerful emotional catchwords and few questioned some of the sweeping provisions laid down by the rules under the IT Act. While the annulment motion focuses on the pernicious nature of the guidelines for intermediaries, this is only one amongst a series of rules that seek to change the very manner in which Indians can access and use the internet. Other rules relate to decrypting, monitoring and blocking of communication, data security and privacy (Section 69: interception, monitoring and decryption of information, Section 69 A: blocking, Section 69 B: monitoring of traffic data or information) and of course, the complete absence of checks and balances for the powers given to authorities like Computer Emergency Response Team India (CERT-In).

In fact, there has been little or no review of the responsibility vested in an agency like CERT-In, which describes itself as the nodal agency to oversee the security of the nation. Conflating security concerns with content that may be objectionable to some is one thing but also providing this agency with the powers to block sites without even the creators of these sites getting to know about it is another.

Most of our attention today is on the censorship rampant on the internet in India. Most recently, there have been several instances of internet sites being blocked and takedown notices sent to bloggers. In the last few months, we have had the arbitrary blocking of the website cartoonsagainstcorruption.com which was run by Kanpur-based cartoonist Aseem Trivedi, the arrest of Jadavpur University professor Ambikesh Mohapatra and the controversial move last year by the Indian government to get internet service providers to remove so-called objectionable content on Facebook, Orkut and Youtube, apart from other sites. A complaint against these sites by journalist Vinay Rai followed soon after, though it strangely did not invoke provisions of the IT Act, preferring to cite alleged violations under the Indian Penal Code.

Trivedi did not even know that his site was blocked till some friends called him to tell him that they could not access his site. After an exchange of emails with his webhost, the portal “Big Rock”, he was informed that the site was suspended because it contained cartoons that showed disrespect to national emblems. A complaint had been received by Mumbai’s cybercrime cell by a Mumbai-based advocate, R P Pandey. The Kanpur resident also learnt later from newspaper reports that another case, this time under charges of sedition, were lodged against him in Beed district of Maharashtra.

While this method of embroiling someone in cases in far-flung geographical areas is not new (the complaint by the Indian Institute of Planning and Management against New Delhi-based Caravan magazine in Silchar, Assam is a good case in point), Trivedi quickly moved the content on his site onto another blogging platform, also got together friends and supporters to launch “Saveyourvoice”, an online and offline campaign, with a cheeky celebration of All Fool’s Day on 1 April 2012 with a greeting to the minister Kapil Sibal “for his foolish attempts to try censoring internet” and another campaign – “Freedom in a cage” – at Jantar Mantar, Delhi, in April 2012.

Other internet freedom activists have got together to secure information on censorship. Last year, a right-to-information (RTI) application by the CIS revealed that 11 websites were blocked on orders from the department of information technology. A writ petition against the IT Act has been filed in the Kerala High Court and the Software Freedom Law Centre, which was instrumental in campaigning for the annulment motion in the Rajya Sabha, has launched an online petition against the IT Act rules that refers to government authority to censor facebook posts, monitor emails and skype conversations, access private information and mine sensitive personal data.[2]

Governments the world over are exercised about the need to impose restrictions on online freedom and a good indication is the bi-annual Google Transparency Report that monitors the number and categories of requests sent by different governments to take down content. In the last report for the period January to June 2011, the report recorded requests to remove 358 items and 68 content removal requests, 58% of which were fully or partially complied with. In addition, there were government requests to remove Youtube videos that were protests against local leaders or used offensive language against religious leaders, besides 236 communities and profiles from Orkut which were critical of a local politician.

Interestingly, while content removal requests for the Orkut profiles remained as Google maintained it did not fit its own community standards or local law, Google chose to “locally” restrict the videos that may incite enmity between communities. With minor variations, this is a stance adopted by other online companies, like Facebook and Twitter, with the latter coming out with a policy earlier this year that it would remove content that appeared to violate local laws.

In the struggle to keep the internet free and protect communication from surveillance and blocking by governments, it would be naive to expect commercially-driven internet companies to put up much of a stand. Most of these stakeholders have agreed with lawmakers that the internet does need regulation. On their part, the Indian government, which has flexed its desire to regulate the internet, has also been sensitive to criticism of its role in censoring online freedom. Other stakeholders – the vast community of users of the internet, bloggers, website hosts, creators and producers of online videos, file-sharers, software developers, etc, are only engaged in a race to protect their content and shift it to more amenable sites every time they run into trouble.

Threats to Freedom of Expression

However, it must be noted that the censorship of online media is but a reflection of the curbs on freedom of expression in general. The attacks on freedom of expression in “offline” media, the attacks on journalists and the deaths of eight journalists since 2010,[3] the alarming regularity with which we are witnessing a ban on books and cinema, art or theatre, the increasing intolerance of dissenting or differing opinions in society, the abject fear of free and independent debate and discussion and the role of the government in actively furthering this intolerance are suggestive of a dangerous trend.

Almost all these instances are marked by the clear absence of any due procedure in addressing the content that becomes objectionable to someone or some sections of society, instead arbitrarily and speedily removing this content from the public domain. Whether it is the withdrawal of Rohinton Mistry’s book Such a Long Journey, a prescribed textbook by Bombay University, midway through the academic year, or that of recent issue of the National Council of Educational Research and Training (NCERT) textbook on the Constitution of India, institutional redressal mechanisms were simply not given a chance.

The woeful absence of similar redressal mechanisms for so-called objectionable content under the rules of the amended IT Act only exacerbates this situation further.

Notes

[1].http://privacyindia.org/2011/03/10/comments-on-the-information-technology-guidelines-for-cyber-cafe-rules-2011/
[2].www.softwarefreedom.org
[3].The Free Speech Hub, which has been tracking violations of freedom of expression as part of a project from the media-watch site, The Hoot (www.thehoot.org), has this list: Hemchandra Pandey (July 2010), Bimala Prasad Talukdar (September 2010), Sushil Pathak (December 2010), Umesh Rajput (January 2011), J Dey (June 2011), Ramesh Singhla (October 2011), Chandrioka (February 2012) and Rajesh Mishra (March 2012).

For more details visit https://cis-india.org/news/poor-guarantee-of-online-freedom-in-india

Pondering Copyright and Recasting Openness

praskrishna — 2013-11-08T09:50:03Z

For more details visit https://cis-india.org/openness/blog-old/pondering-copyright-and-recasting-openness

Policy Shaping in the Indian IT Industry: Comparative Analysis of Recommendations by NASSCOM and iSPIRT, 2013-2016

Pavishka Mittal — 2016-07-04T09:34:43Z

This is the second of a series of three blog posts, authored by Pavishka Mittal, tracking the engagements by NASSCOM and iSPIRT in suggesting and shaping the IT industry policies in India during 2006-2016. This post conducts a detailed comparative analysis of NASSCOM’s and iSPIRT’s specific policy recommendations from 2013-2016. To facilitate comparison, the blog post is written thematically on the lines of major issues highlighted by market players in the IT industry.

1. Introduction

2. Taxation Issues in the Software Industry

2.1. Issue of Double Taxation in the Software Industry

2.2. NASSCOM's Tax Concerns

2.3. iSPIRT's Tax Concerns

3. Concerns with Respect to the Regulatory Mechanism for E-Commerce (B2B Commerce)

4. Other Policy Recommendations

5. Endnotes

6. Author Profile

1. Introduction

Indian Software Product Industry Roundtable, or iSPIRT, is a think tank formed in early 2013 by about 30 product companies and individuals to protect the interests of the Indian software product industry. The organization believes that the market for software products is bound to grow in the future, both globally and locally, whose benefits should be derived of through cost efficiencies and resource optimization through the mechanism of free markets. This blog post, second in a series on ‘policy shaping in the Indian IT industry’, conducts a detailed comparative analysis of NASSCOM’s and iSPIRT’s specific policy recommendations from 2013-2016. The author has examined the more contentious issues due to difficulties in stating all the policy recommendations of these organizations over a period of four years in a single post. The law is explained, wherever necessary. Further, in the absence of reliable data on a particular policy position of either organization, no assumptions regarding the same have been made. To facilitate comparison, the blog post is written thematically on the lines of major issues highlighted by market players in the IT industry. Transfer pricing issues will be examined in the next blog post.

2. Taxation Issues in the Software Industry

2.1. Issue of Double Taxation in the Software Industry

There has been a general practice of the payment of both VAT and Service Tax on sale of software, which involve the provision of maintenance services etc along with the product. The applicable law on taxation has been explained below for a better understanding of the policy positions of the deemed organizations. Section 65B(44) of the Finance Act 2012, which defines ‘services’ includes ‘declared services’ under section 66E [1] and excludes ‘deemed sales’ under Article 366(29-A)(b) [2] of the Constitution involving a transfer of title in goods. A combined reading of all the provisions reveal that every transfer of goods on lease, license, hire under section 66E(f) does not result in the transfer of right to use goods under Article 366. It has been held that the transfer of right to use the goods under Article 366 involves a transfer of possession and effective control over the goods [3]. Thus, a license to use software which does not transfer ‘the right to use software’ would not qualify to be a sale/ deemed sale under law and would be governed by section 66E(f). Thus, from a general reading of the law, it can be concluded that the terms of the agreement involving transfer of pre-packaged or canned software under a license to use the software would have to be examined to decide the applicability of article 366 of the Constitution, that is, to decide whether the license to use packaged software involves the ‘transfer of right to use’ the deemed software.

The Madras HC in Infotech Software Dealer Association v. Union of India [4] held that licensing agreements involving the transfer of rights to use software to a licensee who is not permitted to sell, license or distribute the software by the licensor who retains copyright and hence ownership rights in the goods will not be sale or ‘deemed sale’ transactions as per article 366(29A)(d) of the Constitution as no transfer of software is made out from the transaction. The test of effective control as to the transfer of right to use the goods has been followed by the Madras HC. In the present case, it was held that software owner while retaining copyright protection entered into master end use licensing agreements which enabled the petitioner association to market the software to individual end users, thus, Article 366(29A)(d) was not attracted in the absence of transfer of software. Restraints/ conditions on the free enjoyment of the software in the licensing agreement indicate service tax liability. Any imposition of service tax on ‘goods’ would not be deemed to be unconstitutional without examination of the transaction. The source of confusion remains in the fact that notwithstanding software are goods, the transaction involving its transfer would have to be examined for taxation purposes. Manner of delivery is also of consonance in the determination of character of the transaction. It has been held that delivery of online content would only be a service in contrast to transfer of software through media, or embodied in the computer itself.

To summarise, jurisprudence and legislations have recognized packaged or canned software as tradable goods for the purposes of VAT/Sales Tax. “IT Software’ has also been recognized as goods under the Indian Central Excise Tariff Act. Further, Packaged or canned software is recognized as a ‘packaged commodity’ for the purposes of the Legal Metrology Act, 2009 on the basis of which the manufacture of such is generally subject to Central Excise valuation on an MRP/Retail Sales Price basis in accordance with s 4A of the Central Excise Act, 1944. This is in contradiction to the premise that software supplied digitally is a service. The argument remains that basic operational character, marketability and commercial value of software remains unchanged, whether it is supplied over the counter in a shop or supplied digitally.

2.2. NASSCOM's Tax Concerns

NASSCOM in its pre budget recommendations for the year 2013-2014 suggested that deviations from the existing provisions should be allowed for matters that warrant the adoption of an alternative approach for tax reform. Consultative groups such as the Tax Administration Reform Commission (TARC) should continue to operate. The IT Industry possesses certain specific tax concerns due to its unique business models which aim to overcome geographical distances. Software product companies are practically SME’s which struggle to maintain cash flow due to imposition of additional tax. All firms, including SMEs are forced to hire a specific employee for tax compliance alone. Further, they prefer to pay the deemed penalty rather than opt for litigation due to added costs, which is not sustainable in the long run.

The CBEC’s Guidance Notes dated 20th June, 2012 clarified many issues arising out of the new provisions in the Service Tax law introduced on 1st July 2012. As laid down by the SC in TCS v. State of AP [5], ‘sale’ of prepackaged/ canned/shrink wrapped software would not be a provision of service. NASSCOM’s earlier request for a clarification as to the taxation of onsite services was fulfilled with the guidance notes treating development of onsite software under the category of development of Information Technology Software as a declared service under section 66(e)(d) of the Finance Act.

NASSCOM suggested clarity in the deemed provisions which allow for dual taxation and ambiguity in the characterization of the transaction. VAT should be levied on the product alone and the service tax should only be payable on the additional services rendered, if any. New business models involve the provision of services along with the product which further increase the possibility of dual taxation. Provision of standard software, including license to use such software, whether electronically or on a media, should not be subject to dual levies, and in case VAT is applied, it would not be liable to Service tax. For software transactions which involve both a product and associated services, the services component should be subject to service tax alone, and the product value should be subject to VAT only. Given the stand taken by the Central Government on the treatment of software supplied electronically, it may be clarified that service tax is applicable on sale of software which is downloaded electronically and Central Sales Tax is not applicable on the same if the transaction is interstate transaction. Other recommendations included:

The Finance Act 2012 introduced certain retrospective amendments which are unfair to the industry involving TDS and associated penalties arising out of royalty implications. The introduction of payment of royalty on Internet downloads of software, services of maintenance, upgrade and telephone services has to be aligned with International standards.
The 10% TDS payable by SMEs and startups in the IT Industry is high due to the low profitability of such ventures and the cash flow crunch faced subsequent to such payment due to the need for investment prior to the start of operations in the product development industry. Often, the actual tax liability is lower than the TDS liability, which results in income tax refunds later while reducing liquidity in operations before. NASSCOM suggested reduction of TDS liability and adjusting pending refunds to future TDS liability. Further, banks should offer loans to software companies by treating the pending TDS refunds as book debts taken by the state. The ideal approach would be the complete exemption of the software industry from TDS u/s s 194J of the Income Tax Act.
Section 194J of the Income Tax Act prescribes that TDS @10% has to be deposited on payment made for the acquisition of software for amount greater than Rs 30,000 in a financial year. NASSCOM recommended that the prescribed limit for the computation of the TDS liability is not indicative of the pricing trends in the current business environment and thus the minimum threshold limits be increased to 3 lakh in a financial year. Further, the relevant criteria of setting these limits should be released in the public domain which would enable the industry to share data for the timely updation of the prescribed limits.
Clause 4 of the second explanation to Sec 9(1)(vi) of the Income Tax Act, 1961 states that Royalty would include consideration for the rendering of services which include the imparting of any information concerning technical, industrial, commercial or scientific knowledge, experience or skill. Royalty indicates consideration for ‘user rights’ rather than ownership rights. NASSCOM in 2014 stated that Software Ancillary Services such as AMC’s, Upgrade Fees, Subscriptions, etc. which do not involve transfer of rights, or grant of license but involve only payments of consideration for services is deemed to be “Royalty” for the purposes of the Income Tax Act and demanded that a clarification be issued under this regard.
Abatement of 15% is allowed from Retail Sale Price (RSP) to arrive at the value of Packaged Software or Canned Software, for payment of excise duty [6]. This notified abatement of 15% does not take into account the incidence of taxes on the product [7]. The taxes on the product amount to ~22% of the RSP and the notified abatement of 15% is not adequate. NASSCOM recommended that the abatement of 15% allowed under the said notification be increased to 30%. High Packaged/Canned software products are sold through a multilayer dealer/distribution chain through which they are delivered to the ultimate consumer. High trade discounts are incurred due to the presence of multiple intermediaries in the supply chain.
The IT Act in recognition of the compulsions and limitations of the SME and start-ups have notified several thresholds below which provisions are not applicable. Unfortunately, these are not revised and lose their relevance in the evolving business environment. NASSCOM requested for the institutionalization of a periodic review mechanism, which would ensure that the thresholds are revisited at predefined frequencies and altered accordingly.
Review of the foreign tax credit provisions are necessary in light of emerging Indian MNCs. The existing tax treaties need to be reevaluated to delete differential tax treatment discouraging domestic investment and contributing to the increased round tripping in the economy.
A separate regulatory approach with respect to Angel Investments needs to be formulated as they serve as the key source of funding for IT firms in the absence of access to public financial institutions.
NASSCOM has also highlighted multiple procedural issues in its prebudget recommendations for the year 2015-16 [8].
NASSCOM expressed its disappointment over the manner of implementation of the Fringe Benefit Tax bringing a lot of legitimate business expenditure on employee welfare in the tax net, resulting in non-investment in the long term benefit of workers by businesses [9].

2.3. iSPIRT's Tax Concerns

iSPIRT stated that the Indian government by adopting a piecemeal approach to the taxation system in the country has contributed to its increased fragmentation. The present tax structure cannot deal with the evolution of the digital economy in India which is increasingly using innovation in its business models.

All prepackaged software are considered to be goods due to an associated tariff code (ITS/HS Code). All other categories of software, are to be treated as services by default through a logic of exclusion, (other than customized software) by virtue of not being included in the tariff code list. There is no recognition of other models of SaaS, PaaS etc. The central government has not given adequate remedies to the issue of the charging of VAT by the State governments. Even when software is defined as a service, its transfer is often held to be deemed sale as per Article 366(29A) of the constitution. ‘SaaS’ software is taxed only under the service tax component when procured through a service partner, as against service tax plus VAT when procured directly. Differential taxation treatment of the same product/service creates immense frictions for ease of doing business for digital goods and services.

iSPIRT identifies the root cause for such confusion to be the non-recognition of intangibles to be at par with tangibles. Technically, by treating them to be ‘goods’ and subjecting them to the Sale of Goods Act, they cannot be treated as services by definition. However, the result of the piecemeal approach is the non recognition of software products as products (effectively), due to their intangible nature. This can be seen by the imposition of royalty from income derived from the sale of software under the Finance Act 2012, which indicates that the transaction of sale of software is considered to be one of transfer of copyright rather than a sale of product.

iSPIRT gave arguments as to the inefficiency of the proposed GST bill to deal with the taxation issues in the software industry, the bill not taking cognizance of the root cause of absent definition of a digital good which treats intangibles at par with tangibles. Practical challenges will arise due to differences in the value chain of use and consumption of ‘goods’ and ‘services’. The tax structuring is not done exclusively for the either software or the digital business. The tax authorities are prone to provide for differential rates under pressure of lobbying in the presence of new sectors in the industry which leads to amendments of rules and increased confusion. With the non-deletion of Clause (29A) of Article 366 in the proposed constitutional amendment, the concept of sales and deemed sales may be misused or may not give way to the concept of supply as envisaged in the GST Bill. Further, the CBEC is expected to use the existing frameworks even if the GST bill is proposed to be passed to the detriment of the software industry.

iSPIRT’s solution involved the transfer of focus to ‘digital’ products and services. It formulated the COG-TRIP test which can be used to define software products as distinct from software services [10]. Software products would be pervasive in the future and would be an essential component of the ‘digital economy’. Software is not necessarily a standalone computer program and may work with either data, audio or video products. Hence software products, sounds, images, data, documents or combinations of them may exist as a ‘digital product/goods’. This ‘digital economy’, would be overwhelmed with trade of not only ‘digital goods’ and ‘digital services’, but also the trade of ‘right to use’ or ‘transfer of right to use’ just as there is ‘deemed sales’ or ‘transfer of right to use’ of tangible goods. Due to inevitable inseparability of software and digital products, the taxation issues of Software product industry should be dealt in a unified ‘digital economy’ domain to prevent the formulation of a temporary, patchwork solution. Focusing on ‘digital’ will provide strategic solution to the problem at policy formulation level.

iSPIRT thus proposed a ‘digital goods’ and ‘digital services’ definition in the tax system [11]. These “digital goods,” or intangible goods have to be awarded the status of “goods” as defined in Article 366(12) of the Constitution. The digital goods, though intangible in nature, exhibit all properties of tangible goods generally acceptable in legal parlance viz. durability (perpetual or time bound), countability (number of pieces, licenses or users etc.), identifiability (standardised), movability and storage, ownership (IP or right to use), reproducibility, and marketability/tradability using an MRP as per the proposed COG TRIP test formulated by ISPIRT. This would be further related to the Sale of Goods Act 1930 and related article 366(29A) aspects. This would also be beneficial for the SaaS Industry which can now be defined under the product (digital goods) category as an industry. Once SaaS is recognized as Product (intangible goods) the next issue to be solved is asking for one single clear tax on a transaction be it “goods” or “services” based on the transaction. Other recommendations included the inapplicability of ‘royalty income’ under the garb of attached ‘copyrights’ in the Income Tax act to digital goods. This binding of ‘royalty income’ on software and ‘intangible/digital’ goods is a bottleneck to trade in a digital economy. Also, the tax system has to be digital in all aspects, i.e., ability to track transactions, levy of a clear single tax and digital collection—including taxes on international online transactions. it also recommended the commencement of taxation of online B2C sales by foreign companies.

iSPIRT expressed its disappointment in its post budget response over no attention being given to easing taxation norms of software companies where there is significant friction, the confusion on “goods” verses “service” tax on online downloads, TDS on sale of Software products and competition from foreign selling B2C products without any tax in India. Tax relaxation should be provided to startups on the basis of profitability rather than exemption in the initial 3 years of operations, when startups may not possess tax liability anyway. Loss making startups should not have to part with liquidity in the form of TDS payments which get refunded later. Relaxation in capital gains tax should not be just confined to investment in government schemes.

iSPIRT in its article dated November 24, 2014 [12] briefly explained the problem of duality of taxes on services. The constitutional framework regarding Indirect Taxes specifies that the manufacturing and services should be taxed by the centre and anything that is traded should be taxed by the states. Services are not tradable in nature in contrast to ‘rights to services’ which are tradable commodities. An example would be a vendor selling a recharge coupon. The actual service would be provided by the Telco, he is just selling the right to service. This would be tradable until the service is consumed. This transaction qualifies for both Service tax, imposed by the centre and the tax on tradable commodities imposed by states. ISPIRT had not yet proposed the digital goods and services definition to resolve these issues and its budget recommendations were similar to those of NASSCOM. It proposed that clarity is needed on the issue of tradability of service as “goods” and “service delivery” as “service”. Only after such clarity is achieved, the GST would be able to resolve the issues of duality of taxes.

Its article classified the taxation issues into direct and indirect.

Direct Tax Issues:

According to the Finance Act 2012, any income arising out of the sale of software amounts to royalty, irrespective of the medium of sale making the said transaction liable for TDS deduction under s 194J. All software sold carries a license for end use without transfer of copyright in the software. The software product and the associated license is sold as a tradable commodity and not as a copyright. International practice treats the sale of software depending on how the rights/copyrights are transferred. This rights based approach shall distinguish between the nature of rights transferred in exchange for consideration.
A transfer of “copyright” would indicate that the payer is permitted to commercially exploit the copyright that would otherwise be the sole privilege of the copyright holder and would constitute infringement of copyright without such transfer. The payer, now the copyright holder, is permitted to reproduce, copy, modify, adapt or prepare derivative works based on the copyrighted software for sale or profit. This transaction is subject to payment of royalty in contrast to a transaction which only involves the transfer of a “copyrighted article”. The payer in this case is only permitted to operate the software product for personal consumption or for use within his business operations. Such payment should be treated as business income and not as royalty.
iSPIRT proposed the repeal of the said amendment and introduction of provisions which differentiate between ‘copyright’ and ‘copyrighted articles’ for the purposes of determination of royalty impositions. Further, it proposed specific exclusion through the addition of an explanation to the deemed provision for income arising from the sale of ‘copyrighted articles’ including shrink wrap software, software licenses, downloadable software, software bundled with hardware. It also recommended that the term copyright be defined in the IT Act for royalty purposes to remove dependency on sections 14 and 52 of the Indian Copyright Act, with the exception of the applicability of the Indian Copyright Act in case of copyright infringement. If software product companies are being subject to a TDS there should be Tax credits available on service tax. It also stressed on the need for a mechanism to speed up the process of TDS refunds.

Indirect Tax Issues:

iSPIRT demanded the amendment of the Mega Notification No. 25/2012 dated June 6, 2012 to provide that electronic delivery of packaged software through telecommunication networks are excluded from the ambit of service tax. Alternatively, an explanation could be attached to s 66E of the Finance Act to provide that the development of software under subclause (d) is “only in relation to customized software and any packaged software delivered online or downloaded on the Internet is specifically excluded from the provisions of section 66E and should not be chargeable to service tax.” Additionally, the “Taxation of Services: an Educational Guide” dated June 20, 2012 issued by the Central Board of Excise and Customs needs to be amended along with the addition of an explanation to chapter 85 of schedule I of the Central Excise Tariff Act stating that packaged software delivered online or downloaded from the internet is also included in the meaning of ‘IT Software’ for the purposes of heading 8523.
iSPIRT made the same recommendation as NASSCOM as to the inadequate rate of abatement from RSP to arrive at the value of packaged/canned software, falling under the Central Excise Tariff Heading, 85239020 of the Central Excise Tariff Act, 1985, for payment of excise duty under s 4A of the Central Excise Act, 1944. It recommended that serial No. 93A in Notification No. 49/2008 dated December 24, 2008 be amended to increase the abatement from the existing 15% to 35%.

3. Concerns with Respect to the Regulatory Mechanism for E-Commerce (B2B Commerce)

The existing FDI norms in India do not permit FDI in multi-brand retail companies. The new rules indicate that 100% FDI is permitted in online retail of goods and services under the ‘market place model’ through the automatic route, rendering legality to the many present e-commerce businesses in India. Since the business entity in focus is only an intermediary which provides the sellers of the goods with a platform for the sale of their products, online retail in the form of the inventory model remains illegal, excepting single brand retail [13]. The present FDI policy aims to convenience sellers who can take advantage of the services of e-commerce giants including, but not confined to, warehousing, logistics, order fulfillment, call centre and payment collection [14].

NASSCOM has suggested keeping the FDI norms for B2C Commerce at par with B2B Commerce. Further, the stipulations in the circular issued in 2015 by the DIPP which provided for the same conditions on SBRT applicable to brick and mortar stores be applicable to online stores which provided for 30% sourcing from local sources for retailers which had more than 51% FDI was opposed by NASSCOM, which reiterated that unviable regulations only restrict trade and development. It stated that e-commerce can be aligned to the objectives of national development by providing impetus to manufacturing sector, order consolidation and distribution, facilitating and supporting SMEs, improving outreach and access to buyers/sellers, bringing traceability and transparency in transactions, empowering consumers with information and data and finally creating new job opportunities. E-commerce has only enabled the creation of unique businesses which has created demand resulting in greater private consumption and market demand in inaccessible areas in consonance with the ruling governments ‘Make in India’ scheme. Further, a transparent audit trail and the resulting efficient tax collection can be better ensured through the medium of online banking and credit cards.

As companies have no control on consumer buying behaviour and will have no say in the choices made by them, there should be no mandate to conclude sale of products sourced from India. Instead, companies will continue to offer local products on their website, but linking it to buying behaviour would be unfair and difficult to comply with. Hence, the policy should stipulate that companies should offer 30% locally sourced products, without any criteria related to sourcing from SMEs.

The government should recognize and support the growth of e-commerce companies who are dedicated to Indian ethnic products, helping MSMEs and artisans to expand their outreach. Presently, the FDI in retail policy gives power to the states to decide. In the context of e-commerce, any geographical limitations will go against the basic tenet of outreach and market access that e-commerce promises. Further any restrictions imposed by states will serve to deprive it from the inherently efficient processes and infrastructure development opportunities, contributing to employment and revenue generation opportunities. Market development is an important priority for the Internet economy and is akin to infrastructure development in the physical world. NASSCOM has been actively engaging with the government to evolve a policy concerning Foreign Direct Investment (FDI) in e-Commerce that encourages smaller technology players to foray into the market.

It recommended:

Allowing 100 per cent FDI in B2C e-Commerce, as in the case of B2B e-Commerce.
Removing the ‘minimum investment threshold’ and conditions of investment in the back-end since e-Commerce requires investment in technology and supply chain for promised efficiencies. Since there is no investment required in creating physical store fronts, there is no need for such a stipulation.
Allowing existing e-Commerce firms to raise capital, in addition to permitting investment in greenfield projects.
Removing geographical limitations that go against the basic tenet of outreach and market access that e-Commerce promises.

NASSCOM also suggested the following restrictions to exclude organisations that are:

Receiving orders on the telephone, facsimile or conventional email.
Are not complying with the rules on FDI in retail in toto.
Pure play e-Commerce ventures that are foraying into physical retail, but not complying by the rules on FDI in retail.

4. Other Policy Recommendations

iSPIRT stated that the complex procedures for share allotment etc should be revised to enable the software companies to concentrate on core business functions.
In May 2016, ISPIRT cautioned the use of patents in India, citing the overuse of patents in USA with corporations whose sole purpose of existence is to register patents and demand royalty payments from unsuspecting users. If India allows software patents under the Patent Cooperation Treaty, it would have to give priority to the existing patents filed in other countries and would enable MNCs to exclude Indian companies from using their ‘inventions’. To enable the Indian software industry to innovate without worrying about patent lawsuits, software patents should not be permitted. iSPIRT lauded the revised guidelines issued by the Indian Patents Office in 2016 which prevent the digital colonization of India by MNCs. order issued by the Controller General of Patents, Designs and Trademarks dated February 19, 2016 finalising the guidelines for Examination of Computer Related Inventions lays down clear tests for recognizing patents.
India has to build a favourable business environment to retain the software products business and its intellectual property, which is highly mobile, within its domestic territory. Among the solutions are liberalized ownership rules with exemptions from regulatory filings and specific regimes (FDI/VCI/FII, etc.), specific exemptions from capital gains and dividend taxes for investors and tax exemption on foreign income of Indian software product companies. The idea of a fully liberalized virtual special economic zone for ownership and operation of software product companies, with India signing an iron-clad double-taxation avoidance agreement should not be rejected.
As was the case with Flipkart, larger buyers and clients withhold payment intentionally until suppliers are forced to grant unreasonable discounts. Large buyers are aware that suppliers would not act upon their rights to preserve business relationships and to avoid unnecessary time consuming and expensive litigation. According to iSPIRT, 98% of Indian SMBs extended goods and services on credit to their clients in 2015 leading to a situation wherein the most exclusive businesses can demand payments upfront. Giving the example of IMAI, which has proposed the establishment of a payment recovery mechanism for the digital communication service industry which would enforce meaningful out of court payment protections, iSPIRT has asked for solutions to the problem at hand in its article dated May 18 2016.
iSPIRT formulated a Stay-in-India checklist as a part of its Startups Bridge India campaign which identifies 34 key issues to be resolved to prevent startups from relocating abroad [15]. The Checklist includes requests for favourable IP tax regime, harmony in taxation of listed and unlisted securities, relaxed external commercial borrowing norms, faster incorporation and liquidation processes, and permitting convertible notes, indemnity escrows, and deferred consideration in foreign investment transactions.
NASSCOM applauded the National Intellectual Property Rights policy, approved by the cabinet on 13 May 2016 [16]for comprehensively covering all aspects of the domain including IPR awareness, generation, legislative framework, administration, commercialization, enforcement and adjudication, human capital and incorporating the suggestions of the associations on IPR policy made last year. According to the policy, the Department of Industrial Policy and Promotion (DIPP) would become the nodal point department for all IPR related developments in India, while respective ministries or departments will be responsible for actual implementation. NASSCOM commented that this single umbrella approach will help leverage linkages between various IP offices. The proposal for a simple loan guarantee scheme to encourage start-ups based on IPRs as mortgage-able assets; financial support and securitization of IP rights for commercialization by enabling valuation of IP rights as intangible assets, the promotion of free and open source software and the support for IPR generation for information and communications technology , including those relating to cyber security for India are welcome. NASSCOM stated that it would partner with DIPP in the modernization efforts support an innovation led Industry in India.
NASSCOM in 2016 urged the SC to reconsider the ban on diesel taxis in the capital highlighting unresolved issues of the safety of the women workforce working in the IT industry and the lack of an adequate CNG infrastructure. Stating that the ban may cost the industry $1 billion, it suggested a deferred timeline for shifting diesel cabs to CNG or a phased implementation.

5. Endnotes

[1] The following activities are ‘declared services’ under section 66E of the Finance Act:

Section 66E (c) of the Finance Act, 1994 - Temporary transfer or permitting the use or enjoyment of an intellectual property right.
Section 66E(d) - Development, design, programming, customization, adaption, upgradation, enhancement, implementation of information technology software. (IT software has been defined in section 65B of the Act as “any representation of instructions, data, sound or image, including source code and object code, recorded in machine readable form, and capable of being manipulated or providing interactivity to a user, by means of a computer or an automatic data processing machine or any other device or equipment.)
Section 66E(f)- Transfer of goods by way of hiring, leasing, licensing or in any such manner without transfer of right to use such goods.

[2] Article 366(29-A) (b) of the Constitution states that a tax on the sale or purchase of goods includes a) a tax on the transfer of property in goods, b) a tax on the delivery of goods on hire purchase or any system of payment by installments, c) a tax on the transfer of the right to use any goods for any purpose, and d) a tax on the supply of goods. Such transfer, delivery or supply of any goods shall be deemed to be a sale of those goods by the person making the transfer, delivery or supply and a purchase of those goods by the person to whom such transfer, delivery or supply is made.

[3] State of A.P. v. Rashtriya Ispat Nigam Ltd. MANU/SC/0163/2002, BSNL v. UOI, MANU/SC/1091/2006: 2006 2 STR 161 S.C.

[4] The petitioner in the above case relied on TCS v State of Andhra Pradesh, (2005) 1 SCC 308 which held that software are goods, whether customized or non-customized, to argue that the Finance Act 2012 was unconstitutional to the extent that it imposed service tax on software. Since the states were imposing VAT on such transactions, the consequent levy of service tax by the Central government was unconstitutional. The dominant intention of the parties, as laid down in the BSNL case, would not have to be examined in such a situation. The Madras HC agreed with the contention that software is a ‘good’, as it is an article of value having regard to its utility and is capable of transmission, delivery, storage, possession and of being brought and sold and did not deviate from the position of law as laid down in the TCS case, its own earlier decision in the case of Infosys Technologies Vs. CTO (2008) TIOL 509 as well as the decision of the Karnataka High Court in Antrix Corporation Ltd. Vs. Assistant Commissioner of Commercial Taxes (2010) TIOL 515.

[5] On making and marketing copies of software, the transaction would be subject to sales tax despite the retention of the copyright with the originator of the programme. The sale is not just of the media, but of the Intellectual Property stored on the media. As it is impossible to separate the transaction, the sale of software would be governed by the Sale of Goods Act 1930, being a ‘good’ under law. Goods sold can be both tangible, intangible/incorporeal. The test is whether they are capable of abstraction, consumption, use, transfer, transmission, delivery, storage, possession etc, fulfilled in the case of software.

[6] This was notified in 2008, Serial No 93A of Notification No 49/2008-CE (NT) dated 24.12.2008, for valuation under Section 4A of the CEA, 1944.

[7] VAT/CST rates ranging from 5.5% to 6.6%; Octroi/Entry Tax of 5.5% in State of Maharashtra; excise duty from 10% ad valorem and Education Cess.

[8] See: http://www.nasscom.in/sites/default/files/policy_update/NASSCOM%20pre-budget%20recommendations%20-%20Procedural%20issues.pdf.

[9] See: http://articles.economictimes.indiatimes.com/2005-09-05/news/27476122_1_fbt-nasscom-kiran-karnik.

[10] Given below is the framework of COG-TRIP:

1. Countability - Number of licenses/users/subscribers
2. Ownership and intellectual property rights
3. Qualification as an intangible good
4. Tradability: The software products (goods) can be sold through different delivery modes
5. Right of service / Right of Use
6. Identifiability
7. Production/development cost: All software production costs are capitalized and subsequently reported at the lower of unamortized cost or net realizable value

[11] DIGITAL GOOD: The term 'digital good' means any software or other good that is delivered or transferred electronically, including sounds, images, data, facts, or combinations thereof, stored and maintained in digital format, where such good is the true object of the transaction, rather than the activity or service performed to create such good.

DIGITAL SERVICE: The term 'digital service' means any service that is provided electronically, including the provision of remote access to or use of a digital good.

For purpose of above definitions, the term:

'Digital Goods' means 'Goods' as defined in 366(12) of the Constitution,
'Digital service' means a 'service' and that which is not a 'Digital Good,'
'Delivered or transferred electronically' means the delivery or transfer by means other than tangible storage media,
'Provided electronically' means the provision remotely via electronic means,
'Software' is a representation of instructions, data, sound or image, including source code and object code, recorded in a machine readable form, and capable of being manipulated or providing interactivity to a user, by means of a computer or an automatic data processing machine or any other device or equipment, and
'Software Product” is a standardised set of such software bundled together as a single program or a Module that directs computer's processor to perform specific operations, exhibiting the properties of an intangible good that can be traded.

EXPLANATORY NOTE: In legal parlance, the 'goods' exhibit the following properties as established under the COG TRIP test: 1) Durability - perpetual or time bound, 2) Countability – traded commodity can be counted as number of pieces, number of licenses used, number of users etc., 3) Identifiability – identified as a standardised product, 4) Movability and storage – can be delivered and stored and accounted as an inventory, 5) Ownership of the right to use, 6) Produced/reproduced through a process, and 7) Marketable/tradable - can be marketed and sold using standard marked price (except when volume discounts, bid pricing and market promotion offers are applicable).

[12] See: http://pn.ispirt.in/tax-challenges-of-the-spisoftware-product-industry-and-budget-recommendations-made-by-ispirt/.

[13] The guidelines issued in November 2015 permitting a select 15 categories in Single Brand retail to sell their products online were further altered in March 2016 by the Department of Industrial Policy and Promotion to allow single brand retail by brick and mortar stores operating in India and Indian manufacturers. The impact of FDI policy on businesses can be understood with cases of alteration of business structure and distancing of e-commerce companies with their subsidiary sellers on allegations of violation of existing norms. The DIPP submitted to the Delhi HC that the ‘market place’ business models adopted by Amazon, Flipkart and Snapdeal etc were not recognized under law as they had resorted to direct sales to customers. Further, the legality of promotional funding would also be questioned on the ground that an intermediary cannot facilitate any scheme of discounts by bearing the difference in the price of the goods sold as to that extent, it is acting as the seller. This would not be in the interests of the consumers, who could earlier take advantage of the various discounts offered in the form of marketing cost reimbursement, bonus schemes etc. With such strong policies, the possibility of equality of prices between online and brick and mortar stores cannot be discarded.

[14] http://www.livemint.com/Politics/hglep85yZOQzChj6KRrrCK/Govt-allows-100-FDI-in-ecommerce-marketplace-model.html.

[15] See: http://pn.ispirt.in/sign-startup-bridge-petition-and-promote-stay-in-india-checklist/.

[16] See: http://articles.economictimes.indiatimes.com/2016-05-14/news/73083932_1_nasscom-software-industry-body-ip-rights.

6. Author Profile

Pavishka Mittal is a law student at West Bengal National University of Juridical Sciences, Kolkata and has completed her second year. She takes contemporary dance very seriously and hopes to contribute to the dance community in India. Other than dancing, she indulges in binge-watching in her spare time.

For more details visit https://cis-india.org/raw/policy-shaping-in-the-indian-it-industry-recommendations-by-nasscom-and-ispirt-2013-2016

Policy Paper on Surveillance in India

vipul — 2015-08-03T15:27:41Z

This policy brief analyses the different laws regulating surveillance at the State and Central level in India and calls out ways in which the provisions are unharmonized. The brief then provides recommendations for the harmonization of surveillance law in India.

Introduction

The current legal framework for surveillance in India is a legacy of the colonial era laws that had been drafted by the British. Surveillance activities by the police are an everyday phenomenon and are included as part of their duties in the various police manuals of the different states. It will become clear from an analysis of the laws and regulations below, that whilst the police manuals cover the aspect of physical surveillance in some detail, they do not discuss the issue of interception of telephone or internet traffic. These issues are dealt with separately under the Telecom Act and the Information Technology Act and the Rules made thereunder, which are applicable to all security agencies and not just the police. Since the Indian laws deal with different aspects of surveillance under different legislations, the regulations dealing with this issue do not have any uniform standards. This paper therefore argues that the need of the hour is to have a single legislation which deals with all aspects of surveillance and interception in one place so that there is uniformity in the laws and practices of surveillance in the entire country.

Legal Regime

India does not have one integrated policy on surveillance and law enforcement and security agencies have to rely upon a number of different sectoral legislations to carry out their surveillance activities. These include:

1. Police Surveillance under Police Acts and Model Police Manual

Article 246(3) of the Constitution of India, read with Entry 2, List II, of the VIIth Schedule, empowers the States to legislate in matters relating to the police. This means that the police force is under the control of the state government rather than the Central government. Consequently, States have their own Police Acts to govern the conduct of the police force. Under the authority of these individual State Police Acts, rules are formulated for day-to-day running of the police. These rules are generally found in the Police Manuals of the individual states. Since a discussion of the Police Manual of each State with its small deviations is beyond the scope of this study, we will discuss the Model Police Manual issued by the Bureau of Police Research and Development.

As per the Model Police Manual, “surveillance and checking of bad characters” is considered to be one of the duties of the police force mentioned in the “Inventory of Police Duties, Functions and Jobs”.[1] Surveillance is also one of the main methods utilized by the police for preventing law and order situations and crimes.[2] As per the Manual the nature and degree of surveillance depends on the circumstances and persons on whom surveillance is mounted and it is only in very rare cases and on rare occasions that round the clock surveillance becomes necessary for a few days or weeks.[3]

Surveillance of History Sheeted Persons: Beat Police Officers should be fully conversant with the movements or changes of residence of all persons for whom history sheets of any category are maintained. They are required to promptly report the exact information to the Station House Officer (SHO), who make entries in the relevant registers. The SHO on the basis of this information reports, by the quickest means, to the SHO in whose jurisdiction the concerned person/persons are going to reside or pass through. When a history-sheeted person is likely to travel by the Railway, intimation of his movements should also be given to the nearest Railway Police Station.[4] It must be noted that the term “history sheet” or “history sheeter” is not defined either in the Indian Penal Code, 1860, most of the State Police Acts or the Model Police Manual, but it is generally understood and defined in the Oxford English Dictionary as persons with a criminal record.

Surveillance of “Bad Characters”: Keeping tabs on and getting information regarding “bad characters” is part of the duties of a beat constable. In the case of a “bad character” who is known to have gone to another State, the SHO of the station in the other state is informed using the quickest means possible followed by sending of a BC Roll 'A' directly to the SHO.[5] When a “bad character” absents himself or goes out of view, whether wanted in a case or not, the information is required to be disseminated to the police stations having jurisdiction over the places likely to be visited by him and also to the neighbouring stations, whether within the State or outside. If such person is traced and intimation is received of his arrest or otherwise, arrangements to get a complete and true picture of his activities are required to be made and the concerned record updated.[6]

The Police Manual clarifies the term “bad characters” to mean “offenders, criminals, or members of organised crime gangs or syndicates or those who foment or incite caste, communal violence, for which history sheets are maintained and require surveillance.”[7] A fascinating glimpse into the history of persons who were considered to be “bad characters” is contained in the article by Surjan Das & Basudeb Chattopadhyay in EPW[8] wherein they bring out the fact that in colonial times a number of the stereotypes propagated by the British crept into their police work as well. It appears that one did not have to be convicted to be a bad character, but people with a dark complexion, strong built, broad chins, deep-set eyes, broad forehead, short hair, scanty or goatee beard, marks on face, moustache, blunt nose, white teeth and monkey-face would normally fit the description of “bad characters”.

Surveillance of Suspicious Strangers: When a stranger of suspicious conduct or demeanour is found within the limits of a police station, the SHO is required to forward a BC Roll to the Police Station in whose jurisdiction the stranger claims to have resided. The receipt of such a roll is required to be immediately acknowledged and replied. If the suspicious stranger states that he resides in another State, a BC Roll is sent directly to the SHO of the station in the other State.[9] The manual however, does not define who a “suspicious stranger” is and how to identify one.

Release of Foreign Prisoners: Before a foreign prisoner (whose finger prints are taken for record) is released the Superintendent of Police of the district where the case was registered is required to send a report to the Director, I.B. through the Criminal Investigation Department informing the route and conveyance by which such person is likely to leave the country.[10]

Shadowing of convicts and dangerous persons: The Police Manual contains the following rules for shadowing the convicts on their release from jails:

(a) Dangerous convicts who are not likely to return to their native places are required to be shadowed. The fact, when a convict is to be shadowed is entered in the DCRB in the FP register and communicated to the Superintendent of Jails.

(b) The Police Officer deputed for shadowing an ex-convict is required to enter the fact in the notebook. The Police Officers area furnished with a challan indicating the particulars of the ex-convict marked for shadowing. This form is returned by the SHO of the area where the ex-convict takes up his residence or passes out of view to the DCRB / OCRS where the jail is situated, where it is put on record for further reference and action if any. Even though the subjects being shadowed are kept in view, no restraint is to put upon their movements on any account.[11]

Apart from the provisions discussed above, there are also provisions in the Police Manual regarding surveillance of convicts who have been released on medical grounds as well as surveillance of ex-convicts who are required to report their movements to the police as per the provisions of section 356 of the Code of Criminal Procedure.[12]

As noted above, the various police manuals are issued under the State Police Acts and they govern the police force of the specific states. The fact that each state has its own individual police manual itself leads to non-uniformity regarding standards and practices of surveillance. But it is not only the legislations at the State levels which lead to this problem, even legislation at the Central level, which are applicable to the country as a whole also have differing standards regarding different aspects of surveillance. In order to explore this further, we shall now discuss the central legislations dealing with surveillance.

2. The Indian Telegraph Act, 1885

Section 5 of the Indian Telegraph Act, 1885, empowers the Central Government and State Governments of India to order the interception of messages in two circumstances: (1) in the occurrence of any public emergency or in the interest of public safety, and (2) if it is considered necessary or expedient to do so in the interest of:[13]

the sovereignty and integrity of India; or
the security of the State; or
friendly relations with foreign states; or
public order; or
for preventing incitement to the commission of an offence.

The Supreme Court of India has specified the terms 'public emergency' and 'public safety', based on the following[14]:

"Public emergency would mean the prevailing of a sudden condition or state of affairs affecting the people at large calling for immediate action. The expression 'public safety' means the state or condition of freedom from danger or risk for the people at large. When either of these two conditions are not in existence, the Central Government or a State Government or the authorised officer cannot resort to telephone tapping even though there is satisfaction that it is necessary or expedient so to do in the interests of it sovereignty and integrity of India etc. In other words, even if the Central Government is satisfied that it is necessary or expedient so to do in the interest of the sovereignty and integrity of India or the security of the State or friendly relations with sovereign States or in public order or for preventing incitement to the commission of an offence, it cannot intercept the message, or resort to telephone tapping unless a public emergency has occurred or the interest of public safety or the existence of the interest of public safety requires. Neither the occurrence of public emergency nor the interest of public safety are secretive conditions or situations. Either of the situations would be apparent to a reasonable person."

In 2007, Rule 419A was added to the Indian Telegraph Rules, 1951 framed under the Indian Telegraph Act which provided that orders on the interception of communications should only be issued by the Secretary in the Ministry of Home Affairs. However, it provided that in unavoidable circumstances an order could also be issued by an officer, not below the rank of a Joint Secretary to the Government of India, who has been authorised by the Union Home Secretary or the State Home Secretary.[15]

According to Rule 419A, the interception of any message or class of messages is to be carried out with the prior approval of the Head or the second senior most officer of the authorised security agency at the Central Level and at the State Level with the approval of officers authorised in this behalf not below the rank of Inspector General of Police, in the belowmentioned emergent cases:

in remote areas, where obtaining of prior directions for interception of messages or class of messages is not feasible; or
for operational reasons, where obtaining of prior directions for interception of message or class of messages is not feasible;

however, the concerned competent authority is required to be informed of such interceptions by the approving authority within three working days and such interceptions are to be confirmed by the competent authority within a period of seven working days. If the confirmation from the competent authority is not received within the stipulated seven days, such interception should cease and the same message or class of messages should not be intercepted thereafter without the prior approval of the Union Home Secretary or the State Home Secretary.[16]

Rule 419A also tries to incorporate certain safeguards to curb the risk of unrestricted surveillance by the law enforcement authorities which include the following:

Any order for interception issued by the competent authority should contain reasons for such direction and a copy of such an order should be forwarded to the Review Committee within a period of seven working days;[17]
Directions for interception should be issued only when it is not possible to acquire the information by any other reasonable means;[18]
The directed interception should include the interception of any message or class of messages that are sent to or from any person n or class of persons or relating to any particular subject whether such message or class of messages are received with one or more addresses, specified in the order being an address or addresses likely to be used for the transmission of communications from or to one particular person specified or described in the order or one particular set of premises specified or described in the order;[19]
The interception directions should specify the name and designation of the officer or the authority to whom the intercepted message or class of messages is to be disclosed to;[20]
The directions for interception would remain in force for sixty days, unless revoked earlier, and may be renewed but the same should not remain in force beyond a total period of one hundred and eighty days;[21]
The directions for interception should be conveyed to the designated officers of the licensee(s) in writing by an officer not below the rank of Superintendent of Police or Additional Superintendent of Police or the officer of the equivalent rank;[22]
The officer authorized to intercept any message or class of messages should maintain proper records mentioning therein, the intercepted message or class of messages, the particulars of persons whose message has been intercepted, the name and other particulars of the officer or the authority to whom the intercepted message or class of messages has been disclosed, etc.;[23]
All the requisitioning security agencies should designate one or more nodal officers not below the rank of Superintendent of Police or the officer of the equivalent rank to authenticate and send the requisitions for interception to the designated officers of the concerned service providers to be delivered by an officer not below the rank of Sub-Inspector of Police;[24]
Records pertaining to directions for interception and of intercepted messages should be destroyed by the competent authority and the authorized security and Law Enforcement Agencies every six months unless these are, or likely to be, required for functional requirements;[25]

According to Rule 419A, service providers \are required by law enforcement to intercept communications are required to comply with the following[26]:

Service providers should designate two senior executives of the company in every licensed service area/State/Union Territory as the nodal officers to receive and handle such requisitions for interception;[27]
The designated nodal officers of the service providers should issue acknowledgment letters to the concerned security and Law Enforcement Agency within two hours on receipt of intimations for interception;[28]
The system of designated nodal officers for communicating and receiving the requisitions for interceptions should also be followed in emergent cases/unavoidable cases where prior approval of the competent authority has not been obtained;[29]
The designated nodal officers of the service providers should forward every fifteen days a list of interception authorizations received by them during the preceding fortnight to the nodal officers of the security and Law Enforcement Agencies for confirmation of the authenticity of such authorizations;[30]
Service providers are required to put in place adequate and effective internal checks to ensure that unauthorized interception of messages does not take place, that extreme secrecy is maintained and that utmost care and precaution is taken with regards to the interception of messages;[31]

Service providers are held responsible for the actions of their employees. In the case of an established violation of license conditions pertaining to the maintenance of secrecy and confidentiality of information and unauthorized interception of communication, action shall be taken against service providers as per the provisions of the Indian Telegraph Act, and this shall not only include a fine, but also suspension or revocation of their license;[32]

Service providers should destroy records pertaining to directions for the interception of messages within two months of discontinuance of the interception of such messages and in doing so they should maintain extreme secrecy.[33]

Review Committee

Rule 419A of the Indian Telegraph Rules requires the establishment of a Review Committee by the Central Government and the State Government, as the case may be, for the interception of communications, as per the following conditions:[34]

(1) The Review Committee to be constituted by the Central Government shall consist of the following members, namely:

(a) Cabinet Secretary - Chairman

(b) Secretary to the Government of India in charge, Legal Affairs - Member

(2) The Review Committee to be constituted by a State Government shall consist of the following members, namely:

(a) Chief Secretary – Chairman

(b) Secretary Law/Legal Remembrancer in charge, Legal Affairs – Member

(3) The Review Committee meets at least once in two months and records its findings on whether the issued interception directions are in accordance with the provisions of sub-section (2) of Section 5 of the Indian Telegraph Act. When the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above it may set aside the directions and order for destruction of the copies of the intercepted message or class of messages;[35]

It must be noted that the Unlawful Activities (Prevention) Act, 1967, (which is currently used against most acts of urban terrorism) also allows for the interception of communications but the procedures and safeguards are supposed to be the same as under the Indian Telegraph Act and the Information Technology Act.[36]

3. Telecom Licenses

The telecom sector in India has seen immense activity in the last two decades ever since it was opened up to private competition. These last twenty years have seen a lot of turmoil and have offered a tremendous learning opportunity for the private players as well as the governmental bodies regulating the sector. Currently any entity wishing to get a telecom license is offered a UL (Unified License) which contains terms and conditions for all the services that a licensee may choose to offer. However there were a large number of other licenses before the current regime, and since the licenses have a long phase out, we have tried to cover what we believe are the four most important licenses issued to telecom operators starting with the CMTS License:

Cellular Mobile Telephony Services (CMTS) License

In terms of National Telecom Policy (NTP)-1994, the first phase of liberalization in mobile telephone service started with issue of 8 licenses for Cellular Mobile Telephony Services (CMTS) in the 4 metro cities of Delhi, Mumbai, Calcutta and Chennai to 8 private companies in November 1994. Subsequently, 34 licenses for 18 Territorial Telecom Circles were also issued to 14 private companies during 1995 to 1998. During this period a maximum of two licenses were granted for CMTS in each service area and these licensees were called 1st & 2nd cellular licensees.[37] Consequent upon announcement of guidelines for Unified Access (Basic & Cellular) Services licenses on 11.11.2003, some of the CMTS operators were permitted to migrate from CMTS License to Unified Access Service License (UASL) but currently no new CMTS and Basic service licenses are being awarded after issuing the guidelines for Unified Access Service Licence (UASL).

The important provisions regarding surveillance in the CMTS License are listed below:

Facilities for Interception: The CMTS License requires the Licensee to provide necessary facilities to the designated authorities for interception of the messages passing through its network.[38]

Monitoring of Telecom Traffic: The designated person of the Central/State Government as conveyed to the Licensor from time to time in addition to the Licensor or its nominee have the right to monitor the telecommunication traffic in every MSC or any other technically feasible point in the network set up by the licensee. The Licensee is required to make arrangement for monitoring simultaneous calls by Government security agencies. The hardware at licensee’s end and software required for monitoring of calls shall be engineered, provided/installed and maintained by the Licensee at licensee’s cost. In case the security agencies intend to locate the equipment at licensee’s premises for facilitating monitoring, the licensee is required to extend all support in this regard including space and entry of the authorised security personnel. The interface requirements as well as features and facilities as defined by the Licensor are to be implemented by the licensee for both data and speech. The Licensee is also required to ensure suitable redundancy in the complete chain of Monitoring equipment for trouble free operations of monitoring of at least 210 simultaneous calls.[39]

Monitoring Records to be maintained: Along with the monitored call following records are to be made available:

Called/calling party mobile/PSTN numbers.
Time/date and duration of interception.
Location of target subscribers. Cell ID should be provided for location of the target subscriber. However, Licensor may issue directions from time to time on the precision of location, based on technological developments and integration of Global Positioning System (GPS) which shall be binding on the LICENSEE.
Telephone numbers if any call-forwarding feature has been invoked by target subscriber.
Data records for even failed call attempts.
CDR (Call Data Record) of Roaming Subscriber.

The Licensee is required to provide the call data records of all the specified calls handled by the system at specified periodicity, as and when required by the security agencies.[40]

Protection of Privacy: It is the responsibility of the Licensee to ensure the protection of privacy of communication and ensure unathorised interception of messages does not take place.[41]

License Agreement for Provision of Internet Services (ISP License)

Internet services were launched in India on 15th August, 1995 by Videsh Sanchar Nigam Limited. In November, 1998, the Government opened up the sector for providing Internet services by private operators. The major provisions dealing with surveillance contained in the ISP License are given below:

Authorization for monitoring: Monitoring shall only be by the authorization of the Union Home Secretary or Home Secretaries of the States/Union Territories.[42]

Access to subscriber list by authorized intelligence agencies and licensor: The complete and up to date list of subscribers will be made available by the ISP on a password protected website – accessible to authorized intelligence agencies.[43] Information such as customer name, IP address, bandwidth provided, address of installation, data of installation, contact number and email of leased line customers shall be included in the website.[44] The licensor or its representatives will also have access to the Database relating to the subscribers of the ISP which is to be available at any instant.[45]

Right to monitor by the central/state government: The designated person of the central/state government or the licensor or nominee will have the right to monitor telecommunications traffic in every node or any other technically feasible point in the network. To facilitate this, the ISP must make arrangements for the monitoring of simultaneous calls by the Government or its security agencies.[46]

Right of DoT to monitor: DoT will have the ability to monitor customers who generate high traffic value and verify specified user identities on a monthly basis.[47]

Provision of mirror images: Mirror images of the remote access information should be made available online for monitoring purposes.[48] A safeguard provided for in the license is that remote access to networks is only allowed in areas approved by the DOT in consultation with the Security Agencies.[49]

Provision of information stored on dedicated transmission link: The ISP will provide the login password to DOT and authorized Government agencies on a monthly basis for access to information stored on any dedicated transmission link from ISP node to subscriber premises.[50]

Provision of subscriber identity and geographic location: The ISP must provide the traceable identity and geographic location of their subscribers, and if the subscriber is roaming – the ISP should try to find traceable identities of roaming subscribers from foreign companies.[51]

Facilities for monitoring: The ISP must provide the necessary facilities for continuous monitoring of the system as required by the licensor or its authorized representatives.[52]

Facilities for tracing: The ISP will also provide facilities for the tracing of nuisance, obnoxious or malicious calls, messages, or communications. These facilities are to be provided specifically to authorized officers of the Government of India (police, customs, excise, intelligence department) when the information is required for investigations or detection of crimes and in the interest of national security.[53]

Facilities and equipment to be specified by government: The types of interception equipment to be used will be specified by the government of India.[54] This includes the installation of necessary infrastructure in the service area with respect to Internet Telephony Services offered by the ISP including the processing, routing, directing, managing, authenticating the internet calls including the generation of Call Details Record, IP address, called numbers, date, duration, time, and charge of the internet telephony calls.[55]

Facilities for surveillance of mobile terminal activity: The ISP must also provide the government facilities to carry out surveillance of Mobile Terminal activity within a specified area whenever requested.[56]

Facilities for monitoring international gateway: As per the requirements of security agencies, every international gateway location having a capacity of 2 Mbps or more will be equipped will have a monitoring center capable of monitoring internet telephony traffic.[57]

Facilities for monitoring in the premise of the ISP: Every office must be at least 10x10 with adequate power, air conditioning, and accessible only to the monitoring agencies. One local exclusive telephone line must be provided, and a central monitoring center must be provided if the ISP has multiple nodal points.[58]

Protection of privacy: There is a responsibility on the ISP to protect the privacy of its communications transferred over its network. This includes securing the information and protecting against unauthorized interception, unauthorized disclosure, ensure the confidentiality of information, and protect against over disclosure of information- except when consent has been given.[59]

Log of users: Each ISP must maintain an up to date log of all users connected and the service that they are using (mail, telnet, http, etc). The ISPs must also log every outward login or telnet through their computers. These logs as well as copies of all the packets must be made available in real time to the Telecom Authority.[60]

Log of internet leased line customers: A record of each internet leased line customer should be kept along with details of connectivity, and reasons for taking the link should be kept and made readily available for inspection.[61]

Log of remote access activities: The ISP will also maintain a complete audit trail of the remote access activities that pertain to the network for at least six months. This information must be available on request for any agency authorized by the licensor.[62]

Monitoring requirements: The ISP must make arrangements for the monitoring of the telecommunication traffic in every MSC exchange or any other technically feasible point, of at least 210 calls simultaneously.[63]

Records to be made available:

CDRS: When required by security agencies, the ISP must make available records of i) called/calling party mobile/PSTN numbers ii) time/date and duration of calls iii) location of target subscribers and from time to time precise location iv) telephone numbers – and if any call forwarding feature has been evoked – records thereof v) data records for failed call attempts vi) CDR of roaming subscriber.[64]
Bulk connections: On a monthly basis, and from time to time, information with respect to bulk connections shall be forwarded to DoT, the licensor, and security agencies.[65]
Record of calls beyond specified threshold: Calls should be checked, analyzed, and a record maintained of all outgoing calls made by customers both during the day and night that exceed a set threshold of minutes. A list of suspected subscribers should be created by the ISP and should be informed to DoT and any officer authorized by the licensor at any point of time.[66]
Record of subscribers with calling line identification restrictions: Furthermore, a list of calling line identification restriction subscribers with their complete address and details should be created on a password protected website that is available to authorized government agencies.[67]

Unified Access Services (UAS) License

Unified Access Services operators provide services of collection, carriage, transmission and delivery of voice and/or non-voice messages within their area of operation, over the Licensee’s network by deploying circuit and/or packet switched equipment. They may also provide Voice Mail, Audiotex services, Video Conferencing, Videotex, E-Mail, Closed User Group (CUG) as Value Added Services over its network to the subscribers falling within its service area on a non-discriminatory basis.

The terms of providing the services are regulated under the Unified Access Service License (UASL) which also contains provisions regarding surveillance/interception. These provisions are regularly used by the state agencies to intercept telephonic and data traffic of subscribers. The relevant terms of the UASL dealing with surveillance and interception are discussed below:

Confidentiality of Information: The Licensee cannot employ bulk encryption equipment in its network. Any encryption equipment connected to the Licensee’s network for specific requirements has to have prior evaluation and approval of the Licensor or officer specially designated for the purpose. However, any encryption equipment connected to the Licensee’s network for specific requirements has to have prior evaluation and approval of the Licensor or officer specially designated for the purpose. However, the Licensee has the responsibility to ensure protection of privacy of communication and to ensure that unauthorised interception of messages does not take place.[68] The Licensee shall take necessary steps to ensure that the Licensee and any person(s) acting on its behalf observe confidentiality of customer information.[69]

Responsibility of the Licensee: The Licensee has to take all necessary steps to safeguard the privacy and confidentiality of any information about a third party and its business to whom it provides the service and from whom it has acquired such information by virtue of the service provided and shall use its best endeavors to secure that :

No person acting on behalf of the Licensee or the Licensee divulges or uses any such information except as may be necessary in the course of providing such service to the third party; and
No such person seeks such information other than is necessary for the purpose of providing service to the third party.[70]

Provision of monitoring facilities: Requisite monitoring facilities /equipment for each type of system used, shall be provided by the service provider at its own cost for monitoring as and when required by the licensor.[71] The license also requires the Licensee to provide necessary facilities to the designated authorities for interception of the messages passing through its network.[72] The licensor in this case is the President of India, as the head of the State, therefore all references to the term licensor can be assumed to be to the government of India (which usually acts through the department of telecom (DOT). For monitoring traffic, the licensee company has to provide access of their network and other facilities as well as to books of accounts to the security agencies.[73]

Monitoring by Designated Person: The designated person of the Central/ State Government as conveyed to the Licensor from time to time in addition to the Licensor or its nominee has the right to monitor the telecommunication traffic in every MSC/Exchange/MGC/MG or any other technically feasible point in the network set up by the Licensee. The Licensee is required to make arrangement for monitoring simultaneous calls by Government security agencies. The hardware at Licensee’s end and software required for monitoring of calls shall be engineered, provided/installed and maintained by the Licensee at Licensee’s cost. However, the respective Government instrumentality bears the cost of user end hardware and leased line circuits from the MSC/ Exchange/MGC/MG to the monitoring centres to be located as per their choice in their premises or in the premises of the Licensee. In case the security agencies intend to locate the equipment at Licensee’s premises for facilitating monitoring, the Licensee should extend all support in this regard including space and entry of the authorized security personnel. The Licensee is required to implement the interface requirements as well as features and facilities as defined by the Licensor for both data and speech. The Licensee is to ensure suitable redundancy in the complete chain of Monitoring equipment for trouble free operations of monitoring of at least 210 simultaneous calls for seven security agencies.[74]

Monitoring Records to be maintained: Along with the monitored call following records are to be made available:

Called/calling party mobile/PSTN numbers.
Time/date and duration of interception.
Location of target subscribers. Cell ID should be provided for location of the target subscriber. However, Licensor may issue directions from time to time on the precision of location, based on technological developments and integration of Global Positioning System (GPS) which shall be binding on the LICENSEE.
Telephone numbers if any call-forwarding feature has been invoked by target subscriber.
Data records for even failed call attempts.
CDR (Call Data Record) of Roaming Subscriber.

The Licensee is required to provide the call data records of all the specified calls handled by the system at specified periodicity, as and when required by the security agencies.[75]

List of Subscribers: The complete list of subscribers shall be made available by the Licensee on their website (having password controlled access), so that authorized Intelligence Agencies are able to obtain the subscriber list at any time, as per their convenience with the help of the password.[76] The Licensor or its representative(s) have an access to the Database relating to the subscribers of the Licensee. The Licensee shall also update the list of his subscribers and make available the same to the Licensor at regular intervals. The Licensee shall make available, at any prescribed instant, to the Licensor or its authorized representative details of the subscribers using the service.[77] The Licensee must provide traceable identity of their subscribers,[78] and should be able to provide the geographical location (BTS location) of any subscriber at a given point of time, upon request by the Licensor or any other agency authorized by it.[79]

CDRs for Large Number of Outgoing Calls: The call detail records for outgoing calls made by subscribers making large number of outgoing calls day and night and to the various telephone numbers should be analyzed. Normally, no incoming call is observed in such cases. This can be done by running special programs for this purpose.[80] Although this provision itself does not say that it is limited to bulk subscribers (subscribers with more than 10 lines), it is contained as a sub-clause of section 41.19 which talks about specific measures for bulk subscribers, therefore it is possible that this provision is limited only to bulk subscribers and not to all subscribers.

No Remote Access to Suppliers: Suppliers/manufacturers and affiliate(s) are not allowed any remote access to the be enabled to access Lawful Interception System(LIS), Lawful Interception Monitoring(LIM), Call contents of the traffic and any such sensitive sector/data, which the licensor may notify from time to time, under any circumstances.[81] The Licensee is also not allowed to use remote access facility for monitoring of content.[82] Further, suitable technical device is required to be made available at Indian end to the designated security agency/licensor in which a mirror image of the remote access information is available on line for monitoring purposes.[83]

Monitoring as per the Rules under Telegraph Act: In order to maintain the privacy of voice and data, monitoring shall be in accordance with rules in this regard under Indian Telegraph Act, 1885.[84] It interesting to note that the monitoring under the UASL license is required to be as per the Rules prescribed under the Telegraph Act, but no mention is made of the Rules under the Information Technology Act.

Monitoring from Centralised Location: The Licensee has to ensure that necessary provision (hardware/ software) is available in its equipment for doing lawful interception and monitoring from a centralized location.[85]

Unified License (UL)

The National Telecom Policy - 2012 recognized the fact that the evolution from analog to digital technology has facilitated the conversion of voice, data and video to the digital form which are increasingly being rendered through single networks bringing about a convergence in networks, services and devices. It was therefore felt imperative to move towards convergence between various services, networks, platforms, technologies and overcome the incumbent segregation of licensing, registration and regulatory mechanisms in these areas. It was for this reason that the Government of India decided to move to the Unified License regime under which service providers could opt for all or any one or more of a number of different services.[86]

Provision of interception facilities by Licensee: The UL requires that the requisite monitoring/ interception facilities /equipment for each type of service, should be provided by the Licensee at its own cost for monitoring as per the requirement specified by the Licensor from time to time.[87] The Licensee is required to provide necessary facilities to the designated authorities of Central/State Government as conveyed by the Licensor from time to time for interception of the messages passing through its network, as per the provisions of the Indian Telegraph Act.[88]

Bulk encryption and unauthorized interception: The UL prohibits the Licensee from employing bulk encryption equipment in its network. Licensor or officers specially designated for the purpose are allowed to evaluate any encryption equipment connected to the Licensee’s network. However, it is the responsibility of the Licensee to ensure protection of privacy of communication and to ensure that unauthorized interception of messages does not take place.[89] The use of encryption by the subscriber shall be governed by the Government Policy/rules made under the Information Technology Act, 2000.[90]

Safeguarding of Privacy and Confidentiality: The Licensee shall take necessary steps to ensure that the Licensee and any person(s) acting on its behalf observe confidentiality of customer information.[91] Subject to terms and conditions of the license, the Licensee is required to take all necessary steps to safeguard the privacy and confidentiality of any information about a third party and its business to whom it provides services and from whom it has acquired such information by virtue of the service provided and shall use its best endeavors to secure that: a) No person acting on behalf of the Licensee or the Licensee divulges or uses any such information except as may be necessary in the course of providing such service; and b) No such person seeks such information other than is necessary for the purpose of providing service to the third party.

Provided the above para does not apply where: a) The information relates to a specific party and that party has consented in writing to such information being divulged or used, and such information is divulged or used in accordance with the terms of that consent; or b) The information is already open to the public and otherwise known.[92]

No Remote Access to Suppliers: Suppliers/manufacturers and affiliate(s) are not allowed any remote access to the be enabled to access Lawful Interception System(LIS), Lawful Interception Monitoring(LIM), Call contents of the traffic and any such sensitive sector/data, which the licensor may notify from time to time, under any circumstances.[93] The Licensee is also not allowed to use remote access facility for monitoring of content.[94] Further, suitable technical device is required to be made available at Indian end to the designated security agency/licensor in which a mirror image of the remote access information is available on line for monitoring purposes.[95]

Monitoring as per the Rules under Telegraph Act: In order to maintain the privacy of voice and data, monitoring shall be in accordance with rules in this regard under Indian Telegraph Act, 1885.[96] Just as in the UASL, the monitoring under the UL license is required to be as per the Rules prescribed under the Telegraph Act, but no mention is made of the Rules under the Information Technology Act.

Terms specific to various services

Since the UL License intends to cover all services under a single license, in addition to the general terms and conditions for interception, it also has terms for each specific service. We shall now discuss the terms for interception specific to each service offered under the Unified License.

Access Service: The designated person of the Central/ State Government, in addition to the Licensor or its nominee, shall have the right to monitor the telecommunication traffic in every MSC/ Exchange/ MGC/ MG/ Routers or any other technically feasible point in the network set up by the Licensee. The Licensee is required to make arrangement for monitoring simultaneous calls by Government security agencies. For establishing connectivity to Centralized Monitoring System, the Licensee at its own cost shall provide appropriately dimensioned hardware and bandwidth/dark fibre upto a designated point as required by Licensor from time to time. In case the security agencies intend to locate the equipment at Licensee’s premises for facilitating monitoring, the Licensee should extend all support in this regard including space and entry of the authorized security personnel.

The Interface requirements as well as features and facilities as defined by the Licensor should be implemented by the Licensee for both data and speech. The Licensee should ensure suitable redundancy in the complete chain of Lawful Interception and Monitoring equipment for trouble free operations of monitoring of at least 480 simultaneous calls as per requirement with at least 30 simultaneous calls for each of the designated security/ law enforcement agencies. Each MSC of the Licensee in the service area shall have the capacity for provisioning of at least 3000 numbers for monitoring. Presently there are ten (10) designated security/ law enforcement agencies. The above capacity provisions and no. of designated security/ law enforcement agencies may be amended by the Licensor separately by issuing instructions at any time.

Along with the monitored call following records are to be made available:

Called/calling party mobile/PSTN numbers.
Time/date and duration of interception.
Location of target subscribers. Cell ID should be provided for location of the target subscriber. However, Licensor may issue directions from time to time on the precision of location, based on technological developments and integration of Global Positioning System (GPS) which shall be binding on the LICENSEE.
Telephone numbers if any call-forwarding feature has been invoked by target subscriber.
Data records for even failed call attempts.
CDR (Call Data Record) of Roaming Subscriber.

The Licensee is required to provide the call data records of all the specified calls handled by the system at specified periodicity, as and when required by the security agencies.[97]

The call detail records for outgoing calls made by those subscribers making large number of outgoing calls day and night to the various telephone numbers with normally no incoming calls, is required to be analyzed by the Licensee. The service provider is required to run special programme, devise appropriate fraud management and prevention programme and fix threshold levels of average per day usage in minutes of the telephone connection; all telephone connections crossing the threshold of usage are required to be checked for bona fide use. A record of check must be maintained which may be verified by Licensor any time. The list/details of suspected subscribers should be informed to the respective TERM Cell of DoT and any other officer authorized by Licensor from time to time.[98]

The Licensee shall provide location details of mobile customers as per the accuracy and time frame mentioned in the Unified License. It shall be a part of CDR in the form of longitude and latitude, besides the co-ordinate of the BTS, which is already one of the mandated fields of CDR. To start with, these details will be provided for specified mobile numbers. However, within a period of 3 years from effective date of the Unified License, location details shall be part of CDR for all mobile calls.[99]

Internet Service: The Licensee is required to maintain CDR/IPDR for Internet including Internet Telephony Service for a minimum period of one year. The Licensee is also required to maintain log-in/log-out details of all subscribers for services provided such as internet access, e-mail, Internet Telephony, IPTV etc. These logs are to be maintained for a minimum period of one year. For the purpose of interception and monitoring of traffic, the copies of all the packets originating from / terminating into the Customer Premises Equipment (CPE) shall be made available to the Licensor/Security Agencies. Further, the list of Internet Lease Line (ILL) customers is to be placed on a password protected website in the format prescribed in the Unified License.[100]

Lawful Interception and Monitoring (LIM) systems of requisite capacities are to be set up by the Licensees for Internet traffic including Internet telephony traffic through their Internet gateways and /or Internet nodes at their own cost, as per the requirement of the security agencies/Licensor prescribed from time to time. The cost of maintenance of the monitoring equipment and infrastructure at the monitoring centre located at the premises of the licensee shall be borne by the Licensee. In case the Licensee obtains Access spectrum for providing Internet Service / Broadband Wireless Access using the Access Spectrum, the Licensee shall install the required Lawful Interception and Monitoring systems of requisite capacities prior to commencement of service. The Licensee, while providing downstream Internet bandwidth to an Internet Service provider is also required to ensure that all the traffic of downstream ISP passing through the Licensee’s network can be monitored in the network of the Licensee. However, for nodes of Licensee having upstream bandwidth from multiple service providers, the Licensee may be mandated to install LIM/LIS at these nodes, as per the requirement of security agencies. In such cases, upstream service providers may not be required to monitor this bandwidth.[101]

In case the Licensee has multiple nodes/points of presence and has capability to monitor the traffic in all the Routers/switches from a central location, the Licensor may accept to monitor the traffic from the said central monitoring location, provided that the Licensee is able to demonstrate to the Licensor/Security Agencies that all routers / switches are accessible from the central monitoring location. Moreover, the Licensee would have to inform the Licensor of every change that takes place in their topology /configuration, and ensure that such change does not make any routers/switches inaccessible from the central monitoring location. Further, Office space of 10 feet x 10 feet with adequate and uninterrupted power supply and air-conditioning which is physically secured and accessible only to the monitoring agencies shall be provided by the Licensee at each Internet Gateway location at its cost.[102]

National Long Distance (NLD) Service: The requisite monitoring facilities are required to be provided by the Licensee as per requirement of Licensor. The details of leased circuit provided by the Licensee is to be provided monthly to security agencies & DDG (TERM) of the Licensed Service Area where the licensee has its registered office.[103]

International Long Distance (ILD) Service: Office space of 20’x20’ with adequate and uninterrupted power supply and air-conditioning which is physically secured and accessible only to the personnel authorized by the Licensor is required to be provided by the Licensee at each Gateway location free of cost.[104] The cost of monitoring equipment is to be borne by the Licensee. The installation of the monitoring equipment at the ILD Gateway Station is to be done by the Licensee. After installation of the monitoring equipment, the Licensee shall get the same inspected by monitoring /security agencies. The permission to operate/commission the gateway will be given only after this.[105]

The designated person of the Central/ State Government, in addition to the Licensor or its nominee, has the right to monitor the telecommunication traffic in every ILD Gateway / Routers or any other technically feasible point in the network set up by the Licensee. The Licensee is required to make arrangement for monitoring simultaneous calls by Government security agencies. For establishing connectivity to Centralized Monitoring System, the Licensee, at its own cost, is required to provide appropriately dimensioned hardware and bandwidth/dark fibre upto a designated point as required by Licensor from time to time. In case the security agencies intend to locate the equipment at Licensee’s premises for facilitating monitoring, the Licensee should extend all support in this regard including Space and Entry of the authorized security personnel. The Interface requirements as well as features and facilities as defined by the Licensor should be implemented by the Licensee for both data and speech. The Licensee should ensure suitable redundancy in the complete chain of Monitoring equipment for trouble free operations of monitoring of at least 480 simultaneous calls as per requirement with at least 30 simultaneous calls for each of the designated security/ law enforcement agencies. Each ILD Gateway of the Licensee shall have the capacity for provisioning of at least 5000 numbers for monitoring. Presently there are ten (10) designated security/ law enforcement agencies. The above capacity provisions and number of designated security/ law enforcement agencies may be amended by the Licensor separately by issuing instructions at any time.[106]

The Licensee is required to provide the call data records of all the specified calls handled by the system at specified periodicity, as and when required by the security agencies in the format prescribed from time to time.[107]

Global Mobile Personal Communication by Satellite (GMPCS) Service: The designated Authority of the Central/State Government shall have the right to monitor the telecommunication traffic in every Gateway set up in India. The Licensee shall make arrangement for monitoring of calls as specified in the Unified License.[108]

The hardware/software required for monitoring of calls shall be engineered, provided/installed and maintained by the Licensee at the ICC (Intercept Control Centre) to be established at the GMPCS Gateway(s) as also in the premises of security agencies at Licensee’s cost. The Interface requirements as well as features and facilities shall be worked out and implemented by the Licensee for both data and speech. The Licensee should ensure suitable redundancy in the complete chain of Monitoring equipment for trouble free operations. The Licensee shall provide suitable training to the designated representatives of the Licensor regarding operation and maintenance of Monitoring equipment (ICC & MC). Interception of target subscribers using messaging services should also be provided even if retrieval is carried out using PSTN links. For establishing connectivity to Centralized Monitoring System, the Licensee at its own cost shall provide appropriately dimensioned hardware and bandwidth/dark fibre upto a designated point as required by Licensor from time to time.[109] The License also has specific obligations to extend monitored calls to designated security agencies as provided in the UL.[110] Further, the Licensee is required to provide the call data records of all the calls handled by the system at specified periodicity, if and as and when required by the security agencies.[111] It is the responsibility of the service provider for Global Mobile Personal Communication by Satellite (GMPCS) to provide facility to carry out surveillance of User Terminal activity.[112]

The Licensee has to make available adequate monitoring facility at the GMPCS Gateway in India to monitor all traffic (traffic originating/terminating in India) passing through the applicable system. For this purpose, the Licensee shall set up at his cost, the requisite interfaces, as well as features and facilities for monitoring of calls by designated agencies as directed by the Licensor from time to time. In addition to the Target Intercept List (TIL), it should also be possible to carry out specific geographic location based interception, if so desired by the designated security agencies. Monitoring of calls should not be perceptible to mobile users either during direct monitoring or when call has been grounded for monitoring. The Licensee shall not prefer any charges for grounding a call for monitoring purposes. The intercepted data is to be pushed to designated Security Agencies’ server on fire and forget basis. No records shall be maintained by the Licensee regarding monitoring activities and air-time used beyond prescribed time limit.

The Licensee has to ensure that any User Terminal (UT) registered in the gateway of another country shall re-register with Indian Gateway when operating from Indian Territory. Any UT registered outside India, when attempting to make/receive calls from within India, without due authority, shall be automatically denied service by the system and occurrence of such attempts along with information about UT identity as well as location shall be reported to the designated authority immediately.

The Licensee is required to have provision to scan operation of subscribers specified by security/ law enforcement agencies through certain sensitive areas within the Indian territory and shall provide their identity and positional location (latitude and longitude) to Licensor on as and when required basis.

Public Mobile Radio Trunking Service (PMRTS): Suitable monitoring equipment prescribed by the Licensor for each type of System used has to be provided by the Licensee at his own cost for monitoring, as and when required.[113]

Very Small Aperture Terminal (VSAT) Closed User Group (CUG) Service: Requisite monitoring facilities/ equipment for each type of system used have to be provided by the Licensee at its own cost for monitoring as and when required by the Licensor.[114] The Licensee shall provide at its own cost technical facilities for accessing any port of the switching equipment at the HUB for interception of the messages by the designated authorities at a location to be determined by the Licensor.[115]

Surveillance of MSS-R Service: The Licensee has to provide at its own cost technical facilities for accessing any port of the switching equipment at the HUB for interception of the messages by the designated authorities at a location as and when required.[116] It is the responsibility of the service provider of INSAT- Mobile Satellite System Reporting (MSS-R) service to provide facility to carry out surveillance of User Terminal activity within a specified area.[117]

Resale of International Private Leased Circuit (IPLC) Service: The Licensee has to take IPLC from the licensed ILDOs. The interception and monitoring of Resellers circuits will take place at the Gateway of the ILDO from whom the IPLC has been taken by the Licensee. The provisioning for Lawful Interception & Monitoring of the Resellers’ IPLC shall be done by the ILD Operator and the concerned ILDO shall be responsible for Lawful Interception and Monitoring of the traffic passing through the IPLC. The Resellers shall extend all cooperation in respect of interception and monitoring of its IPLC and shall be responsible for the interception results. The Licensee shall be responsible to interact, correspond and liaise with the licensor and security agencies with regard to security monitoring of the traffic. The Licensee shall, before providing an IPLC to the customer, get the details of services/equipment to be connected on both ends of IPLC, including type of terminals, data rate, actual use of circuit, protocols/interface to be used etc. The Resellers shall permit only such type of service/protocol on the IPLC for which the concerned ILDO has capability of interception and monitoring. The Licensee has to pass on any direct request placed by security agencies on him for interception of the traffic on their IPLC to the concerned ILDOs within two hours for necessary actions.[118]

4. The Information Technology Act, 2000

The Information Technology Act, 2000, was amended in a major way in 2008 and is the primary legislation which regulates the interception, monitoring, decryption and collection of traffic information of digital communications in India.

More specifically, section 69 of the Information Technology Act empowers the central Government and the state governments to issue directions for the monitoring, interception or decryption of any information transmitted, received or stored through a computer resource. Section 69 of the Information Technology Act, 2000 expands the grounds upon which interception can take place as compared to the Indian Telegraph Act, 1885. As such, the interception of communications under Section 69 is carried out in the interest of[119]:

The sovereignty or integrity of India

Defence of India

Security of the State
Friendly relations with foreign States
Public order
Preventing incitement to the commission of any cognizable offense relating to the above
For the investigation of any offense

While the grounds for interception are similar to the Indian Telegraph Act (except for the condition of prevention of incitement of only cognizable offences and the addition of investigation of any offence) the Information Technology Act does not have the overarching condition that interception can only occur in the case of public emergency or in the interest of public safety.

Additionally, section 69 of the Act mandates that any person or intermediary who fails to assist the specified agency with the interception, monitoring, decryption or provision of information stored in a computer resource shall be punished with imprisonment for a term which may extend to seven years and shall be liable for a fine.[120]

Section 69B of the Information Technology Act empowers the Central Government to authorise the monitoring and collection of information and traffic data generated, transmitted, received or stored through any computer resource for the purpose of cyber security. According to this section, any intermediary who intentionally or knowingly fails to provide technical assistance to the authorised agency which is required to monitor and collection information and traffic data shall be punished with an imprisonment which may extend to three years and will also be liable to a fine.[121]

The main difference between Section 69 and Section 69B is that the first requires the interception, monitoring and decryption of all information generated, transmitted, received or stored through a computer resource when it is deemed “necessary or expedient” to do so, whereas Section 69B specifically provides a mechanism for all metadata of all communications through a computer resource for the purpose of combating threats to “cyber security”. Directions under Section 69 can be issued by the Secretary to the Ministry of Home Affairs, whereas directions under Section 69B can only be issued by the Secretary of the Department of Information Technology under the Union Ministry of Communications and Information Technology.

Overlap with the Telegraph Act

Thus while the Telegraph Act only allows for interception of messages or class of messages transmitted by a telegraph, the Information Technology Act enables interception of any information being transmitted or stored in a computer resource. Since a “computer resource” is defined to include a communication device (such as cellphones and PDAs) there is a overlap between the provisions of the Information Technology Act and the Telegraph Act concerning the provisions of interception of information sent through mobile phones. This is further complicated by the fact that the UAS License specifically states that it is governed by the provisions of the Indian Telegraph Act, the Indian Wireless Telegraphy Act and the Telecom Regulatory Authority of India Act, but does not mention the Information Technology Act.[122] This does not mean that the Licensees under the Telecom Licenses are not bound by any other laws of India (including the Information Technology Act) but it is just an invitation to unnecessary complexities and confusions with regard to a very serious issue such as interception. This situation has thankfully been remedied by the Unified License (UL) which, although issued under section of 4 of the Telegraph Act, also references the Information Technology Act thus providing essential clarity with respect to the applicability of the Information Technology Act to the License Agreement.

Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009

The interception of internet communications is mainly covered by the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009under the Information Technology Act (the “IT Interception Rules”). In particular, the rules framed under Section 69 and 69B include safeguards stipulating to who may issue directions of interception and monitoring, how such directions are to be executed, the duration they remain in operation, to whom data may be disclosed, confidentiality obligations of intermediaries, periodic oversight of interception directions by a Review Committee under the Indian Telegraph Act, the retention of records of interception by intermediaries and to the mandatory destruction of information in appropriate cases.

According to the IT Interception Rules, only the competent authority can issue an order for the interception, monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under sub-section (2) of section 69 of the Information Technology Act.[123] At the State and Union Territory level, the State Secretaries respectively in charge of the Home Departments are designated as “competent authorities” to issue interception directions.[124]In unavoidable circumstances the Joint Secretary to the Government of India, when so authorised by the Competent Authority, may issue an order. Interception may also be carried out with the prior approval of the Head or the second senior most officer of the authorised security agency at the Central Level and at the State Level with the approval of officers authorised in this behalf not below the rank of Inspector General of Police, in the belowmentioned emergent cases:

(1) in remote areas, where obtaining of prior directions for interception or monitoring or decryption of information is not feasible; or

(2) for operational reasons, where obtaining of prior directions for interception or monitoring or decryption of any information generation, transmitted, received or stored in any computer resource is not feasible,

however, in the above circumstances the officer would have to inform the competent authority in writing within three working days about the emergency and of the interception, monitoring or decryption and obtain the approval of the competent authority within a period of seven working days. If the approval of the competent authority is not obtained within the said period of seven working days, such interception or monitoring or decryption shall cease and the information shall not be intercepted or monitored or decrypted thereafter without the prior approval of the competent authority.[125] If a state wishes to intercept information that is beyond its jurisdiction, it must request permission to issue the direction from the Secretary in the Ministry of Home Affairs.[126]

In order to avoid the risk of unauthorised interception, the IT Interception Rules provide for the following safeguards:

If authorised by the competent authority, any agency of the government may intercept, monitor, or decrypt information transmitted, received, or stored in any computer resource only for the purposes specified in section 69(1) of the IT Act.[127]
The IT Interception Rules further provide that the competent authority may give any decryption direction to the decryption key holder.[128]
The officer issuing an order for interception is required to issue requests in writing to designated nodal officers of the service provider.[129]
Any direction issued by the competent authority must contain the reasons for direction, and must be forwarded to the review committee seven days after being issued.[130]
In the case of issuing or approving an interception order, in arriving at its decision the competent authority must consider all alternate means of acquiring the information.[131]
The order must relate to information sent or likely to be sent from one or more particular computer resources to another (or many) computer resources.[132]
The reasons for ordering interceptions must be recorded in writing, and must specify the name and designation of the officer to whom the information obtained is to be disclosed, and also specify the uses to which the information is to be put.[133]
The directions for interception will remain in force for a period of 60 days, unless renewed. If the orders are renewed they cannot be in force for longer than 180 days.[134]
Authorized agencies are prohibited from using or disclosing contents of intercepted communications for any purpose other than investigation, but they are permitted to share the contents with other security agencies for the purpose of investigation or in judicial proceedings. Furthermore, security agencies at the union territory and state level will share any information obtained by following interception orders with any security agency at the centre.[135]
All records, including electronic records pertaining to interception are to be destroyed by the government agency “every six months, except in cases where such information is required or likely to be required for functional purposes”.[136]
The contents of intercepted, monitored, or decrypted information will not be used or disclosed by any agency, competent authority, or nodal officer for any purpose other than its intended purpose.[137]
The agency authorised by the Secretary of Home Affairs is required to appoint a nodal officer (not below the rank of superintendent of police or equivalent) to authenticate and send directions to service providers or decryption key holders.[138]

The IT Interception Rules also place the following obligations on the service providers:

In addition, all records pertaining to directions for interception and monitoring are to be destroyed by the service provider within a period of two months following discontinuance of interception or monitoring, unless they are required for any ongoing investigation or legal proceedings.[139]
Upon receiving an order for interception, service providers are required to provide all facilities, co-operation, and assistance for interception, monitoring, and decryption. This includes assisting with: the installation of the authorised agency's equipment, the maintenance, testing, or use of such equipment, the removal of such equipment, and any action required for accessing stored information under the direction.[140]
Additionally, decryption key holders are required to disclose the decryption key and provide assistance in decrypting information for authorized agencies.[141]

Every fifteen days the officers designated by the intermediaries are required to forward to the nodal officer in charge a list of interceptions orders received by them. The list must include the details such as reference and date of orders of the competent authority.[142]
The service provider is required to put in place adequate internal checks to ensure that unauthorised interception does not take place, and to ensure the extreme secrecy of intercepted information is maintained.[143]
The contents of intercepted communications are not allowed to be disclosed or used by any person other than the intended recipient.[144]
Additionally, the service provider is required to put in place internal checks to ensure that unauthorized interception of information does not take place and extreme secrecy is maintained. This includes ensuring that the interception and related information are handled only by the designated officers of the service provider.[145]

Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009

The Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009, under section 69B of the Information Technology Act, stipulate that directions for the monitoring and collection of traffic data or information can be issued by an order made by the competent authority[146] for any or all of the following purposes related to cyber security:

forecasting of imminent cyber incidents;
monitoring network application with traffic data or information on computer resource;
identification and determination of viruses or computer contaminant;
tracking cyber security breaches or cyber security incidents;
tracking computer resource breaching cyber security or spreading virus or computer contaminants;
identifying or tracking any person who has breached, or is suspected of having breached or likely to breach cyber security;
undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resources;
accessing stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force;
any other matter relating to cyber security.[147]

According to these Rules, any direction issued by the competent authority should contain reasons for such direction and a copy of such direction should be forwarded to the Review Committee within a period of seven working days.[148] Furthermore, these Rules state that the Review Committee shall meet at least once in two months and record its finding on whether the issued directions are in accordance with the provisions of sub-section (3) of section 69B of the Act. If the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issue an order for the destruction of the copies, including corresponding electronic record of the monitored or collected traffic data or information.[149]

Information Technology (Guidelines for Cyber Cafes) Rules, 2011

The Information Technology (Guidelines for Cyber Cafes) Rules, 2011, were issued under powers granted under section 87(2), read with section 79(2) of the Information Technology Act, 2000.[150] These rules require cyber cafes in India to store and maintain backup logs for each login by any user, to retain such records for a year and to ensure that the log is not tampered. Rule 7 requires the inspection of cyber cafes to determine that the information provided during registration is accurate and remains updated.

5. The Indian Post Office Act, 1898
Section 26 of the Indian Post Office Act, 1898, empowers the Central Government and the State Governments to intercept postal articles.[151] In particular, section 26 of the Indian Post Office Act, 1898, states that on the occurrence of any public emergency or in the interest of public safety or tranquility, the Central Government, State Government or any officer specially authorised by the Central or State Government may direct the interception, detention or disposal of any postal article, class or description of postal articles in the course of transmission by post. Furthermore, section 26 states that if any doubt arises regarding the existence of public emergency, public safety or tranquility then a certificate to that effect by the Central Government or a State Government would be considered as conclusive proof of such condition being satisfied.

According to this section, the Central Government and the State Governments of India can intercept postal articles if it is deemed to be in the instance of a 'public emergency' or for 'public safety or tranquility'. However, the Indian Post Office Act, 1898, does not cover electronic communications and does not mandate their interception, which is covered by the Information Technology Act, 2000 and the Indian Telegraph Act, 1885.

6. The Indian Wireless Telegraphy Act, 1933
The Indian Wireless Telegraphy Act was passed to regulate and govern the possession of wireless telegraphy equipment within the territory of India. This Act essentially provides that no person can own “wireless telegraphy apparatus”[152] except with a license provided under this Act and must use the equipment in accordance with the terms provided in the license.[153]

One of the major sources of revenue for the Indian State Broadcasting Service was revenue from the licence fee from working of wireless apparatus under the Indian Telegraph Act, 1885.The Indian State Broadcasting Service was losing revenue due to lack of legislation for prosecuting persons using unlicensed wireless apparatus as it was difficult to trace them at the first place and then prove that such instrument has been installed, worked and maintained without licence. Therefore, the current legislation was proposed, in order to prohibit possession of wireless telegraphy apparatus without licence.

Presently the Act is used to prosecute cases, related to illegal possession and transmission via satellite phones. Any person who wishes to use satellite phones for communication purposes has to get licence from the Department of Telecommunications.[154]

7. The Code of Criminal Procedure
Section 91 of the Code of Criminal Procedure regulates targeted surveillance. In particular, section 91 states that a Court in India or any officer in charge of a police station may summon a person to produce any document or any other thing that is necessary for the purposes of any investigation, inquiry, trial or other proceeding under the Code of Criminal Procedure.[155] Under section 91, law enforcement agencies in India could theoretically access stored data. Additionally, section 92 of the Code of Criminal Procedure regulates the interception of a document, parcel or thing in the possession of a postal or telegraph authority.

Further section 356(1) of the Code of Criminal Procedure provides that in certain cases the Courts have the power to direct repeat offenders convicted under certain provisions, to notify his residence and any change of, or absence from, such residence after release for a term not exceeding five years from the date of the expiration of the second sentence.

Policy Suggestions

In order to avoid the different standards being adopted for different aspects of surveillance and in different parts of the country, there should be one single policy document or surveillance and interception manual which should contain the rules and regulations regarding all kinds of surveillance. This would not only help in identifying problems in the law but may also be useful in streamlining the entire surveillance regime. However it is easier said than done and requires a mammoth effort at the legislative stage. This is because under the Constitutional scheme of India law and order is a State subject and the police machinery in every State is under the authority of the State government. Therefore it would not be possible to issue a single legislation dealing with all aspects of surveillance since the States are independent in their powers to deal with the police machinery.

Even when we look at the issue of interception, certain state legislations especially the ones dealing with organized crime and bootleggers such as the Maharashtra Control of Organized Crime Act, 1999, the Andhra Pradesh Control of Organized Crime Act, 2001, also deal with the issue of interception and contain provisions empowering the state government to intercept communications for the purpose of using it to investigate or prevent criminal activities. Further even the two central level legislations that deal with interception, viz. the Telegraph Act and the Information Technology Act, specifically empower the State governments also to intercept communications on the same grounds as the Central Government. Since interception of communications is mostly undertaken by security and law enforcement agencies, broadly for the maintenance of law and order, State governments cannot be prevented from issuing their own legislations to deal with interception.

Due to the abovementioned legal and constitutional complexities the major problem in achieving harmonization is to get both the Central and State governments on to the same page. Even if the Central government amends the Telegraph Act and the IT Act to bring them in line with each other, the State governments will still be free to do whatever they please. Therefore it seems the best approach in order to achieve harmonization may be to have a two pronged strategy, i.e. (i) issue a National Surveillance Policy covering both interception and general surveillance; and (ii) amend the central legislations i.e. the Telegraph Act and the Information Technology Act in accordance with the National Surveillance Policy. Once a National Surveillance Policy, based on scientific data and the latest theories on criminology is issued, it is hoped that State governments will themselves like to adopt the principles enshrined therein and amend their own legislations dealing with interception to fall in line with the National Surveillance Policy.

[1] Section 6(2)(b) of the Model Police Manual.

[2] Section 191 (D) of the Model Police Manual.

[3] Section 200 (D) of the Model Police Manual.

[4] Section 2011 (I) of the Model Police Manual.

[5] Section 201 (II) of the Model Police Manual.

[6] Section 201 (IV) of the Model Police Manual.

[7] Section 193 (III) of the Model Police Manual.

[8] Surjan Das & Basudeb Chattopadhyay, Rural Crime in Police Perception: A Study of Village Crime Note Books, 26(3) Economic and Political Weekly 129, 129 (1991).

[9] Section 201 (III) of the Model Police Manual.

[10] Section 201 (V) of the Model Police Manual.

[11] Section 201 (VII) of the Model Police Manual.

[12] Section 356(1) of the Criminal Procedure Code states as follows:

356. Order for notifying address of previously convicted offender.

(1) When any person, having been convicted by a Court in India of an offence punishable under section 215, section 489A, section 489B, section 489C or section 489D of the Indian Penal Code, (45 of 1860 ) or of any offence punishable under Chapter XII or Chapter XVII of that Code, with imprisonment for a term of three years or upwards, is again convicted of any offence punishable under any of those sections or Chapters with imprisonment for a term of three years or upwards by any Court other than that of a Magistrate of the second class, such Court may, if it thinks fit, at the time of passing a sentence of imprisonment on such person, also order that his residence and any change of, or absence from, such residence after release be notified as hereinafter provided for a term not exceeding five years from the date of the expiration of such sentence.

[13] The Indian Telegraph Act, 1885, http://www.ijlt.in/pdffiles/Indian-Telegraph-Act-1885.pdf

[14] Privacy International, Report: “India”, Chapter 3: “Surveillance Policies”, https://www.privacyinternational.org/reports/india/iii-surveillance-policies

[15] Rule 419A(1), Indian Telegraph Rules, 1951.

[16] Rule 419A(1), Indian Telegraph Rules, 1951.

[17] Rule 419A(2), Indian Telegraph Rules, 1951.

[18] Rule 419A(3), Indian Telegraph Rules, 1951.

[19] Rule 419A(4), Indian Telegraph Rules, 1951.

[20] Rule 419A(5), Indian Telegraph Rules, 1951.

[21] Rule 419A(6), Indian Telegraph Rules, 1951.

[22] Rule 419A(7), Indian Telegraph Rules, 1951.

[23] Rule 419A(8), Indian Telegraph Rules, 1951.

[24] Rule 419A(9), Indian Telegraph Rules, 1951.

[25] Rule 419A(18), Indian Telegraph Rules, 1951.

[26] Ibid.

[27] Rule 419A(10), Indian Telegraph Rules, 1951.

[28] Rule 419A(11), Indian Telegraph Rules, 1951.

[29] Rule 419A(12), Indian Telegraph Rules, 1951.

[30] Rule 419A(13), Indian Telegraph Rules, 1951.

[31] Rule 419A(14), Indian Telegraph Rules, 1951.

[32] Rule 419A(15), Indian Telegraph Rules, 1951.

[33] Rule 419A(19), Indian Telegraph Rules, 1951.

[34] Ibid.

[35] Ibid.

[36] Section 46 of the Unlawful Activities Prevention Act, 1967. The Unlawful Activities (Prevention) Act, 1967 has certain additional safeguards such as not allowing intercepted information to be disclosed or received in evidence unless the accused has been provided with a copy of the same atleast 10 days in advance, unless the period of 10 days is specifically waived by the judge.

[37] State owned Public Sector Undertakings (PSUs) (Mahanager Telephone Nigam Limited (MTNL) and Bharat Sanchar Nigam Limited (BSNL)) were issued licenses for provision of CMTS as third operator in various parts of the country. Further, 17 fresh licenses were issued to private companies as fourth cellular operator in September/ October, 2001, one each in 4 Metro cities and 13 Telecom Circles.

[38] Section 45.2 of the CMTS License.

[39] Section 41.09 of the CMTS License.

[40] Section 41.09 of the CMTS License.

[41] Section 44.4 of the CMTS License. Similar provision exists in section 44.11 of the CMTS License.

[42] Section 34.28 (xix) of the ISP License.

[43] Section 34.12 of the ISP License.

[44] Section 34.13 of the ISP License.

[45] Section 34.22 of the ISP License.

[46] Section 34.6 of the ISP License.

[47] Section 34.15 of the ISP License.

[48] Section 34.28 (xiv) of the ISP License.

[49] Section 34.28 (xi) of the ISP License.

[50] Section 34.14 of the ISP License.

[51] Section 34.28 (ix)&(x) of the ISP License.

[52] Section 30.1 of the ISP License.

[53] Section 33.4 of the ISP License.

[54] Section 34.4 of the ISP License.

[55] Section 34.7 of the ISP License.

[56] Section 34.9 of the ISP License.

[57] Section 34.27 (a)(i) of the ISP License.

[58] Section 34.27(a)(ii-vi) of the ISP License.

[59] Section 32.1, 32.2 (i)(ii), 32.3 of the ISP License.

[60] Section 34.8 of the ISP License.

[61] Section 34.18 of the ISP License.

[62] Section 34.28 (xv) of the ISP License.

[63] Section 41.10 of the ISP License.

[64] Section 41.10 of the ISP License.

[65] Section 41.19(i) of the ISP License.

[66] Section 41.19(ii) of the ISP License.

[67] Section 41.19(iv) of the ISP License.

[68] Section 39.1 of the UASL. Similar provision is contained in section 41.4, 41.12 of the UASL.

[69] Section 39.3 of the UASL.

[70] Section 39.2 of the UASL.

[71] Section 23.2 of the UASL. Similar provisions are contained in section 41.7 of the UASL regarding provision of monitoring equipment for monitoring in the “interest of security”.

[72] Section 42.2 of the UASL.

[73] Section 41.20(xx) of the UASL.

[74] Section 41.10 of the UASL.

[75] Section 41.10 of the UASL.

[76] Section 41.14 of the UASL.

[77] Section 41.16 of the UASL.

[78] Section 41.20(ix) of the UASL.

[79] Section 41.20(ix) of the UASL.

[80] Section 41.19(ii) of the UASL.

[81] Section 41.20(xii) of the UASL.

[82] Section 41.20(xiii) of the UASL.

[83] Section 41.20(xiv) of the UASL.

[84] Section 41.20 (xix) of the UASL.

[85] Section 41.20(xvi) of the UASL.

[86] The different services covered by the Unified License are:

a. Unified License (All Services)

b. Access Service (Service Area-wise)

c. Internet Service (Category-A with All India jurisdiction)

d. Internet Service (Category-B with jurisdiction in a Service Area)

e. Internet Service (Category-C with jurisdiction in a Secondary Switching Area)

f. National Long Distance (NLD) Service

g. International Long Distance (ILD) Service

h. Global Mobile Personal Communication by Satellite (GMPCS) Service

i. Public Mobile Radio Trunking Service (PMRTS) Service

j. Very Small Aperture Terminal (VSAT) Closed User Group (CUG) Service

k. INSAT MSS-Reporting (MSS-R) Service

l. Resale of International private Leased Circuit (IPLC) Service

Authorisation for Unified License (All Services) would however cover all services listed at para 2(ii) (b) in all service areas, 2 (ii) (c), 2(ii) (f) to 2(ii) (l) above.

[87] Chapter IV, Para 23.2 of the UL.

[88] Chapter VI, Para 40.2 of the UL.

[89] Chapter V, Para 37.1 of the UL. Similar provision is contained in Chapter VI, Para 39.4,

[90] Chapter V, Para 37.5 of the UL/

[91] Chapter V, Para 37.3 of the UL.

[92] Chapter V, Para 37.2 of the UL.

[93] Chapter VI, Para 39.23(xii) of the UL.

[94] Chapter VI, Para 39.23 (xiii) of the UL.

[95] Chapter VI, Para 39.23 (xiv) of the UL.

[96] Chapter VI, Para 39.23 (xix) of the UL.

[97] Chapter VIII, Para 8.3 of the UL.

[98] Chapter VIII, Para 8.4 of the UL.

[99] Chapter VIII, Para 8.5 of the UL.

[100] Chapter IX, Paras 7.1 to 7.3 of the UL. Further obligations have also been imposed on the Licensee to ensure that its ILL customers maintain the usage of IP addresses/Network Address Translation (NAT) syslog, in case of multiple users on the same ILL, for a minimum period of one year.

[101] Chapter IX, Paras 8.1 to 8.3 of the UL.

[102] Chapter IX, Paras 8.4 and 8.5 of the UL.

[103] Chapter X, Para 5.2 of the UL.

[104] Chapter XI, Para 6.3 of the UL.

[105] Chapter XI, Para 6.4 of the UL.

[106] Chapter XI, Para 6.6 of the UL.

[107] Chapter XI, Para 6.7 of the UL.

[108] Chapter XII, Para 7.4 of the UL.

[109] Chapter XII, Para 7.5 of the UL.

[110] Chapter XII, Para 7.6 of the UL.

[111] Chapter XII, Para 7.7 of the UL.

[112] Chapter XII, Para 7.8 of the UL.

[113] Chapter XIII, Para 7.1 of the UL.

[114] Chapter XIV, Para 8.1 of the UL.

[115] Chapter XIV, Para 8.2 of the UL.

[116] Chapter XV, Para 8.1 of the UL.

[117] Chapter XV, Para 8.5 of the UL.

[118] Chapter XVI, Paras 4.1 - 4.4 of the UL.

[119] Section 69 of the Information Technology Act, 2000.

[120] Ibid.

[121] Section 69B of the Information Technology Act, 2000.

[122] Section 32 of the ISP License.

[123] Rule 3, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[124] Rule 2(d), Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[125] Rule 3, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[126] Rule 6, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[127] Rule 4, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[128] Rule 5, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[129] Rule 13, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[130] Rule 7, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[131] Rule 8, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[132] Rule 9, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[133] Rule 10, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[134] Rule 11, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[135] Rule 25(2)&(6), Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[136] Rule 23, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[137] Rule 25, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[138] Rule 12, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[139] Rule 23(2), Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[140] Rule 19, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[141] Rule 17, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[142] Rule 18, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[143] Rule 20& 21, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[144] Rule 25, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[145] Rule 20, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[146] Rule 3(1) of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.

[147] Rule 3(2) of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.

[148] Rule 3(3) of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.

[149] Rules 7 of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.

[150] Introduction to the Information Technology (Guidelines for Cyber Cafe) Rules, 2011.

[151] The Indian Post Office Act, 1898, http://www.indiapost.gov.in/Pdf/Manuals/TheIndianPostOfficeAct1898.pdf

[152] The expression “wireless telegraphy apparatus” has been defined as “any apparatus, appliance, instrument or material used or capable of use in wireless communication, and includes any article determined by rule made under Sec. 10 to be wireless telegraphy apparatus, but does not include any such apparatus, appliance, instrument or material commonly used for other electrical purposes, unless it has been specially designed or adapted for wireless communication or forms part of some apparatus, appliance, instrument or material specially so designed or adapted, nor any article determined by rule made under Section 10 not to be wireless telegraphy apparatus;”

[153] Section 4, Wireless Telegraphy Act, 1933.

[154] Snehashish Ghosh, Indian Wireless Telegraphy Act, 1933, http://cis-india.org/telecom/resources/indian-wireless-telegraphy-act.

[155] The Code of Criminal Procedure, 1973, Section 91, http://www.icf.indianrailways.gov.in/uploads/files/CrPC.pdf

For more details visit https://cis-india.org/internet-governance/blog/policy-paper-on-surveillance-in-india

Policy for Government's Presence in Social Media - Recommendations

krithika — 2011-08-02T07:37:29Z

In pursuance of the Office Memorandum issued by the DIT dated March 4, 2011, the e-Governance Group of the DIT, convened on March 23, 2011, the first meeting of an exclusive group to propose guidelines for government presence on social networking and social media sites. The Centre for Internet and Society being one of the invitees to the meeting, has submitted its recommendations for a Policy for the Government's presence in social networking and social media sites.

1. Data Retention

The Government's communication to citizens via social media should follow the same data retention policy as its communication through other electronic and non-electronic channels.

Data portability compliance varies from one social media platform to another. Hence, privileged access may be mandated by the Government along the same lines “take down notices” and “information requests” currently being sent to social media and other platforms for intellectual property rights infringement and other offences.

2. Privacy

Yochai Benkler has famously stated that privacy is the protection of the weak from scrutiny by the powerful while transparency is the exposure of the powerful to scrutiny by the weak.¹

It is critical that social media policy for the Government is compliant with existing law governing data protection and privacy.² As Benkler said, privacy protection should be a function of power – ordinary citizens should be afforded greater protection than Government personnel. Each department of the Government may be recommended to publish their own set of additional protections to safeguard privacy of citizens while maintaining highest levels of transparency of Government bodies.

3. Certifying Official Accounts

Some social media platforms have the ability to certify or validate an official account. Such validation must be made mandatory for all Government presence across various social media platforms. The mere existence of official Government social media accounts does not mean that the Government officers cannot use their own personal unofficial social media accounts. However, there must be a very clear and discernable distinction between a Government officer's personal (individual) social media presence and the official social media presence of a Government department or Ministry.

While individual officers are encouraged to set up their own personal social media presences, the official accounts must be in the format: Ministry/Department (Acronym) along with Designation (Acronym) of the official, so that the fans/followers/friends accumulated during the tenure of a particular official can be handed over to the next person who takes the same office. In order that this process of handing over is smooth and uniform across various Government departments, it is recommended that the protocol for handing over of social media presences be clearly laid down and communicated to all the Government departments.

4. Social Media Integration with Government Portals

Social media must be integrated with the official websites. Ideally, the websites should use Free and Open Source Software (FOSS) content management system with full compliance with web accessibility guidelines such as W3C's Web Content Accessibility Guidelines (WCAG) so that the RSS feeds of newly added content can be broadcast via multiple social media presences. Therefore, social media is seen as an additional benefit accruing from already existing efforts and investments of the Governments in electronic publishing.

In fact, it would be greatly beneficial for citizens if a constitutent relationship management software with tracking number is used for all social media and email communication by the Government. This will bring about a higher level of transparency and accountability on part of the Government.

5. Security

Social media presences will be the target of malicious elements online. Government social media presences are, in fact, at a greater risk of being subject to such attacks. Therefore, Government security standards must be adhered to including change of passwords regularly for Government social media accounts.

6. Mass Outreach

In order to neutralise the pro-elite bias of social media, a special outreach to non-elites via mobile phones must be an integral part of the Government's social media strategy. Digitally enabled middle class activism can undermine true participatory democracy and this must be resisted.

7. Rude Accountability

Occasionally, citizens may resort to the use of inflammatory language and tone with Government authorities to claim public services and to sanction service failures. Such communications referred to as 'rude accountability' accompanied by trolling are common phenomena which the Government can expect around its social media presences. It is recommended that these incidents be ignored at the first instances instead of penalising them. The Department of Information Technology (DIT) should prescribe protocol for escalation in case of systemic trollers. It is to be noted that the lower threshold for freedom of speech as prescribed by the Information Technology Act and Information Technology Rules should not serve as the yardstick on Government social media presences for characterising citizens' behaviour as offences. It is important that the Government allows a greater space for citizens to communicate with the Government and exercise their freedom of expression.

8. Managing Expectations

Each Government Ministry/Department/Official should publicly manage expectations for their social media presences in the form of an explicit, published “social media” policy in which expectations surrounding integral aspects of communication with the public such as public comments, speed of response and procedure for escalation are clearly documented. This will ensure that citizens have fewer undue expectations from the social media presence of a particular Government authority.

9. Brevity of Communications

Social media particularly, micro blogging and SMS is based on brevity of communications. Therefore, when a social media presence is branded or named, it must be ensured that the name takes up least number of characters so that it enables viral propagation.

In order to standardise on the spellings employed for SMS slang common in micro blogging and SMSes, it is recommended that Government officials use modern clients with in-built support for such functionality to avoid being embarrassed online.

10. Official Logo

The official logo of the Government Ministry/Department should be an integral part of Government social media presences. The logo may also be published where applicable so that it could be the Public key. A link to the official website should be employed wherever appropriate in order to establish credibility of the social media presence.

11. Proactive Information Disclosure

Social media should be used as a means to uphold RTI obligations for proactive information disclosure and to drive traffic to the website which should ideally be an archive of such comprehensive proactive disclosures.

12. Alternative Open Platforms

Wherever free and open/ non-proprietary/ community-owned social media infrastructure exists, the Government will be obliged to use the alternative social media platform in addition to mainstream platforms. For instance, for every Government authority's presence on Twitter, the Government is obliged to ensure that such authority also has a presence on status.net.

13. Uniformity of Communication

Social media can only be used by the Government to communicate existing Government information and propagate official policy terms to the public. Great care must be taken to avoid propagation of unverified facts and frivolous misleading rumours which tend to circulate often through miscreants on social media platforms. It is recommended that any information published by the Government on a social media platform should be published only when such information can also be published through other existing Government channels.

If the Government has to be a good neighbour in social media, it should also contribute to viral dissemination of relevant public information by way of re-tweeting, commenting and liking. Considering that the Government might lend its credibility to dubious causes through such endorsement, a protocol should be in place as part of social media policy for the Government to ensure that baseless and dubious claims are not vouched for by the Government.

1See Yochai Benkler, “A Free Irresponsible Press: Wikileaks and the Battle over the Soul of the Networked Fourth Estate” (2011), forthcoming Harvard Civil Rights – Civil Liberties Law Review available at http://bit.ly/e84QhK.

2Existing laws covering data protection and privacy would include the Information Technology Act, the Information Technology Rules, The Telegraph Act and the Constitution of India.

For more details visit https://cis-india.org/internet-governance/blog/policy-for-governments-presence-in-social-media-recommendations

Policy Brief: Oversight Mechanisms for Surveillance

elonnai — 2015-11-24T06:09:01Z

Download the PDF

Introduction

Across jurisdictions, the need for effective and relevant oversight mechanisms (coupled with legislative safeguards) for state surveillance has been highlighted by civil society, academia, citizens and other key stakeholders.[1] A key part of oversight of state surveillance is accountability of intelligence agencies. This has been recognized at the international level. Indeed, the Organization for Economic Co-operation and Development, The United Nations, the Organization for Security and Cooperation in Europe, the Parliamentary Assembly of the Council of Europe, and the Inter-Parliamentary Union have all recognized that intelligence agencies need to be subject to democratic accountability.[2] Since 2013, the need for oversight has received particular attention in light of the information disclosed through the 'Snowden Revelations'. [3] Some countries such as the US, Canada, and the UK have regulatory mechanisms for the oversight of state surveillance and the intelligence community, while many other countries – India included - have piecemeal oversight mechanisms in place. The existence of regulatory mechanisms for state surveillance does not necessarily equate to effective oversight – and piecemeal mechanisms – depending on how they are implemented, could be more effective than comprehensive mechanisms. This policy brief seeks to explore the purpose of oversight mechanisms for state surveillance, different forms of mechanisms, and what makes a mechanism effective and comprehensive. The brief also reviews different oversight mechanisms from the US, UK, and Canada and provides recommendations for ways in which India can strengthen its present oversight mechanisms for state surveillance and the intelligence community.

What is the purpose and what are the different components of an oversight mechanism for State Surveillance?

The International Principles on the Application of Human Rights to Communication Surveillance, developed through a global consultation with civil society groups, industry, and international experts recommends that public oversight mechanisms for state surveillance should be established to ensure transparency and accountability of Communications Surveillance. To achieve this, mechanisms should have the authority to:

Access all potentially relevant information about State actions, including, where appropriate, access to secret or classified information;
Assess whether the State is making legitimate use of its lawful capabilities;
Evaluate whether the State has been comprehensively and accurately publishing information about the use and scope of Communications Surveillance techniques and powers in accordance with its Transparency obligations publish periodic reports and other information relevant to Communications Surveillance;
Make public determinations as to the lawfulness of those actions, including the extent to which they comply with these Principles[4]

What can inform oversight mechanisms for state surveillance?

The development of effective oversight mechanisms for state surveillance can be informed by a number of factors including:

Rapidly changing technology – how can mechanisms adapt, account for, and evaluate perpetually changing intelligence capabilities?
Expanding surveillance powers – how can mechanisms evaluate and rationalize the use of expanding agency powers?
Tensions around secrecy, national interest, and individual rights – how can mechanisms respect, recognize, and uphold multiple competing interests and needs including an agency's need for secrecy, the government's need to protect national security, and the citizens need to have their constitutional and fundamental rights upheld?
The structure, purpose, and goals of specific intelligence agencies and circumstances– how can mechanisms be sensitive and attuned to the structure, purpose, and functions of differing intelligence agencies and circumstances?

These factors lead to further questions around:

The purpose of an oversight mechanism: Is an oversight mechanism meant to ensure effectiveness of an agency? Perform general reviews of agency performance? Supervise the actions of an agency? Hold an agency accountable for misconduct?
The structure of an oversight mechanism: Is it internal? External? A combination of both? How many oversight mechanisms that agencies should be held accountable to?
The functions of an oversight mechanism: Is an oversight mechanism meant to inspect? Evaluate? Investigate? Report?
The powers of an oversight mechanism: The extent of access that an oversight mechanism needs and should have to the internal workings of security agencies and law enforcement to carry out due diligence? The extent of legal backing that an oversight mechanism should have to hold agencies legally accountable.

What oversight mechanisms for State Surveillance exist in India?

In India the oversight 'ecosystem' for state surveillance is comprised of:

Review committee: Under the Indian Telegraph Act 1885 and the Rules issued thereunder (Rule 419A), a Central Review Committee that consists of the Cabinet Secretary, Secretary of Legal Affairs to the Government of India, Secretary of Department of Telecommunications to the Government of India is responsible for meeting on a bi-monthly basis and reviewing the legality of interception directions. The review committee has the power to revoke the directions and order the destruction of intercepted material.[5] This review committee is also responsible for evaluating interception, monitoring, and decryption orders issued under section 69 of the Information Technology Act 2000.[6] and orders for the monitoring and collection of traffic data under section 69B of the Information Technology Act 2000.[7]
Authorizing Authorities: The Secretary in the Ministry of Home Affairs of the Central Government is responsible for authorizing requests for the interception, monitoring, and decryption of communications issued by central agencies.[8] The Secretary in charge of the Home Department is responsible for authorizing requests for the interception, monitoring, and decryption of communications from state level agencies and law enforcement.[9] The Secretary to the Government of India in the Department of Information Technology under the Ministry of Communications and Information Technology is responsible for authorizing requests for the monitoring and collection of traffic data.[10] Any officer not below the rank of Joint Secretary to the Government of India, who has been authorised by the Union Home Secretary or the State Home Secretary in this behalf, may authorize the interception of communications in case of an emergency.[11] A Commissioner of Police, District Superintendent of Police or Magistrate may issue requests for stored data to any postal or telegraph authority.[12]
Administrative authorities: India does not have an oversight mechanism for intelligence agencies, but agencies do report to different authorities. For example: The Intelligence Bureau reports to the Home Minister, the Research and Anaylsis Wing is under the Cabinet Secretariat and reports to the Prime Minister, the Joint Intelligence Committee (JIC), National Technical Research Organisation (NTRO) and Aviation Research Centre (ARC) report to the National Security Adviser; and the National Security Council Secretariat under the NSA which serves the National Security Council.[13]

It is important to note that though India has a Right to Information Act, but most of the security agencies are exempt from the purview of the Act[14] as is disclosure of any information that falls under the purview of the Official Secrets Act 1923.[15] [Note: There is no point in listing out all the exceptions given in section 8 and other sections as well. I think the point is sufficiently made when we say that security agencies are exempt from the purview of the Act.] The Official Secrets Act does not provide a definition of an 'official secret' and instead protects information: pertaining to national Security, defence of the country, affecting friendly relations with foreign states, etc.[16] Information in India is designated as classified in accordance to the Manual of Departmental Security Instruction which is circulated by the Ministry of Home Affairs. According to the Public Records Rules 1997, “classified records" means the files relating to the public records classified as top-secret, confidential and restricted in accordance with the procedure laid down in the Manual of Departmental Security Instruction circulated by the Ministry of Home affairs from time to time;”[17] Bi-annually officers evaluate and de-classify classified information and share the same with the national archives.[18] In response to questions raised in the Lok Sabha on the 5th of May 2015 regarding if the Official Secrets Act, 1923 will be reviewed, the number of classified files stored with the Government under the Act, and if the Government has any plans to declassify some of the files – the Ministry of Home Affairs clarified that a committee consisting of Secretaries of the Ministry of Home Affairs, the Department of Personnel and Training, and the Department of Legal Affairs has been established to examine the provisions of the Official Secrets Act, 1923 particularly in light of the Right to Information Act, 2005. The Ministry of Home Affairs also clarified that the classification and declassification of files is done by each Government Department as per the Manual of Departmental Security Instructions, 1994 and thus there is no 'central database of the total number of classified files'.[19]

How can India's oversight mechanism for state surveillance be clarified?

Though these mechanisms establish a basic framework for an oversight mechanism for state surveillance in India, there are aspects of this framework that could be clarified and there are ways in which the framework could be strengthened.

Aspects of the present review committee that could be clarified:

Powers of the review committee: Beyond having the authority to declare that orders for interception, monitoring, decryption, and collection of traffic data are not within the scope of the law and order for destruction of any collected information – what powers does the review committee have? Does the committee have the power to compel agencies to produce additional or supporting evidence? Does the committee have the power to compel information from the authorizing authority?
Obligations of the review committee: The review committee is required to 'record its findings' as to whether the interception orders issued are in accordance with the law. Is there a standard set of questions/information that must be addressed by the committee when reviewing an order? Does the committee only review the content of the order or do they also review the implementation of the order? Beyond recording its findings, are there any additional reporting obligations that the review committee must fulfill?
Accountability of the review committee: Does the review committee answer to a higher authority? Do they have to submit their findings to other branches of the government – such as Parliament? Is there a mechanism to ensure that the review committee does indeed meet every two months and review all orders issued under the relevant sections of the Indian Telegraph Act 1885 and the Information Technology Act 2008?

Proposed oversight mechanisms in India

Oversight mechanisms can help with avoiding breaches of national security by ensuring efficiency and effectiveness in the functioning of security agencies. The need for the oversight of state surveillance is not new in India. In 1999 the Union Government constituted a Committee with the mandate of reviewing the events leading up to Pakistani aggression in Kargil and to recommend measures towards ensuring national security. Though the Kargil Committee was addressing surveillance from the perspective of gathering information on external forces, there are parellels in the lessons learned for state surveillance. Among other findings, in their Report the Committee found a number of limitations in the system for collection, reporting, collation, and assessment of intelligence. The Committee also found that there was a lack of oversight for the intelligence community in India – resulting in no mechanisms for tasking the agencies, monitoring their performance and overall functioning, and evaluating the quality of the work.

The Committee also noted that such a mechanism is a standard feature in jurisdictions across the world. The Committee emphasized this need from an economic perspective – that without oversight – the Government and the nation has no way of evaluating whether or not they are receiving value for their money. The Committee recommended a review of the intelligence system with the objective of solving such deficiencies.[20]

In 2000 a Group of Ministers was established to review the security and intelligence apparatus of the country. In their report issued to the Prime Minister, the Group of Ministers recommended the establishment of an Intelligence Coordination Group for the purpose of providing oversight of intelligence agencies at the Central level. Specifically the Intelligence Coordination Group would be responsible for:

Allocation of resources to the intelligence agencies
Consideration of annual reviews on the quality of inputs
Approve the annual tasking for intelligence collection
Oversee the functions of intelligence agencies
Examine national estimates and forecasts[21]

Past critiques of the Indian surveillance regime have included the fact that intelligence agencies do not come under the purview of any overseeing mechanism including Parliament, the Right to Information Act 2005, or the General Comptroller of India.

In 2011, Manish Tewari, who at the time was a Member of Parliament from Ludhiana, introduced the Private Member's Bill - “The Intelligence Services (Powers and Regulation) Bill” proposed stand alone statutory regulation of intelligence agencies. In doing so it sought to establish an oversight mechanism for intelligence agencies within and outside of India. The Bill was never introduced into Parliament.[22] Broadly, the Bill sought to establish: a National Intelligence and Security Oversight Committee which would oversee the functionings of intelligence agencies and would submit an annual report to the Prime Minister, a National Intelligence Tribunal for the purpose of investigating complaints against intelligence agencies, an Intelligence Ombudsman for overseeing and ensuring the efficient functioning of agencies, and a legislative framework regulating intelligence agencies.[23]

Proposed policy in India has also explored the possibility of coupling surveillance regulation and oversight with private regulation and oversight. In 2011 the Right to Privacy Bill was drafted by the Department of Personnel and Training. The Bill proposed to establish a “Central Communication Interception Review Committee” for the purposes of reviewing orders for interception issued under the Telegraph Act. The Bill also sought to establish an authorization process for surveillance undertaken by following a person, through CCTV's, or other electronic means.[24] In contrast, the 2012 Report of the Group of Experts on Privacy, which provided recommendations for a privacy framework for India, recommended that the Privacy Commissioner should exercise broad oversight functions with respect to interception/access, audio & video recordings, the use of personal identifiers, and the use of bodily or genetic material.[25]

A 2012 report by the Institute for Defence Studies and Analyses titled “A Case for Intelligence Reforms in India” highlights at least four 'gaps' in intelligence that have resulted in breaches of national security including: zero intelligence, inadequate intelligence, inaccurate intelligence, and excessive intelligence – particularly in light of additional technical inputs and open source inputs.[26] In some cases, an oversight mechanism could help in remediating some of these gaps. Returning to the 2012 IDSA Report, the Report recommends the following steps towards an oversight mechanism for Indian intelligence:

Establishing an Intelligence Coordination Group (ICG) that will exercise oversight functions for the intelligence community at the Central level. This could include overseeing functions of the agencies, quality of work, and finances.
Enacting legislation defining the mandates, functions, and duties of intelligence agencies.
Holding intelligence agencies accountable to the Comptroller & Auditor General to ensure financial accountability.
Establishing a Minister for National Security & Intelligence for exercising administrative authority over intelligence agencies.
Establishing a Parliamentary Accountability Committee for oversight of intelligence agencies through parliament.
Defining the extent to which intelligence agencies can be held accountable to reply to requests pertaining to violations of privacy and other human rights issued under the Right to Information Act.

Highlighting the importance of accountable surveillance frameworks, in 2015 the external affairs ministry director general of India Santosh Jha stated at the UN General Assembly that the global community needs to "to create frameworks so that Internet surveillance practices motivated by security concerns are conducted within a truly transparent and accountable framework.”[27]

In what ways can India's mechanisms for state surveillance be strengthened?

Building upon the recommendations from the Kargil Committee, the Report from the Group of Ministers, the Report of the Group of Experts on Privacy, the Draft Privacy Bill 2011, and the IDSA report, ways in which the framework for oversight of state surveillance in India could be strengthened include:

Oversight to enhance public understanding, debate, accountability, and democratic governance: State surveillance is unique in that it is enabled with the objective of protecting a nations security. Yet, to do so it requires citizens of a nation to trust the actions taken by intelligence agencies and to allow for possible access into their personal lives and possible activities that might infringe on their constitutional rights (such as freedom of expression) for a larger outcome of security. Because of this, oversight mechanisms for state surveillance must balance securing national security while submitting itself to some form of accountability to the public.
Independence of oversight mechanisms: Given the Indian context, it is particularly important that an oversight mechanism for surveillance powers and the intelligence community is capable of addressing and being independent from political interference. Indeed, the majority of cases regarding illegal interceptions that have reached the public sphere pertain to the surveillance of political figures and political turf wars.[28] Furthermore, though the current Review Committee established in the Indian Telegraph Act does not have a member from the Ministry of Home Affairs (the Ministry responsible for authorizing interception requests), it is unclear how independent this committee is from the authorizing Ministry. To ensure non-biased oversight, it is important that oversight mechanisms are independent.
Legislative regulation of intelligence agencies: Currently, intelligence agencies are provided surveillance powers through the Information Technology Act and the Telegraph Act, but beyond the National Intelligence Agency Act which establishes the National Intelligence Agency, there is no legal mechanism creating, regulating and overseeing intelligence agencies using these powers. In the 'surveillance ecosystem' this creates a policy vacuum, where an agency is enabled through law with a surveillance power and provided a procedure to follow, but is not held legally accountable for the effective, ethical, and legal use of the power. To ensure legal accountability of the use of surveillance techniques, it is important that intelligence are created through legislation that includes oversight provisions.
Comprehensive oversight of all intrusive measures: Currently the Review Committee established under the Telegraph Act is responsible for the evaluation of orders for the interception, monitoring, decryption, and collection of traffic data. The Review Committee is not responsible for reviewing the implementation or effectiveness of such orders and is not responsible for reviewing orders for access to stored information or other forms of electronic surveillance. This situation is a result of 1. Present oversight mechanisms not having comprehensive mandates 2. Different laws in India enabling different levels of access and not providing a harmonized oversight mechanism and 3.Indian law not formally addressing and regulating emerging surveillance technologies and techniques. To ensure effectiveness, it is important for oversight mechanisms to be comprehensive in mandate and scope.
Establishment of a tribunal or redress mechanism: India currently does not have a specified means for individuals to seek redress for unlawful surveillance or surveillance that they feel has violated their rights. Thus, individuals must take any complaint to the courts. The downsides of such a system include the fact that the judiciary might not be able to make determinations regarding the violation, the court system in India is overwhelmed and thus due process is slow, and given the sensitive nature of the topic – courts might not have the ability to immediately access relevant documentation. To ensure redress, it is important that a tribunal or a redress mechanism with appropriate powers is established to address complaints or violations pertaining to surveillance.
Annual reporting by security agencies, law enforcement, and service providers: Information regarding orders for surveillance and the implementation of the same is not disclosed by the government or by service providers in India.[29] Indeed, service providers by law are required to maintain the confidentiality of orders for the interception, monitoring, or decryption of communications and monitoring or collection of traffic data. At the minimum, an oversight mechanism should receive annual reports from security agencies, law enforcement, and service providers with respect to the surveillance undertaken. Edited versions of these Reports could be shared with Parliament and the public.
Consistent and mandatory reviews of relevant legislation: Though committees have been established to review various legislation and policy pertaining to state surveillance, the time frame for these reviews is not clearly defined by law. These reviews should take place on a consistent and publicly stated time frame. Furthermore, legislation enabling surveillance in India do not require review and assessment for relevance, adequacy, necessity, and proportionality after a certain period of time. Mandating that legislation regulating surveillance is subject to review on a consistent is important in ensuring that the provisions are relevant, proportionate, adequate, and necessary.
Transparency of classification and declassification process and centralization of de-classified records: Currently, the Ministry of Home Affairs establishes the process that government departments must follow for classifying and de-classifying information. This process is not publicly available and de-classified information is stored only with the respective department. For transparency purposes, it is important that the process for classification of records be made public and the practice of classification of information take place in exceptional cases. Furthermore, de-classified records should be stored centrally and made easily accessible to the public.
Executive and administrative orders regarding establishing of agencies and surveillance projects should be in the public domain: Intelligence agencies and surveillance projects in India are typically enabled through executive orders. For example, NATGRID was established via an executive order, but this order is not publicly available. As a form of transparency and accountability to the public, it is important that if executive orders establish an agency or a surveillance project, these are made available to the public to the extent possible.
Oversight of surveillance should incorporate privacy and cyber/national security: Increasingly issues of surveillance, privacy, and cyber security are interlinked. Any move to establish an oversight mechanism for surveillance and the intelligence committee must incorporate and take into consideration privacy and cyber security. This could mean that an oversight mechanism for surveillance in India works closely with CERT-IN and a potential privacy commissioner or that the oversight mechanism contains internal expertise in these areas to ensure that they are adequately considered.
Oversight by design: Just like the concept of privacy by design promotes the ideal that principles of privacy are built into devices, processes, services, organizations, and regulation from the outset – oversight mechanisms for state surveillance should also be built in from the outset of surveillance projects and enabling legislation. In the past, this has not been the practice in India– the National Intelligence Grid was an intelligence system that sought to link twenty one databases together – making such information easily and readily accessible to security agencies – but the oversight of such a system was never defined.[30] Similarly, the Centralized Monitoring System was conceptualized to automate and internalize the process of intercepting communications by allowing security agencies to intercept communications directly and bypass the service provider.[31] Despite amending the Telecom Licenses to provide for the technical components of this project, oversight of the project or of security agencies directly accessing information has yet to be defined.[32]

Examples of oversight mechanisms for State Surveillance: US, UK, Canada and United States

United States

In the United States the oversight 'ecosystem' for state surveillance is made up of:

The Foreign Intelligence Surveillance Court

The U.S Foreign Intelligence Surveillance Court (FISA) is the predominant oversight mechanism for state surveillance and oversees and authorizes the actions of the Federal Bureau of Investigation and the National Security Agency.[33] The court was established by the enactment of the Foreign Intelligence Surveillance Act 1978 and is governed by Rules of Procedure, the current Rules being formulated in 2010.[34] The Court is empowered to ensure compliance with the orders that it issues and the government is obligated to inform the Court if orders are breached.[35] FISA allows for individuals who receive an order from the Court to challenge the same,[36] and public filings are available on the Court's website.[37] Additionally, organizations, including the American Civil Liberties Union[38] and the Electronic Frontier Foundation, have filed motions with the Court for release of records. [39] Similarly, Google has approached the Court for the ability to publish aggregate information regarding FISA orders that the company recieves.[40]

Government Accountability Office

The U.S Government Accountability Office (GAO) is an independent office that works for Congress and conducts audits, investigates, provides recommendations, and issues legal decisions and opinions with regard to federal government spending of taxpayer's money by the government and associated agencies including the Defence Department, the FBI, and Homeland Security.[41] The head of the GAO is the Comptroller General of the United States and is appointed by the President. The GAO will initiate an investigation if requested by congressional committees or subcommittees or if required under public law or committee reports. The GOA has reviewed topics relating to Homeland Security, Information Security, Justice and Law Enforcement, National Defense, and Telecommunications.[42] For example, in June 2015 the GOA completed an investigation and report on 'Foreign Terrorist Organization Process and U.S Agency Enforcement Actions” [43] and an investigation on “Cyber Security: Recent Data Breaches Illustrate Need for Strong Controls across Federal Agencies”.[44]

Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence

The U.S. Senate Select Committee on Intelligence is a standing committee of the U.S Senate with the mandate to review intelligence activities and programs and ensure that these are inline with the Constitution and other relevant laws. The Committee is also responsible for submitting to Senate appropriate proposals for legislation, and for reporting to Senate on intelligence activities and programs.[45] The House Permanent Select Committee holds similar jurisdiction. The House Permanent Select Committee is committed to secrecy and cannot disclose classified information excepted authorized to do so. Such an obligation does not exist for the Senate Select Committee on Intelligence and the committee can disclose classified information publicly on its own.[46]

Privacy and Civil Liberties Oversight Board (PCLOB)

The Privacy and Civil Liberties Oversight Board was established by the Implementing Recommendations of the 9/11 Commission Act of 2007 and is located within the executive branch.[47] The objective of the PCLOB is to ensure that the Federal Government's actions to combat terrorism are balanced against privacy and civil liberties. Towards this, the Board has the mandate to review and analyse ant-terrorism measures the executive takes and ensure that such actions are balanced with privacy and civil liberties, and to ensure that privacy and civil liberties are liberties are adequately considered in the development and implementation of anti-terrorism laws, regulations and policies.[48] The Board is responsible for developing principles to guide why, whether, when, and how the United States conducts surveillance for authorized purposes. Additionally, officers of eight federal agencies must submit reports to the PCLOB regarding the reviews that they have undertaken, the number and content of the complaints, and a summary of how each complaint was handled. In order to fulfill its mandate, the Board is authorized to access all relevant records, reports, audits, reviews, documents, papers, recommendations, and classified information. The Board may also interview and take statements from necessary personnel. The Board may request the Attorney General to subpoena on the Board's behalf individuals outside of the executive branch.[49]

To the extent possible, the Reports of the Board are made public. Examples of recommendations that the Board has made in the 2015 Report include: End the NSA”s bulk telephone records program, add additional privacy safeguards to the bulk telephone records program, enable the FISC to hear independent views on novel and significant matters, expand opportunities for appellate review of FISC decisions, take advantage of existing opportunities for outside legal and technical input in FISC matters, publicly release new and past FISC and DISCR decisions that involve novel legal, technical, or compliance questions, publicly report on the operation of the FISC Special Advocate Program, Permit Companies to Disclose Information about their receipt of FISA production orders and disclose more detailed statistics on surveillance, inform the PCLOB of FISA activities and provide relevant congressional reports and FISC decisions, begin to develop principles for transparency, disclose the scope of surveillance authorities affecting US Citizens.[50]

The Wiretap Report

The Wiretap Report is an annual compilation of information provided by federal and state officials regarding applications for interception orders of wire, oral, or electronic communications, data address offenses under investigation, types and locations of interception devices, and costs and duration of authorized intercepts.[51] When submitting information for the report a judge will include the name and jurisdiction of the prosecuting official who applied for the order, the criminal offense under investigation, the type of intercept device used, the physical location of the device, and the duration of the intercept. Prosecutors provide information related to the cost of the intercept, the number of days the intercept device was in operation, the number of persons whose communications were intercepted, the number of intercepts, and the number of incriminating intercepts recorded. Results of the interception orders such as arrest, trials, convictions, and the number of motions to suppress evidence are also noted in the prosecutor reports. The Report is submitted to Congress and is legally required under Title III of the Omnibus Crime Control and Safe Streets Act of 1968. The report is issued by the Administrative Office of the United States Courts.[52]

United Kingdom

The Intelligence and Security Committee (ISC) of Parliament

The Intelligence Security Committee was established by the Intelligence Services Act 1994. Members are appointed by the Prime Minster and the Committee reports directly to the same. Additionally, the Committee submits annual reports to Parliament. Towards this, the Committee can take evidence from cabinet ministers, senior officials, and from the public.[53] The most recent report of the Committee is the 2015 “Report on Privacy and Security”.[54] Members of the Committee are subject to the Official Secrets Act 1989 and have access to classified material when carrying out investigations.[55]

Joint Intelligence Committee (JIC)

This Joint Intelligence Committee is located in the Cabinet office and is broadly responsible for overseeing national intelligence organizations and providing advice to the Cabinet on issues related to security, defense, and foreign affairs. The JIC is overseen by the Intelligence and Security Committee.[56]

The Interception of Communications Commissioner

The Interception of Communications Commissioner is appointed by the Prime Minster under the Regulation of Investigatory Powers Act 2000 for the purpose of reviewing surveillance conducted by intelligence agencies, police forces, and other public authorities. Specifically, the Commissioner inspects the interception of communications, the acquisition and disclosure of communications data, the interception of communications in prisons, and the unintentional electronic interception.[57] The Commissioner submits an annual report to the Prime Minister. The Reports of the Commissioner are publicly available.[58]

The Intelligence Services Commissioner

The Intelligence Services Commissioner is an independent body appointed by the Prime Minister that is legally empowered through the Regulation of Investigatory Powers Act (RIPA) 2000. The Commissioner provides independent oversight on the use of surveillance by UK intelligence services.[59] Specifically, the Commissioner is responsible for reviewing authorized interception orders and the actions and performance of the intelligence services.[60] The Commissioner is also responsible for providing assistance to the Investigatory Powers Tribunal, submitting annual reports to the Prime Minister on the discharge of its functions, and advising the Home Office on the need of extending the Terrorism Prevention and Investigation Measures regime.[61] Towards these the Commissioner conducts in-depth audits on the orders for interception to ensure that the surveillance is within the scope of the law, that the surveillance was necessary for a legally established reason, that the surveillance was proportionate, that the information accessed was justified by the privacy invaded, and that the surveillance authorized by the appropriate official. The Commissioner also conducts 'site visits' to ensure that orders are being implemented as per the law.[62] As a note, the Intelligence Services Commissioner does not undertake any subject that is related to the Interception of Communications Commissioner. The Commissioner has access to any information that he feels is necessary to carry out his investigations. The Reports of the Intelligence Service Commissioner are publicly available.[63]

Investigatory Powers Tribunal

The Investigatory Powers Tribunal is a court which investigates complaints of unlawful surveillance by public authorities or intelligence/law enforcement agencies.[64] The Tribunal was established under the Regulation of Investigatory Powers Act 2000 and has a range of oversight functions to ensure that public authorities act and agencies are in compliance with the Human Rights Act 1998.[65] The Tribunal specifically is an avenue of redress for anyone who believes that they have been a victim of unlawful surveillance under RIPA or wider human rights infringements under the Human Rights Act 1998. The Tribunal can provide seven possible outcomes for any application including 'found in favor of complainant, no determination in favour of complainant, frivolous or vexatious, out of time, out of jurisdiction, withdrawn, or no valid complaint.[66] The Tribunal has the authority to receive and consider evidence in any form, even if inadmissible in an ordinary court.[67] Where possible, cases are available on the Tribunal's website. Decisions by the Tribunal cannot be appealed, but can be challenged in the European Court of Human Rights.[68]

Canada

In Canada the oversight 'ecosystem' for state surveillance includes:

Security Intelligence Review Committee

The Security Intelligence Review Committee is an independent body that is accountable to the Parliament of Canada and reports on the Canadian Security Intelligence Service.[69] Members of the Security Intelligence Review Committee are appointed by the Prime Minister of Canada. The committee conducts reviews on a pro-active basis and investigates complaints. Committee members have access to classified information to conduct reviews. The Committee submits an annual report to Parliament and an edited version is publicly available. The 2014 Report was titled “Lifting the Shroud of Secrecy”[70] and includes reviews of the CSIS's activities, reports on complaints and subsequent investigations, and provides recommendations.

Office of the Communications Security Establishment Commissioner

The Communications Security Commissioner conducts independent reviews of Communications Security Establishment (CSE) activities to evaluate if they are within the scope of Canadian law.[71] The Commissioner submits a report to Parliament on an annual basis and has a number of powers including the power to subpoena documents and personnel.[72] If the Commissioner believes that the CSE has not complied with the law – it must report this to the Attorney General of Canada and to the Minister of National Defence. The Commissioner may also receive information from persons bound to secrecy if they deem it to be in the public interest to disclose such information.[73] The Commissioner is also responsible for verifying that the CSE does not surveil Canadians and for promoting measures to protect the privacy of Canadians.[74] When conducting a review, the Commissioner has the ability to examine records, receive briefings, interview relevant personnel, assess the veracity of information, listen to intercepted voice recordings, observe CSE operators and analysts to verify their work, examine CSI electronic tools, systems and databases to ensure compliance with the law.[75]

Office of the Privacy Commissioner

The Office of the Privacy Commissioner of Canada (OPC) oversees the implementation of and compliance with the Privacy Act and the Personal information and Electronic Documents Act.[76]

The OPC is an independent body that has the authority to investigate complaints regarding the handling of personal information by government and private companies, but can only comment on the activities of security and intelligence agencies. For example, in 2014 the OPC issued the report “Checks and Controls: Reinforcing Privacy Protection and Oversight for the Canadian Intelligence Community in an Era of Cyber Surveillance”[77] The OPC can also provide testimony to Parliament and other government bodies.[78] For example, the OPC has made appearances before the Senate Standing Committee of National Security and Defense on Bill C-51.[79] The OPC cannot conduct joint audits or investigations with other bodies.[80]

Annual Interception Reports

Under the Criminal Code of Canada, regional governments must issue annual interception reports. The reports must include number of individuals affected by interceptions, average duration of the interception, type of crimes investigated, numbers of cases brought to court, and number of individuals notified that interception had taken place.[81]

Conclusion

The presence of multiple and robust oversight mechanisms for state surveillance does not necessarily correlate to effective oversight. The oversight mechanisms in the UK, Canada, and the U.S have been criticised. For example, Canada . For example, the Canadian regime has been characterized as becoming weaker it has removed one of its key over sight mechanisms – the Inspector General of the Canadian Security Intelligence Service which was responsible for certifying that the Service was in compliance with law.[82]

Other weaknesses in the Canadian regime that have been highlighted include the fact that different oversight bodies do not have the authority to share information with each other, and transparency reports do not include many new forms of surveillance.[83] Oversight mechanisms in the U.S on the other hand have been criticized as being opaque[84] or as lacking the needed political support to be effective.[85] The UK oversight mechanism has been criticized for not having judicial authorization of surveillance requests, have opaque laws, and for not having a strong right of redress for affected individuals.[86] These critiques demonstrate that there are a number of factors that must come together for an oversight mechanism to be effective. Public transparency and accountability to decision making bodies such as Parliament or Congress can ensure effectiveness of oversight mechanisms, and are steps towards providing the public with means to debate in an informed manner issues related to state surveillance and allows different bodies within the government the ability to hold the state accountable for its actions.

.[1]. For example, “Public Oversight” is one of the thirteen Necessary and Proportionate principles on state communications surveillance developed by civil society and academia globally, that should be incorporated by states into communication surveillance regimes. The principles can be accessed here: https://en.necessaryandproportionate.org/

[2]. Hans Born and Ian Leigh, “Making Intelligence Accountable. Legal Standards and Best Practice for Oversight of Intelligence Agencies.” Pg. 13. 2005. Available at: http://www.prsindia.org/theprsblog/wp-content/uploads/2010/07/making-intelligence.pdf. Last accessed: August 6, 2015.

[3]. For example, this point was made in the context of the UK. For more information see: Nick Clegg, 'Edward Snowden's revelations made it clear: security oversight must be fit for the internet age,”. The Guardian. March 3rd 2014. Available at: http://www.theguardian.com/commentisfree/2014/mar/03/nick-clegg-snowden-security-oversight-internet-age. Accessed: July 27, 2015.

[4]. International Principles on the Application of Human Rights to Communications Surveillance. Available at: https://en.necessaryandproportionate.org/

[5]. Sub Rules (16) and (17) of Rule 419A, Indian Telegraph Rules, 1951. Available at:http://www.dot.gov.in/sites/default/files/march2007.pdf Note: This review committee is responsible for overseeing interception orders issued under the Indian Telegraph Act and the Information Technology Act.

[6]. Information Technology Procedure and Safeguards for Interception, Monitoring, and Decryption of Information Rules 2009. Definition q. Available at: http://dispur.nic.in/itact/it-procedure-interception-monitoring-decryption-rules-2009.pdf

[7]. Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information Rules, 2009). Definition (n). Available at: http://cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009

[8]. This authority is responsible for authorizing interception requests issued under the Indian Telegraph Act and the Information Technology Act. Section 2, Indian Telegraph Act 1885 and Section 4, Information Technology Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules, 2009

[9]. This authority is responsible for authorizing interception requests issued under the Indian Telegraph Act and the Information Technology Act. Section 2, Indian Telegraph Act 1885 and Section 4, Information Technology Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules, 2009

[10]. Definition (d) and section 3 of the Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information Rules, 2009). Available at: http://cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009

[11]. Rule 1, of the 419A Rules, Indian Telegraph Act 1885. Available at:http://www.dot.gov.in/sites/default/files/march2007.pdf This authority is responsible for authorizing interception requests issued under the Indian Telegraph Act and the Information Technology Act.

[12]. Section 92, CrPc. Available at: http://www.icf.indianrailways.gov.in/uploads/files/CrPC.pdf

[13]. Press Information Bureau GOI. Reconstitution of Cabinet Committees. June 19th 2014. Available at: http://pib.nic.in/newsite/PrintRelease.aspx?relid=105747. Accessed August 6, 2015.

[14]. Press Information Bureau, Government of India. Home minister proposes radical restructuring of security architecture. Available at: http://www.pib.nic.in/newsite/erelease.aspx?relid=56395. Accessed August 6, 2015.

[15]. Section 24 read with Schedule II of the Right to Information Act 2005. Available at: http://rti.gov.in/rti-act.pdf

[16]. Section 8 of the Right to Information Act 2005. Available at: http://rti.gov.in/rti-act.pdf

[17]. Abhimanyu Ghosh. “Open Government and the Right to Information”. Legal Services India. Available at: http://www.legalservicesindia.com/articles/og.htm. Accessed: August 8, 2015

[18]. Public Record Rules 1997. Section 2. Definition c. Available at: http://nationalarchives.nic.in/writereaddata/html_en_files/html/public_records97.html. Accessed: August 8, 2015

[19]. Times of India. Classified information is reviewed after 25-30 years. April 13th 2015. Available at: http://timesofindia.indiatimes.com/india/Classified-information-is-reviewed-after-25-30-years/articleshow/46901878.cms. Accessed: August 8, 2015.

[20]. Government of India. Ministry of Home Affairs. Lok Sabha Starred Question No 557. Available at: http://mha1.nic.in/par2013/par2015-pdfs/ls-050515/557.pdf.

[21]. The Kargil Committee report Executive Summanry. Available at: http://fas.org/news/india/2000/25indi1.htm. Accessed: August 6, 2015.

[22]. PIB Releases. Group of Ministers Report on Reforming the National Security System”. Available at: http://pib.nic.in/archieve/lreleng/lyr2001/rmay2001/23052001/r2305200110.html. Last accessed: August 6, 2015

[23]. The Observer Research Foundation. “Manish Tewari introduces Bill on Intelligence Agencies Reform. August 5th 2011. Available at: http://www.observerindia.com/cms/sites/orfonline/modules/report/ReportDetail.html?cmaid=25156&mmacmaid=20327. Last accessed: August 6, 2015.

[24]. The Intelligence Services (Powers and Regulation) Bill, 2011. Available at: http://www.observerindia.com/cms/export/orfonline/documents/Int_Bill.pdf. Accessed: August 6, 2015.

[25]. The Privacy Bill 2011. Available at: https://bourgeoisinspirations.files.wordpress.com/2010/03/draft_right-to-privacy.pdf

[26]. The Report of Group of Experts on Privacy. Available at: http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf

[27]. Institute for Defence Studies and Analyses. “A Case for Intelligence Reforms in India”. Available at: http://www.idsa.in/book/AcaseforIntelligenceReformsinIndia.html. Accessed: August 6, 2015.

[28]. India Calls for Transparency in internet Surveillance. NDTV. July 3rd 2015. Available at: http://gadgets.ndtv.com/internet/news/india-calls-for-transparency-in-internet-surveillance-710945. Accessed: July 6, 2015.

[29]. Lovisha Aggarwal. “Analysis of News Items and Cases on Surveillance and Digital Evidence in India”. Available at: http://cis-india.org/internet-governance/blog/analysis-of-news-items-and-cases-on-surveillance-and-digital-evidence-in-india.pdf

[30]. Rule 25 (4) of the Information Technology (Procedures and Safeguards for the Interception, Monitoring, and Decryption of Information Rules) 2011. Available at: http://dispur.nic.in/itact/it-procedure-interception-monitoring-decryption-rules-2009.pdf

[31]. Ministry of Home Affairs, GOI. National Intelligence Grid. Available at: http://www.davp.nic.in/WriteReadData/ADS/eng_19138_1_1314b.pdf. Last accessed: August 6, 2015

[32]. Press Information Bureau, Government of India. Centralised System to Monitor Communications Rajya Sabha. Available at: http://pib.nic.in/newsite/erelease.aspx?relid=54679. Last accessed: August 6, 2015.

[33]. Department of Telecommunications. Amendemnt to the UAS License agreement regarding Central Monitoring System. June 2013. Available at: http://cis-india.org/internet-governance/blog/uas-license-agreement-amendment

[34]. United States Foreign Intelligence Surveillance Court. July 29th 2013. Available at: http://www.fisc.uscourts.gov/sites/default/files/Leahy.pdf. Last accessed: August 8, 2015

[35]. United States Foreign Intelligence Surveillance Court. Rules of Procedure 2010. Available at: http://www.fisc.uscourts.gov/sites/default/files/FISC%20Rules%20of%20Procedure.pdf

[36]. United States Foreign Intelligence Court. Honorable Patrick J. Leahy. 2013. Available at: http://www.fisc.uscourts.gov/sites/default/files/Leahy.pdf

[37]. United States Foreign Intelligence Surveillance Court. July 29th 2013. Available at: http://www.fisc.uscourts.gov/sites/default/files/Leahy.pdf. Last accessed: August 8, 2015

[38]. Public Filings – U.S Foreign Intelligence Surveillance Court. Available at: http://www.fisc.uscourts.gov/public-filings

[39]. ACLU. FISC Public Access Motion – ACLU Motion for Release of Court Records Interpreting Section 215 of the Patriot Act. Available at: https://www.aclu.org/legal-document/fisc-public-access-motion-aclu-motion-release-court-records-interpreting-section-215

[40]. United States Foreign Intelligence Surveillance Court Washington DC. In Re motion for consent to disclosure of court records or, in the alternative a determination of the effect of the Court's rules on statutory access rights. Available at: https://www.eff.org/files/filenode/misc-13-01-opinion-order.pdf

[41]. Google Official Blog. Shedding some light on Foreign Intelligence Surveillance Act (FISA) requests. February 3rd 2014. Available at: http://googleblog.blogspot.in/2014/02/shedding-some-light-on-foreign.html

[42]. U.S Government Accountability Office. Available at: http://www.gao.gov/key_issues/overview#t=1. Last accessed: August 8, 2015.

[43]. Report to Congressional Requesters. Combating Terrorism: Foreign Terrorist Organization Designation Proces and U.S Agency Enforcement Actions. Available at: http://www.gao.gov/assets/680/671028.pdf. Accessed: August 8, 2015

[44]. United States Government Accountability Office. Cybersecurity: Recent Data Breaches Illustrate Need for Strong Controls across Federal Agencies. Available: http://www.gao.gov/assets/680/670935.pdf. Last accessed: August 6, 2015.

[45]. Committee Legislation. Available at: http://ballotpedia.org/United_States_Senate_Committee_on_Intelligence_(Select)#Committee_legislation

[46]. Congressional Research Service. Congressional Oversight of Intelligence: Current Structure and Alternatives. May 14th 2012. Available at: https://fas.org/sgp/crs/intel/RL32525.pdf. Last Accessed: August 8, 2015

[47]. The Privacy and Civil Liberties Oversight Board: About the Board. Available at: https://www.pclob.gov/aboutus.html

[48]. The Privacy and Civil Liberties Oversight Board: About the Board. Available at: https://www.pclob.gov/aboutus.html

[49]. Congressional Research Service. Congressional Oversight of Intelligence: Current Structure and Alternatives. May 14th 2012. Available at: https://fas.org/sgp/crs/intel/RL32525.pdf. Last Accessed: August 8th 2015

[50]. United States Courts. Wiretap Reports. Available at: http://www.uscourts.gov/statistics-reports/analysisreports/wiretap-reports

[51]. United States Courts. Wiretap Reports. Available at: http://www.uscourts.gov/statisticsreports/
analysis-reports/wiretap-reports/faqs-wiretap-reports#faq-What-information-does-the-AO-receive-from-prosecutors?. Last Accessed: August 8th 2015

[52]. Intelligence and Security Committee of Parliament. Transcripts and Public Evidence. Available at: http://isc.independent.gov.uk/public-evidence. Last accessed: August 8th 2015.

[53]. Intelligence and Security Committee of Parliament. Special Reports. Available at http://isc.independent.gov.uk/committee-reports/special-reports. Last accessed: August 8th 2015.

[54]. Hugh Segal. The U.K. has legislative oversight of surveillance. Why not Canada. The Globe and Mail. June 12th 2013. Available at: http://www.theglobeandmail.com/globe-debate/uk-haslegislative-oversight-of-surveillance-why-not-canada/article12489071/. Last accessed: August 8th 2015

[55]. The Joint Intelligence Committee home page. For more information see: https://www.gov.uk/government/organisations/national-security/groups/joint-intelligence-committee

[56]. Interception of Communications Commissioner's Office. RIPA. Available at: http://www.iocco-uk.info/sections.asp?sectionID=2&type=top. Last accessed: August 8th 2015

[57]. Interception of Communications Commissioner's Office. Reports. Available at: http://www.iocco-uk.info/sections.asp?sectionID=1&type=top. Last accessed: August 8th 2015

[58]. The Intelligence Services Commissioner's Office Homepage. For more information see: http://intelligencecommissioner.com/

[59]. The Intelligence Services Commissioner's Office – The Commissioner's Statutory Functions. Available at: http://intelligencecommissioner.com/content.asp?id=4

[60]. The Intelligence Services Commissioner's Office – The Commissioner's Statutory Functions. Available at: http://intelligencecommissioner.com/content.asp?id=4

[61]. The Intelligence Services Commissioner's Office. What we do. Available at: http://intelligencecommissioner.com/content.asp?id=5. Last Accessed: August 8th 2015.

[62]. The Intelligence Services Commissioner's Office. Intelligence Services Commissioner's Annual Reports. Available at: http://intelligencecommissioner.com/content.asp?id=19. Last
accessed: August 8th 2015

[63]. The Investigatory Powers Tribunal Homepage. Available at: http://www.ipt-uk.com/

[64]. The Investigatory Powers Tribunal – Functions – Key role. Available at: http://www.ipt-uk.com/section.aspx?pageid=1

[65]. Investigatory Powers Tribunal. Functions – Decisions available to the Tribunal. Available at: http://www.ipt-uk.com/section.aspx?pageid=4. Last accessed: August 8th 2015

[66]. Investigator Powers Tribunal. Operation - Available at: http://www.ipt-uk.com/section.aspx?pageid=7

[67]. Investigatory Powers Tribunal. Operation- Differences to the ordinary court system. Available at: http://www.ipt-uk.com/section.aspx?pageid=7. Last accessed: August 8th 2015

[68]. Security Intelligence Review Committee – Homepage. Available at: http://www.sirc-csars.gc.ca/index-eng.html

[69]. SIRC Annual Report 2013-2014: Lifting the Shroud of Secrecy. Available at: http://www.sirccsars. gc.ca/anrran/2013-2014/index-eng.html. Last accessed: August 6th 2015.

[70]. The Office of the Communications Security Establishment – Homepage. Available at: http://www.ocsecbccst.gc.ca/index_e.php

[71]. The Office of the Communications Security Establishment – Homepage. Available at: http://www.ocsecbccst.gc.ca/index_e.php

[72]. The Office of the Communications Security Establishment – Mandate. Available at: http://www.ocsecbccst.gc.ca/mandate/index_e.php

[73]. The Office of the Communications Security Establishment – Functions. Available at: http://www.ocsecbccst.gc.ca/functions/review_e.php

[74]. The Office of the Communications Security Establishment – Functions. Available at: http://www.ocsecbccst.gc.ca/functions/review_e.php

[75]. Office of the Privacy Commissioner of Canada. Homepage. Available at: https://www.priv.gc.ca/index_e.ASP

[76]. Office of the Privacy Commissioner of Canada. Reports and Publications. Special Report to Parliament “Checks and Controls: Reinforcing Privacy Protection and Oversight for the Canadian Intelligence Community in an Era of Cyber-Surveillance. January 28th 2014. Available at: https://www.priv.gc.ca/information/srrs/201314/sr_cic_e.asp

[77]. Office of the Privacy Commissioner of Canada. Available at: https://www.priv.gc.ca/index_e.asp. Last accessed: August 6th 2015.

[78]. Office of the Privacy Commissioner of Canada. Appearance before the Senate Standing Commitee National Security and Defence on Bill C-51, the Anti-Terrorism Act, 2015. Available at: https://www.priv.gc.ca/parl/2015/parl_20150423_e.asp. Last accessed: August 6th 2015.

[79]. Office of the Privacy Commissioner of Canada. Special Report to Parliament. January 8th 2014. Available at: https://www.priv.gc.ca/information/sr-rs/201314/sr_cic_e.asp. Last accessed: August 6th 2015.

[80]. Telecom Transparency Project. The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians. Available at: http://www.telecomtransparency.org/wp-content/uploads/2015/05/Governance-of-Telecommunications-Surveillance-Final.pdf. Last accessed: August 6th 2015.

[81]. Patrick Baud. The Elimination of the Inspector General of the Canadian Security Intelligence Serive. May 2013. Ryerson University. Available at; http://www.academia.edu/4731993/The_Elimination_of_the_Inspector_General_of_the_Canadian_Security_Intelligence_Service

[82]. Telecom Transparency Project. The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians. Available at: http://www.telecomtransparency.org/wp-content/uploads/2015/05/Governance-of-Telecommunications-Surveillance-Final.pdf. Last accessed: August 6th 2015.

[83]. Glenn Greenwald. Fisa court oversight: a look inside a secret and empty process. The Guardian. June 19th 2013. Available at: http://www.theguardian.com/commentisfree/2013/jun/19/fisa-court-oversight-process-secrecy, Nadia Kayyali. Privacy and Civil Liberties Oversight Board to NSA: Why is Bulk Collection of Telelphone Records Still Happening? February 2105. Available at :https://www.eff.org/deeplinks/2015/02/privacy-and-civil-liberties-oversight-board-nsa-whybulk-collection-telephone. Last accessed: August 8th 2015.

[84]. Scott Shance. The Troubled Life of the Privacy and Civil Liberties Oversight Board. August 9th 2012. The Caucus. Available at: http://thecaucus.blogs.nytimes.com/2012/08/09/thetroubled-life-of-the-privacy-and-civil-liberties-oversight-board/?_r=0. Last accessed: August 8th 2015

[85]. The Open Rights Group. Don't Spy on Us. Reforming Surveillance in the UK. September 2014. Available at: https://www.openrightsgroup.org/assets/files/pdfs/reports/DSOU_Reforming_surveillance_old.pdf

[86].

For more details visit https://cis-india.org/internet-governance/blog/policy-brief-oversight-mechanisms-for-surveillance

Policy Brief: Availability and Accessibility of Government Information in the Public Domain

praskrishna — 2014-12-15T12:31:01Z

For more details visit https://cis-india.org/accessibility/blog/policy-brief-availability-accessibility-govt-information-public-domain.pdf

Policies to Sustain India's Market

Shyam Ponappa — 2017-05-20T03:06:30Z

The question is whether policies can be better framed to harness the market potential. Why is so much investment flowing into India's securities markets?

The article published in the Business Standard on May 3, 2017 was also mirrored on Organizing India Blogspot on May 4, 2017.

Probably because of (a) India’s market size and (b) growth, despite all its inconsistencies and difficulties. Are higher price-earnings multiples desirable? Yes if they are sustained, because more capital is available for equivalent productivity; otherwise, no. The question is whether policies can be better framed to harness the market potential.

India’s large market with its headroom for prosperity seems propelled partly by its own momentum, and its stocks partly by liquidity. The net investment in mutual funds in 2016-17 of Rs 3.43 lakh crore was reportedly double the previous year, the highest in the last decade. Domestic investment in pure equity funds in the last two years exceeded foreign portfolio investment (FPI), because of lower FPI and higher domestic investment. Retail investors grew in the last three years from 28.6 million to 39.3 million. Other positive factors were a government with a strong mandate and falling oil prices.

Now, reasonable earnings from some large companies and rising global markets augur well, although earnings must improve broadly and a number of caveats remain. These relate to non-performing assets/loans (NPAs/NPLs), structural problems in sectors such as iron and steel, construction, power, telecom, transport, agriculture, continuing deficiencies in infrastructure and institutions, and in productivity. There are social pressures from divisive electioneering, a disturbing rise of exclusionary tendencies echoed globally, and government overreach. There are also self-induced crises because of inappropriate policies, as in telecom, unviable situations created by populism, or by judicial orders, as seen in telecom, coal and power. There could also be failure to improve productivity (by a third to 9 per cent, as during the growth years), or adverse external developments.

The room for improvement is epitomised by low per capita productivity. According to Bloomberg, the International Labour Organization’s output per worker for India in 2017 is 20 times lower than for Germany. Yet, expectations run high for India in reports from sources such as Euromonitor, the International Monetary Fund, London’s Centre for Economic and Business Research (CEBR), and PricewaterhouseCoopers (PwC). Euromonitor predicts India’s consumer market will be the third largest by 2030, ahead of Japan and Germany. Growth will be for products such as smartphones, automobiles, and durables such as TV sets, refrigerators and air conditioners. For instance, India is the third largest market for smartphones after China and the US. In automobiles, India is the fifth largest market with over 3.3 million cars sold in 2016 and continues to attract global manufacturers.

However, Euromonitor cautions against rising inequality with the Gini index rising from 39.9 per cent in 2011 to 41.6 per cent in 2016 and estimated at 43.4 per cent by 2030. The CEBR estimates that by 2028, India’s gross domestic product will be the third largest after China and the US. PwC forecasts that in 2050, India will be the second largest economy (in purchasing power parity) after China, the US being third and Indonesia fourth, with a caveat: “Emerging economies need to enhance their institutions and their infrastructure significantly if they are to realise their long-term growth potential.”

Can our policies better contribute to realising this market potential? Consider the options. One approach is open exploitation, unmindful of whether the ownership and distribution of profits is domestic or foreign. Prices are determined solely by supply and demand, without government regulation or any other authority. Another extreme is that the government decides everything, which has been seen to fail. A third option is a mix, with open-market principles in areas that can sustain them, such as in consumer goods, tempered with appropriate regulation, e.g., against harmful substances. Ideally, policies should be for the long-term common good with sustainable levels of equitable access. Regulation is essential where network economics apply with few players, as in electricity and communications. Our mix is not ideal because realpolitik and populism overwhelm the need for deep understanding followed by the objective and convergent deliberation needed to frame beneficial policies (through sound institutions, also lacking).

Our policies are often indifferent to where ownership lies, and sometimes, this is a problem. For example, heavy industries or electronics majors abroad often have government backing. Indian enterprises start with a disadvantage, because of restricted access to capital, and at higher cost. Another aspect is when the ownership of major local corporates with privileged access to markets changes to being majority foreign-owned, because the profits are sent abroad. Yet another is that we do not have ecosystems for manufacturing start-ups through commercialisation and scaling up, in terms of financing, production and procurement. Attention seems confined to early-stage start-ups or to small-and-medium enterprises, with no ecosystem to see them through to establishing scale, comparable, for instance, to the building up of Huawei through consistent procurement.

Our greatest deficiency, however, remains lack of good infrastructure. Correcting this requires a long view, capital, slow payback and long lead times for results, usually beyond election cycles. Easily sidelined for populist measures for immediate gains, this area needs concerted, bipartisan, societal convergence. A case in point is telecom and broadband, where spectrum auctions loom again, even as operators struggle with low revenues and high debt from previous auctions. Another is the recent Supreme Court ruling against compensatory tariffs for two ultra-mega power projects at Mundra, of 4,000 Megawatt (Mw) (Tata) and 4,620 Mw (Adani), based on whether a “change in law” applies only to Indian laws. If the tariffs were upheld, five buyer states would get a lower than average price paid, substantially below the current market price. If these projects become unviable, they will add to the deadweight of NPAs. The banks they owe will also suffer, and there will be the opportunity cost of benefits foregone from the lower-priced electricity.

There may be a case for prioritising infrastructure, beginning with defining our objectives and then framing policies to achieve them. For power projects, it’s reasonably priced electricity; for telecom, it’s reasonably priced services. Until these are made possible through appropriate policies, there’s little likelihood of realising our full potential.

For more details visit https://cis-india.org/telecom/blog/business-standard-may-3-2017-shyam-ponappa-policies-to-sustain-indias-market

Poesis in the Information Age: Language and its Limit[ation]s

praskrishna — 2015-01-26T13:57:34Z

Alec Schachner, an independent scholar, translator, multi-genre musician and sound artist will give a talk on the limits/limitations of languages at the Centre for Internet & Society's office on January 30, 2015 at 5 p.m.

The Talk

An examination of the limits/limitations of language(s) through the lens of contemporary Vietnamese poetics and print culture, aiming to open a deeper dialogue on the nature of self/state expression and censorship in the age of internet connectivity.

Alec Schachner

Alec graduated from Columbia College with a degree in Sociocultural Anthropology, English & Comparative Literature, Creative Writing and Music Theory/Composition. Alec currently resides in Vietnam, where he has served as lecturer on literature for 5 years with the Faculty of English Linguistics and Literature at the Vietnam National University of Social Sciences and Humanities HCMC. He is working on English translations of several anthologies of Vietnamese poetry, one of which - the purification festival in April - just went to print across VN earlier this month. He is also pursuing research into contemporary Saigonese print culture and the social/cyber mileus surrounding literary circles/movements in the post-Socialist cultural sphere.

For more details visit https://cis-india.org/a2k/events/poesis-in-the-information-age

PMA Policy and COAI Recommendations

dipankar — 2014-07-02T06:45:22Z

Introduction

The Ministry of Communications and Information Technology on the 10th of February, 2012 released a notification [1] in the Official Gazette outlining the Preferential Market Access [2] Policy for Domestically Manufactured Electronic Goods 2012. The Policy is applicable to procurement of telecom products by Government Ministries/Departments and to such electronics that had been deemed to having security concerns, thus making the policy applicable to private bodies in the latter half. The Notification reasoned that preferential access was to be given to domestically manufactured electronic goods predominantly for security reasons. Each Ministry or Department was to notify the products that had security implications, with reasons, after which the notified agencies would be required to procure the same from domestic manufacturers. This policy was also meant to be applicable to even procurement of electronic goods by Government Ministries/Agencies for Governmental purposes except Defence. Each Ministry would be required to notify its own percentage of such procurement, though it could not be less than 30%, and also had to specify the Value Addition that had to be made to a particular product to qualify it as a domestically manufactured product, with the policy again specifying the minimum standards. The policy was also meant for procurement of electronic hardware as a service from Managed Service Providers (MSPs).

The procurement was to be done as according to the policies of the each procuring agency. The tender was to be apportioned according to the procurement percentage notified and the preference part was to be allotted to the domestic manufacturer at the lowest bid price. If there were no bidders who were domestic manufacturers or if the tender was not severable, then it was to be awarded to the Foreign Manufacturer and the percentage adjusted as against other electronic procurement for that period.

Telecom equipment that qualifies as domestically manufactured telecom products for preferential market access include: encryption and UTM platforms, Core/Edge/Enterprise routers, Managed leased line network equipment, Ethernet Switches, IP based Soft Switches, Media gateways, Wireless/Wireline PABXs, CPE, 2G/3G Modems, Leased-line Modems, Set Top Boxes, SDH/Carrier Ethernet/Packet Optical Transport Eqiupments, DWDN systems, GPON equipments, Digital Cross connects, small size 2G/3G GSM based Base Station Systems, LTE based broadband wireless access systems, Wi-Fi based broadband wireless access systems, microwave radio systems, software defined radio cognitive radio systems, repeaters, IBS, and distributed antenna system, satellite based systems, copper access systems, network management systems, security and surveillance communication systems (video and sensors based), optical fiber cable.

The Policy also mentioned the creation of a self-certification system to declare domestic value addition to the vendor. The checks would be done by the laboratories accredited by the Department of Information Technology. The policy was to be in force for a period of 10 years and any dispute concerning the nature of product was to be referred to the Department of Information Technology.

International and Domestic Response to the Policy

There was a large scale opposition, usually from international sectors, towards the mooting of this policy. Besides business houses, even organizations like those of the United States Trades Representatives criticized the policy as being harmful to the global market and in violation of the World Trade Organization Guidelines.[3] Criticism also poured in from domestic bodies in terms of recommendations towards modification of the policy largely on three grounds: (i) the high domestic value addition requirement and the method of calculation of the same, (ii) the lack of a link between manufacturing and security and (iii) application of the policy to the private sector.

The Cellular Operations Association of India (COAI) in a letter dated March 15, 2012 to the Secretary of the Department Technology and Chairman of the Telecom Commission expressed its views on the telecom manufacturing in the country.[4]The COAI stated that such a development had to be done realistically and holistically so that the whole eco-system was developed as a comprehensive whole. In that regard it also forwarded a study that had been commissioned by COAI and conducted by M/s. Booz and Company titled “Telecom Manufacturing Policy – Developing an Actionable Roadmap”. The report was a comprehensive study of the telecom industry and outlined the challenges and opportunities that lay on its development trajectory. It also talked about Government involvement in the development process. The Report while citing the market share of Indian Telecom Industry which would be around 3% [5] of the Global Market highlighted the fact that no country could be self-sufficient in technology. It further talked about the development of local clusters in order to cut costs and encourage manufacturing, while ensuring that the PMA Policy was consistent with the WTO Guidelines. It further recommended opening up of foreign investments and making capital available to ensure growth of innovation. Finally it highlighted the lack of a connection between manufacturing and security and instead stressed upon proper certification, checks and development of a comprehensive CIIP framework across all sensitive networks for security purposes.

In a further letter to the Joint Secretary of the Department of Information and Technology dated April 25, 2012 the COAI expressed some reservations concerning the draft guidelines that had been published along with the notification.[6] While stressing upon the fact that a higher value addition would be impossible with the lack of basic manufacturing capabilities for the development of technological units, it also highlighted the need to redefine Bill of Materials which had been left ambiguous and subject to exploitation. It further highlighted the fact that allowing every Ministry to make its own specifications would lead to inconsistent definitions and an administrative challenge and hence such matters should be handled by a Central Body. Furthermore it opined that the calculation of BOMs and the Value Additions should be done using the concept of substantial transformation as has been given in the Booz Study. Furthermore, while discouraging the use of disincentives, it stated that one individual Ministry should be in charge of specifying such incentives to avoid confusion and for the sake of ease of business.

In another letter to a Member of the Department of Telecommunications dated July 12, 2012 the COAI stressed upon the futility of having high value additions as the same was impossible under the present scenario.[7] There was a lack of manufacturing sector which had to be comprehensively developed backed by fiscal incentives and comprehensive policies. In spite of that, it stressed that no country could become self-reliant and that such policies, like the PMA, were reminiscent of the “license and permit raj” era. It further said that such policies should be consistent with WTO Guidelines and should not give undue preference to domestic manufacturers to the detriment of other manufacturers. Countering the security aspect, it said that the same had been addressed by the DoT License Amendment of May 31, 2011 whereby all equipments on the network would have to comply with the “Safe to Connect” standard, and stressed upon the lack of any link between manufacturing and security. Furthermore for calculation of Value Addition it suggested an alternative to the method proposed by the Government as the same would lead to disclosures of sensitive commercial information which were contained in the BOMs. The COAI said that the three stages as laid out in the Substantial Transformation (as mentioned in the Booz Study) should be used for calculating the VA. It made several proposals to develop the telecom manufacturing industry in India including provision of fiscal incentives, development of telecom clusters and comprehensive policies which led to harmonization with laws and creation of SEZs among other such benefits.

In October 2012 the Government released a draft notification notifying products due to security consideration in furtherance of the PMA Policy.[8] The document outlined the minimum PMA and VA specification for a range of products. It also stated several security reasons for pursuing such a policy and stated that India had to be completely self-reliant for its active telecom products. It also contained data on the predicted growth of the telecom market in India. The COAI thereafter released a document commenting upon the draft notification of the Government.[9]

Besides highlighting the fact that the COAI still had not received a response to its former comments, it again stressed upon the lack of a link between security and manufacturing. It reiterated its point on the impossibility of a complete self-reliance on any nation’s part, and stressed upon the need of involving other stakeholders in the promulgation of such policies. It also made changes to the notified list of equipments, reclassifying it according to technology and only listing equipments which had volumes. Furthermore it also suggested changes towards the calculation of value addition to include materials sourced from local suppliers, in-house assemblage to be considered local material and the calculation to be done for complete order and not for each item in the order. It further recommended a study be conducted and the industry be involved while predicting demands as such were dated and needed revision. The Government thereafter released a revised notification[10] on October 5, 2012 but it did not contain much of the commented changes that the COAI had proposed.

Thereafter in April 2013, the DeitY released draft guidelines[11] for providing preference to domestically manufactured electronic products in Government Procurement in further of the second part of the PMA Policy. The guidelines besides containing definitions to several terms such as BOM also prescribed a minimum of 20% domestic procurement while leaving the specifications onto individual Ministries. It recommended the establishment of a technical committee by the concerned Ministry or Department that would recommend value addition to products. It followed a BOM based calculation of Value Addition while leaving the matter of certification to be dealt by DeitY certified laboratories that are notified for such purposes by the concerned Ministry/Department. DeitY was the nodal ministry for monitoring the implementation of the policy while particular monitoring was left to each Ministry or Department concerned. Among the annexures were indicative lists of generic and telecom products and a format for Self Certification regarding Domestic Value Addition in an Electronic Product.

The COAI thereafter released a revised draft containing its own comments on April 15, 2013.[12] The COAI pointed out faults in the definition of BOM. It highlighted the difficulty in splitting R&D according to countries, and also stressed upon the impractical usage of BOM in calculation of value addition as the same was confidential business information. As it had already suggested earlier, it reiterated the usage of the Substantial Transformation process for the calculation of Value Addition. While removing the lists of equipments mentioned, it further pointed out that the disqualification in the format for self-certification would be a very harsh disincentive and would result in driving away manufacturers. It suggested that there should be incentives for compliance instead.

The COAI along with the Association of Unified Telecom Service Providers of India sent a letter dated January 24, 2013 to the Secretary, DoT containing their inputs on Draft List of Security Sensitive Telecom Products for Preferential Market Access (PMA).[13] It again stressed upon the fact that security and manufacturing were not related and that the security aspect had been dealt by the “Safe to Connect” requirement mandated by the DoT License Amendment. It talked of the impossibility of arriving at VA figures until the same is defined to internationally accepted norms. Further it opined that if the Government had security concerns it should consider VA at a network level in the configurations as would be deployed in the network or its segments rather at element or subsystem levels as the latter would leave too many calculations open and the procurement entities will find it very difficult to ensure if they meet the PMA requirement or not. It further stressed upon the need to comply with WTO Guidelines while stressing upon the need to pay heed to certification standards than pursue the unavailable link between manufacturing and security through a PMA Policy. Finally it suggested a grouping of telecom products for the policy based on technology rather than individual products.

Pursuant to a Round Table Conference Organized by the Department of Information and Technology, AUSPI and COAI sent another letter dated April 15, 2013 to the Secretary, Department of Information and Technology.[14] It reiterated several points that both the AUSPI and COAI had been suggesting to the Government on the Telecom Manufacturing Policy. It cited the examples of other manufacturing nations to reiterate the fact that no country could be completely self-reliant in manufacturing electronics and such positions would only lead to creation of an environment that would not be conducive to global business. It further stressed upon the need to change the manner of calculation of VA while highlighting the fact that every Department should notify its list of products having security implications and the list of telecom equipment should be deleted from the draft guidelines being issued by DeitY to ensure better implementation.

A major change came in on July 8, 2013 when the Prime Minister’s Office made a press release withdrawing the PMA policy for review and withholding all the notifications that had been issued in that regard.[15] It said that he revised proposal will incorporate a detailed provision for project / product / sector specific security standards, alternative modes of security certification, and a roadmap for buildup of domestic testing capacity. It further noted that the revised proposal on PMA in the private sector for security related products will not have domestic manufacturing requirements, percentage based or otherwise and that the revised proposal will incorporate a mechanism for a centralised clearing house mechanism for all notifications under the PMA Policy.

The COAI thereafter on November 7, 2013 sent a letter to the DoT containing feedback on the list of items slated for Government procurement.[16] It noted that there were 23 products on which PMA was applicable. It pointed out that there were no local manufacturers for many of the products notified. It also asked the Government to take steps to ensure that fiscal incentives were given to encourage manufacturing sector which was beset by several costs such as landing costs which acted as impediments to its development. It stressed upon the tiered development of the industry needed to ensure that a holistic and comprehensive growth is attained which would result in manufacturing of local products. It requested that the Government "focus on right enablers (incentives, ecosystem, infrastructure, taxation) as the outcome materializes once all of these converge."

The COAI sent a further letter dated November 13, 2013 to the DoT concerning the investment required in the telecom manufacturing industry.[17] It noted the projected required investment of 152bn USD in the telecom sector and that the Government had projected that 92% of the investment would have to come from the Private Sector. COAI, while stressing upon the need of the Government and the Private Industry to work in tandem with each other, suggested that the Government devise methods to attract investments in the telecom sectors from international telecom players and that the Telecom Equipment Manufacturing Council meet to review and revise methods for attracting such investments.

Pursuant to the PMO directive, DeitY released a revised PMA Policy on the 23rd of December, 2014.[18] While there have been a few major changes, not all of recommendations by various bodies have been adhered to.[19] The major changes in the revised policy included the exemption of the private sector from the policy and the removal of PMA Policy to equipments notified for security reasons. The manner of calculation of the domestic value addition has not been changed though there has been a reduction in the percentage of value addition needed to qualify a product as domestic product. Another addition has been of a two-tiered implementation mechanism for the Policy. Tier-I includes a National Planning and Monitoring Council for Electronic Products which would design a 10-year roadmap for the implementation of the policy including notification of the products and subsequent procurement. Under Tier-II, the Ministries and Departments will be issuing notifications specifying products and the technical qualifications of the same, after approval by the Council. The former notifications under the 2012 Policy, including the notification of 23 telecom products by Department of Telecom,[20] are still valid until revised further.[21]

[1]. No. 8(78)/2010-IPHW. Available at http://www.dot.gov.in/sites/default/files/5-10-12.PDF (accessed 03 June, 2014).

[2]. Preferential Market Access

[3]. See The PMA Debate, DataQuest at http://www.dqindia.com/dataquest/feature/191001/the-pma-debate/page/1 (accessed June 2014).

[4]. The letter is available at http://www.coai.com/Uploads/MediaTypes/Documents/letter-to-dit-on-pma-notification.pdf (accessed June, 2014).

[5]. Around $17bn.

[6]. The letter is available at http://www.coai.com/Uploads/MediaTypes/Documents/letter-to-dit-on-pma-notification.pdf (accessed June, 2014).

[7]. The letter is available at http://www.coai.com/Uploads/MediaTypes/Documents/coai-to-dot-on-enhancing-domestic-manufacturing-of-telecom-equipment-bas.pdf (accessed June, 2014).

[8]. The notification no. 18-07/2010-IP can be found at http://www.coai.com/Uploads/MediaTypes/Documents/DoT-draft-notification-on-Policy-for-preference-to-domestically-manufactured-telecom-products-in-procurement-October-2012.pdf (accessed June, 2014).

[9]. The commented COAI draft can be found at http://www.coai.com/Uploads/MediaTypes/Documents/Annexure-1-Comments-on-draft-notification-by-DoT.pdf (accessed June, 2014).

[10]. Available at http://www.coai.com/Uploads/MediaTypes/Documents/dots-notification-on-telecom-equipment-oct-5,-2012.pdf (accessed June, 2014).

[11]. The draft guidelines can be found at http://www.coai.com/Uploads/MediaTypes/Documents/pma_draft-govt-procurement-guidelines-april-2013.pdf (accessed June, 2014).

[12]. The COAI commented draft can be found at http://www.coai.com/Uploads/MediaTypes/Documents/pma-draft-security-guidelines-15-april-2013.pdf (accessed June, 2014).

[13]. The letter can be found at http://www.coai.com/Uploads/MediaTypes/Documents/jac-007-to-dot-on-Januarys-list-of-telecom-products-final.pdf (accessed June, 2014).

[14]. The letter can be found at http://www.coai.com/Uploads/MediaTypes/Documents/jac-to-moc-on-pma.pdf (accessed June, 2014).

[15]. The press release can be found at http://www.coai.com/Uploads/MediaTypes/Documents/pmo-on-pma.pdfhttp://www.coai.com/Uploads/MediaTypes/Documents/pmo-on-pma.pdf (accessed June, 2014).

[16]. The letter can be found at http://www.coai.com/Uploads/MediaTypes/Documents/COAI-letter-to-DoT-on-Feedback-on-List-of-Items-for-Govt-Procurement.pdf (accessed June, 2014).

[17]. The letter can be found at http://www.coai.com/Uploads/MediaTypes/Documents/COAI-letter-to-DoT-on-Investments-Required-(TEMC)-Nov%2013-2013.pdf (accessed June, 2014).

[18]. The Notification No. 33(3)/2013-IPHW can be found at http://deity.gov.in/sites/upload_files/dit/files/Notification_Preference_DMEPs_Govt_%20Proc_23_12_2013.pdf (accessed June, 2014).

[19]. For more information, see http://electronicsb2b.com/policy-corner/revised-preferential-market-access-policy/# (accessed June, 2014).

[20]. The notification has been mentioned and discussed above.

[21]. A list of notifications dealing with electronic products except telecom products can be found on the website of DeitY at http://deity.gov.in/esdm/pma (accessed June, 2014).

For more details visit https://cis-india.org/internet-governance/blog/pma-policy-and-coai-recommendations

Plugging into India’s broadband revolution

Navadha Pandey — 2019-06-05T14:02:48Z

After many false starts, the plan to wire India’s digital future may finally take off with Jio GigaFiber’s entry.

The article by Navadha Pandey was published in Livemint on June 4, 2019. Sunil Abraham was quoted.

All through 2018, 58-year-old Ashok Kumar Rai’s Lucknow-based small architecture firm used to spend a princely sum of ₹11,800 each month for the privilege of a good broadband internet connection. “We used to send building walk-through files to clients every day and the size of each file could go up to 1GB (gigabytes)," he says. Doling out cash for reliable internet was a necessity. All that changed when a new player, Atria Convergence Technologies Ltd (ACT), came to Rai’s upmarket Gomti Nagar neighbourhood in Lucknow. In the summer of 2019, Rai’s internet access speed has shot up from 4 to 150 Mbps (megabits per second). And the monthly bill has come crashing down to about ₹1,000.

For far too long, India’s internet action lay centered in its metros, leaving out even relatively big cities like Lucknow. The fledgling online access push into smaller cities and rural India happened primarily via mobile data transmitted over wireless spectrum. Home broadband was nowhere in the picture. But all that seems set for some dramatic change. If the country’s richest man, Mukesh Ambani, has his way, high-speed broadband will become a reality in at least 1,600 cities.

In the process, he aims to also leapfrog India from its current rank—134—in fixed-line broadband penetration to the top five with the help of Jio GigaFiber.

The dream of a broadband revolution, however, has its fair share of detractors. Bhaskar Ramamurthi, for example, who helms the Centre of Excellence in Wireless Technology (CWEiT at Indian Institute of Technology Madras (IIT Madras), says: “Fiber penetration will take a long time in India."

The logic is simple: unlike mobile towers, fiber needs to reach each home physically. China’s broadband boom happened because it has rebuilt nearly its entire housing stock in the last 15 years, fuelled by a construction-led growth bubble. “In India, initially only all the upcoming new buildings may get connected to fiber-based (fast) internet," says Ramamurthi.

But India’s untapped millions are about to set off a race. And this journey, which will clearly not be a cakewalk, has huge rewards in store. Sample this: India has 1.16 billion mobile subscribers but just 18.42 million wired broadband subscribers. And many of them, like Rai, are data hungry. There is an existing playbook: what happened to mobile broadband after 2014.

In 2014, the cost of one GB of mobile data was ₹270. Now, it is ₹10 per GB. As a result, mobile data consumption has soared. In late-2014, an average user on Airtel’s network (India’s largest telecom operator back then) used 622 megabytes (MB) of data in a month. By late-2018, the number of users had tripled, but, despite a broader base, average data usage stood at 10GB a month.

First-mover advantage

The expansion in wired broadband access may have far-reaching implications beyond a mere spike in data usage. When Mukesh Ambani, chairman and managing director of Reliance Industry Ltd which owns Reliance Jio Infocomm Ltd, declared optical fibre based fixed-line broadband as “the future" last July, the real play was not on the infrastructure itself, but the services that would ride on top—from smart home experiences to new forms of e-commerce. The revenue and the first-mover advantage lie in who gets to tap into the “ecosystem"—of how a household connects to the wider world to buy, watch, and exchange.

Essentially, new businesses could emerge to feed the “ecosystem". And some existing small and medium-scale businesses may finally become viable enough to expand and go big. Netflix, for example, emerged as one of the world’s largest video streaming platform, riding on top of the US broadband boom. But India already has a crowded pack of 34 web video streaming entertainment platforms, most of which have cropped up to sustain the attention of mobile data guzzling Indians. With wired broadband following mobile usage expansion, unlike in most other countries, India’s new-age internet businesses are likely to be unique and different.

Home-based surveillance and security systems could be one space that could gain significant traction, says Sunil Abraham, executive director of the Bengaluru-based think-tank Centre for Internet and Society. “If there are 40 families (in a high-rise apartment) who have babies and need surveillance facilities, each apartment going for an individual connection from a telecom service provider would involve a huge amount of money. But a fibre-based intranet or peer network could connect all 40 flats for a much smaller price," he says.

There could also be unintended consequences for the country’s digital gender divide. Only 29% of India’s current internet users are women, according to a recent Unicef report. If the cost of wired broadband begins to crash—thereby increasing the number of homes which have access—women who will never get access to a phone (due to the cost of device and patriarchy) will finally be able to see things on the internet, says Nandini Chami, a researcher at IT for Change, a non-governmental organization. “How this negotiation will happen inside the house, we will have to wait and watch," she says. Household-level access would also confuse corporate entities trying to “hyper-profile" users since multiple people will be accessing the internet through shared devices at home, she adds.

But as internet access improves, making the digital economy more vital, Chami says, governments would have an important role in ensuring women get to use the internet “on terms that are empowering". “We can think of innovative models when fixed broadband becomes cheap. The household is not the space for this. It can be libraries which have special times for young girls or digital labs for women. We need to rethink the missed opportunity of the BharatNet and the national optic fibre network. Internet access should not stop at just the panchayat office. We must think of different points of access, particularly for women," Chami adds.

The possibility of many of these radical changes in both the social and business realms will, of course, entirely rely on the pace at which India goes broadband. Despite the rapid expansion in mobile internet, data originating from mobile devices still account for only 20% of India’s data consumption. That is why what happens in the wired broadband space will matter increasingly. And that is also why Jio is betting big on expanding the existing wired user base (18 million) to 50 million.

The Jio gameplan

Jio is currently running beta trials for GigaFiber in New Delhi and Mumbai, providing 100GB of data at 100 Mbps for free, except for the ₹4,500 one-time deposit for a router. While the landline will come with unlimited calling facility, television channels will be delivered over the internet (Internet Protocol Television, or IPTV). The packaged trio of fast Internet, landline telephony, and television access will remain free for a while—similar to what had happened in the mobile phone services segment in 2016. After commercial launch, the per month cost is expected to be ₹600, roughly half of what similar services cost currently.

Jio’s rival Bharti Airtel Ltd has decided that it is not interested in the entire pie but just the creamy top layer. It will focus on premium customers and expand its broadband services across India’s top 100 cities, instead of copying Reliance Jio’s ambitious plan to create a fibre-optic network across the country. To achieve this, Airtel, which already has 2.36 million fibre customers, will stay focussed on high-rise buildings rather than horizontal deployment, as this business model is more economical and logical.

The dark horse in this race is, of course, ACT with its existing 1.42 million customers. Its presence is much smaller with just 18 cities, largely in the south India and the newly expanded zones of Delhi, Jaipur and Lucknow. On the ACT fibre network, average data consumption per user is already at 130GB a month.

“We have seen a 150% increase in average consumption in the last 18 months," says Bala Malladi, chief executive officer, ACT. “People are now looking at higher speeds and the experience is taking precedence over cost. In fact, even in the hinterland, people want higher speeds and non-buffered experience," he adds.

But why hasn’t fibre penetration gone up if the demand is booming? Why did India miss the bus when other countries like the US have an 80% fibre penetration?

Policy paralysis

Firstly, fibre is expensive to lay, unlike a SIM card which can be given away for free. Moreover, India till a few years ago was mostly a voice calls market and not a data market. Secondly, municipalities in India have complicated right-of-way (RoW) procedures which act as a big hurdle for digging and laying fibre. This is one of the reasons why even government (such as the Delhi government) plans to set up citywide surveillance and Wi-Fi hotspots have failed.

“The centre has finally issued a very good RoW model, but now every state has to come up with its own policy modelled on the central guidelines. They are taking their own sweet time," says Rajan Mathews, director general, Cellular Operators Association of India (COAI).

The lack of forward movement on these fixable policy issues assumes significance given the government’s focus on fibre in its National Digital Communications Policy-2018, which has a target of attracting $100 billion worth of investments in digital communications.

The policy’s goals include universal broadband for all, creating four million jobs in digital communications, and raising the share of digital communications in India’s gross domestic product (GDP) to 8% (from less than 6% in 2017). Deployment of five million public Wi-Fi hotspots by 2020 through a National Broadband Mission is also on the agenda. The key goal, however, is to provide 1 Gbps (gigabit per second) connectivity to all gram panchayats by 2020 and 10 Gbps by 2022.

The sad reality is that the last five years were an absolute failure in laying fibre in the country. BharatNet, the flagship mission to connect 250,000 gram panchayats with broadband, which was being implemented by Bharat Broadband Network Ltd (BBNL), a special purpose vehicle set up under the department of telecommunications (DoT) in February 2012, has been a disappointment, to say the least.

The government has completed laying optical fibre cables across more than 100,000 gram panchayats in the first phase and had aimed to complete connecting the remaining 150,000 councils by March 2019. The second phase has seen “zero progress", according to government officials close to the matter. Pained by poor utilization of digital infrastructure, the Telecom Regulatory Authority of India (Trai) suggested auctioning BharatNet infrastructure on an “as is where is" basis after a meeting held in December at the prime minister’s office to take stock of the mission.

To start with, the DoT plans to monetize fibre assets built by the government under its flagship mission BharatNet through outright sale to private players or by leasing these assets for a 20-year period after a bidding process. If successful, it could boost connectivity in Indian villages, which have so far been kept out of the digital dividend.

Bigger cities, however, will have a different consumption story. With intra-city fibre coverage leading to improved penetration, wired broadband would not just offer an enhanced content viewing experience, but also open doors for internet of things, or IoT. “Home security is going to become a big business going forward, riding on fibre. Even gaming will see a lot of traction as you can enjoy a 4K game in real-time, thanks to low latency and high speed of an optic network," Malladi of ACT says.

The looming question, however, is how much investment can operators put in given the current low tariff environment in the telecom sector. Big players are stressed for funds and are diluting their non-core assets to generate funds to keep networks afloat. “If you are looking at what will happen in the next three years... I believe that there is a business case to be made and tariffs should sustain it (the investment)," Mathews says.

Whether that happens or not could become an important footnote in India’s growth story. The far-reaching implications of fast internet access pushed billionaire tech entrepreneur Elon Musk, chief executive officer of Space Exploration Technologies Corp. (SpaceX), to launch 60 internet-beaming satellites last month. The grand scheme is a response to the practical constraint of laying fibre, a concern which is more pressing in India’s vast landmass.

Unlike Musk, the country’s broadband dreams, however, still remain rooted to the ground—in the simple tech of optic fibre. And the success or failure of those dreams will be written by how fast the fibre network expands.

For more details visit https://cis-india.org/telecom/news/livemint-navadha-pandey-june-4-2019-plugging-into-indias-broadband-revolution

Pleasure and Pornography: Pornography and the Blindfolded Gaze of the Law

namita — 2011-08-02T08:37:23Z

In the legal discourse, pornography as a category is absent, except as an aggravated form of obscenity. Does this missing descriptive category assist in the rampant circulation of pornography, either online or offline? Rather than ask that question, Namita Malhotra, in this second post documenting her CIS-RAW project, explores certain judgments that indeed deal with pornographic texts and uncovers the squeamishness that ensures that pornography as an object keeps disappearing before the law.

When Justicia, blindfolded, cannot see the profane …

In the legal discourse, pornography as a category is absent, except as an aggravated form of obscenity (1). Does this missing descriptive category assist in the rampant circulation of pornography, either online or offline? Rather than ask that question, I would like to explore certain judgments that indeed deal with pornographic texts and uncover the squeamishness that ensures that pornography as an object keeps disappearing before the law.

For instance, in the case of Fatima Riswana V. Chennai & Ors. (2) both the public prosecutor and counsel for the petitioners applied to the court for transfer to another (male) judge, to save the District Lady Judge from embarrassment. The order for transfer was passed, so that the District Lady Judge does not have to view certain CDs that are part of the evidence. The justification for this is that the 'said trial would be about the exploitation of women and their use in sexual escapades by the accused, and the evidence in the case is in the form of CDs, viewing of which would be necessary in the course of the trial; therefore, for a woman Presiding Officer it would cause embarrassment'.

This is a rather obvious case, where explicit and pornographic material is made to disappear before the eyes of the law, gesturing towards the larger complicity that allows society and law to create a ruckus about Richard Gere and Shilpa Shetty’s kiss, HBO's English movie channel, dance bars and other such aspects of the sleazy modernity that we inhabit (3), but simultaneously is oblivious to circulation of pornography, both online and offline.

In a rather confrontational visual juxtaposition, I place Savita Bhabhi alongside Husain’s Mother India, to be able to ask several questions, including the question of which one’s existence has been more threatened by the law. There is almost no doubt about it; Savita Bhabhi’s chequered career as a slutty housewife has been marred only by two scandals (and several almost patriotic accounts of India having finally arrived (4)) – once when a child sent an MMS about his teacher and it made references to Savita Bhabi, which led to some mention of action that might be taken against the website (5), and another time when Karan Johar (Mid Day, Delhi – 31 March 2009) remarked that one of the characters, Jeet, has a look similar to that given to Amitabh Bachchan in 'Kabhi Alvida Naa Kehna', and this might be a case of copyright infringement. Neither of these have resulted in any serious charge against the alleged anonymous producers, Indian Porn Empire, or what is more probable, the blocking of the website regardless of whether the producers/creators can be found and prosecuted. However Husain’s untitled painting, which surfaced on a website for an auction for victims of a Kashmir earthquake in 2006 (two years after it was first sold by the painter), was dragged to court on serious charges of obscenity, which fortunately led to a rather progressive judgment on obscenity by the Delhi High Court.

Returning to the two images of nude women, obscenity law in India has laid down that “nudity in art and literature is not per se evidence of obscenity”. As stated in the judgment that dealt with the circulation of Hussain’s untitled painting (later titled 'Bharat Mata') 'the work as a whole must be considered, the obscene matter must be considered by itself and separately to find out whether it is so gross and its obscenity so decided that it is likely to deprave and corrupt those whose minds are open to influences of this sort'. What renders an object obscene is the transaction rather than the text -- a transaction involving the depiction-consumption of the female body , and the sexualisation of the viewer who in turn sexualises the object. It is not just that the painting/image may already be sexualized but also that the public is in turn sexualised by looking at it (and sexualises it with its gaze), thus making them vulnerable to the perversion that is modernity itself and the pornographic gaze (Nitya Vasudevan and Namita A. Malhotra, State of Desire - Unpublished article). To put it simply, the anxiety of the state is not just about the object, but also about its circulation in the public, and the meanings it acquires through these series of transactions.

Legal and public discourse is often obsessed with the various meanings that become possible because of the placing of this naked body - or the transactions of this naked body with the context, background, narrative that it is placed in. Though seemingly sexualised already as a naked body (this can be refuted not only by the Indian court but various examples in art, religious architecture, etc.) the meanings it may carry are further complicated when it is placed in a pornographic comic online, bearing a crown and saying 'I will be Miss India', or as a faceless hazy outline in the foreground of the map of India. Hussain’s depiction of the naked woman on the map of India, embodying India (in pain or anger) carries many jostling, conflicting meanings. Inspite of the furore over the painting, the High Court finally held that the painting was not obscene, stating that the intention of the painter was to evoke sympathy for a woman – indeed a nation – in distress (6) . However what is intriguing, is that Savita Bhabi’s body, her markings of Indian-ness, her poses and postures are not examined to that extent either by the court or the public.

Pornography, as obscenity in its aggravated form or explicit depiction of sexual acts without a relevant or coherent narrative, has been dropped from both legal discourse and academic and cultural analysis--is it possible to surmise that this has happened because it can be read as a blank slate, a place where meanings cannot be read, felt or inferred? Pornographic movies are spliced into mainstream films, circulate surreptitiously through video stores, piracy markets or though online spaces that cannot be easily accessed because of regulations and filters in most places –- colleges, homes, schools, offices, cybercafes (7) etc. Can we surmise that the transaction of the sexualized gaze with the obscene object has been, in this way, so removed from public gaze that it does not merit discomfort and anxiety for the state or public, unless it nefariously slips into public discourse (DPS MMS, Noida MMS, Mysore Mallige)? As long as it is a secretive (even if mass) consumption, it does not disturb the heternormative familiar and familial in the manner that an object whose obscenity is not quite obvious or clear does – for example, HBO's English movie channel (8).

In this context, let us look at an excerpt from the progressive judgment on Hussain’s painting, which demonstrates the extent to which the court has to read the meanings of an image to determine whether it is obscene or not, but simultaneously, by not ever having to interact with a pornographic text, the court (or the public) does not have to see that there are many meanings embedded in such an image as well.

'One of the tests in relation to judging nude/semi nude pictures of women as obscene is also a particular posture or pose or the surrounding circumstances which may render it to be obscene, but in the present painting, apart from what is already stated above, the contours of the woman’s body represent nothing more than the boundaries/map of India.

Even if a different view had to be taken that if the painter wanted to depict India in human form, it may have been more appropriate to cloth the woman in some manner may be by draping a sari or by a flowing cloth etc., but that alone cannot be made a ground to prosecute the painter. There can be a numbers of postures or poses that one can think of which can really stimulate a man’s deepest hidden passions and desires. To my mind, art should not be seen in isolation without going into its onomatopoetic meaning and it is here I quote Mr. Justice Stewart of the US Supreme Court in Jacobellis v. Ohio 378 U.S. 184 (1964) who defined ‘obscenity’ as, “I will know it when I see it”. The nude woman in the impugned painting is not shown in any peculiar kind of a pose or posture nor are her surroundings so painted which may arouse sexual feelings or that of lust in the minds of the deviants in order to call it obscene. The placement of the Ashoka Chakra or the States in the painting is also not on any particular body part of the woman which may be deemed to show disrespect to the Ashoka Chakra/States and the same was conceded by the learned counsel for the respondent during the course of the arguments advanced.

It is possible that some persons may hold a more orthodox or conservative view on the depiction of Bharat Mata as nude in the painting but that itself would not suffice to give rise to a criminal prosecution of a person like the petitioner who may have more liberal thoughts in respect of mode and manner of depiction of Bharat Mata.' (9)

A body that doesn’t carry inscriptions of cities on different body parts, but is definitely inscribed as Indian is that of Savita Bhabi – from the mangalsutra that never comes off even during doggy-style sex, the sari that slips off rather easily, the bindi, the gestures and mannerisms, to the stories that place her in sexual encounters with familiar people – the bra salesman, the old boyfriend, the cousin, the doctor, the woman colleague, the boss, the aging star and many others.

Savita Bhabhi thus carries as many confusing, jostling meanings as a pornographic text. For instance, she refers to recession and aspirations to become Miss India. She ventures into the fantasy world of her fans, since many of her stories are drawn from their stories on the Savita Bhabi website and fansite –- whether these stories are make-believe or true is irrelevant. These resonances of the text beyond mere sexual arousal are obvious. Even if one were to ignore Linda Williams (10) and inferences from Foucault that pornography becomes one of the many forms in which knowledge of pleasure is organised, it is obvious that from varied perspectives within film studies and legal studies, pornography merits examination. Williams' point also seems to provide some insight into why pornographic circulation doesn't merit much anxiety from the state or in the law; if pornography is organised in consonance with the heteronormative familiar and familial and accessible primarily by men, then maybe it is not such a big surprise that the state or the law is not really invested in controlling pornography, since pornography itself is controlling modes of sexuality and/or sexual expression.

Returning to the comparison, Hussain's untitled nude body on the map of India is literally marked. She carries these inscriptions -- Gujarat on one breast, Bangalore between her thighs, Chennai on her calves, Goa on her hip. Savita Bhabi is marked by her sari, her bindi, her blouse, her aesthetic sense, her fantasies of film stars, her stories of encounters in dressing rooms and myriad other recognizable details -- that mark her as Indian, or at least as living in India, in an Indian (albeit a privileged fair North Indian) body. However, it is Husain's untitled painting -- not called Bharat Mata (and the painting doesn't seem to signify a maternal relation but that of a wounded woman or pained woman) -- that goes to court on charges of obscenity.

Before looking at the few judgments that deal with the actual pornographic text, I take a detour to look at another iconic female figure -- that of Justice. Though clothed, she is blindfolded, so as to be able to discern even a fraction of a slip in the scales of justice; visual cognition would not be sufficient for her to recognise such a slip. As explained by Costas Douzinas, ('The Legality of the Image, lecture – December, 1999), ‘Justice must be blindfolded to avoid the temptation of facing the concrete person and putting individual characteristics before the abstract logic of the institution'. Martin Jay traces the trajectory of how justice became blindfolded through the ages, in the article 'Must Justice Be Blind' (11). Justice was initially wide-eyed and alert; she was blindfolded by the Fool in a period when corruption of the rulers was rampant; she was immortalised by Vermeer as staring at empty scales; and in a transitory state before being completely blinded she had two heads, with a pair of eyes that could see, and a pair that was blindfolded -- shielded, maybe, from the profane and from embarrassment.

I look at this blindness of the judicial system that allows pornography to circulate, while pinning down the obscene and examining minutely its various meanings. The obscene ('Satyam Shivam Sundarmam', 'Prajapati' – a Bengali magazine which carries short stories, 'Lady Chatterley’s Lover', 'Bandit Queen') is examined firstly, for whether it is so gross, though grossness or vulgarity as such is not enough to establish obscenity. And secondly, for whether it has the tendency to deprave and corrupt those whose minds are open to such influences and into whose hands -- or rather, vision -- such an object might fall (this is what allows for the circulation in limited publics -- adult audiences, time slots on television).

Hard and Near Hard Pornography: Close Encounters of the Law with the Profane

In the case of Anonymous vs. the Commissioner Of Police (12), yet another encounter takes place between the embarrassed law and the pornographic text. The excerpt below describes the encounter of two women advocates asked by the court to examine what movies are being exhibited at a specific theatre. In the peculiar clash of social mores, that ensure who has access to pornography, and the law, that ensures equal access to all legally sanctioned media to everyone, the movie theatre was held responsible for violating the fundamental right of women to have access to their premises -- and thus access to pornography.

'We approached the booking counter of Rs. 20/- and asked for tickets. The booking clerk first informed us that it is an English movie and it is not meant for ladies to view. When we insisted for tickets, he asked us to come inside the booking room from the main entrance of the theatre. When we were entering the theatre, the gate-man informed us that ladies are not permitted as it is a "SEX MOVIE".

However, we walked into the booking room. Booking clerk issued us Box-A tickets and further asked us to see the Manager before taking seats. We did not see the Manager but directly went to Box-A and took seats. Even the Box-A doorman asked us to leave the theatre advising us that we being ladies cannot see it as the movie is a "SEX MOVIE". When the movie began at 12.00 P.M. simultaneously the Manager along with two men switched on the lights in Box-A and asked us to leave the hall immediately. Since he repeatedly insisted us to leave, we both came out of Box-A. On coming out we enquired as to why we should not see the movie, to which the Manager replied that it is a "BF". On asking for further clarification of "BF", the Manager stated that it means "BLUE FILM". When we asked him to identify himself, he informed us that he is Mr. Prasad, Manager of the Theatre, as such he has every right to ask us to leave. When we asked as to how it was not advertised that the movie is meant for men only, he retorted that "It is understood that whenever English movies are played in this theatre, ladies are strictly not permitted." As such we were forced to leave the theatre immediately.'

The question before the court was whether the films exhibited in this theatre were being exhibited in accordance with the censor certificate or whether there was any tampering; whether there was any other device or contrivance to interpolate or intermingle blue films with any otherwise innocent-looking film. Here, though the court had taken it upon itself to address the pornographic text, it ran into a series of complications when merely trying to access the text or the evidence itself, as two women advocates were sent to determine if there was an illegal film exhibition taking place. Pornography seems to be continuously disappearing even on the rare occasion when it is addressed directly by the court, especially in the court's attempt to precisely locate the moment of transaction of the gaze with the pornographic object.

The court, when allowed to examine the film exhibited, found that it was 'a hotch potch of short films, advertisement films, party propaganda films, Hindi and Telugu feature film bits'. (13) The court finally located the pornographic segments (squeezing breasts in a tub, cunnilingus, brutal murder scene) and the court’s comment was that 'normal scenes were replaced by sexy scenes'. The recommendation of those who examined the films that were ostensibly being spliced into Secret Games 3 and Dark Dancers is that, 'The only course proper is not to permit entry into the country for such films which prima facie may be classified hard or near-hard'. Though the term near-hard is amusing and unique classification of pornography, maybe it's a Freudian slip by a judicial system caught between disgusted arousal and embarrassment.

Finally, in this judgment, the court had to acknowledge its own blindness -- that there is ‘some hole somewhere in the system so that even excised portions by the Censor Board of the films have found their way to the theatres’, including portions that were never passed through the censor certification process at all.

Whose Hard-On (or Near Hard-On) Are We Looking for: The Law in Its Search for the Profane

In 2005, two teenagers frolicking were captured on a mobile phone camera, and the clip circulated first through mobile phones and then subsequently on the internet. The clip sparked off a phenomenon of hidden camera and mobile phone clips -- a booming pornographic enterprise now on the internet. For a split second, it seemed as though any kind of desire could become pornographic, captured in an ubiquitous medium and transmitted throughout the country. That thrill and anxiety was possibly grasped at slightly in Anurag Kashyap’s Dev.D, where Chanda -- the prostitute, or the other of the good girl -- is the one depicted as the unknown girl who was part of the MMS clip. Very few films have been able to grasp the visceral embarrassment and immediacy of desire as Dev.D does, and it is possibly not the story of Chanda, but that of Paro that achieves this. Paro, who sends nude pictures of herself across continents; Paro, the cyber-sexer; Paro, the entirely relatable slut who cycles with a mattress across fields of mustard in small town Punjab because she desires sex.

After three and a half years (countless MMSs, one movie reference, and a few academic articles later) the court passes judgment in this case – of who possibly can be held liable for the circulation of the MMS clip online, and specifically its sale on Bazee.com (an eBay subsidiary) by an IIT student (Avnish Bajaj vs State on 29/5/2008 by Muralidhar J.). In this case, it is not the pornographic text that keeps slipping and eluding the grasp of the court; the problem is in the inability, especially in the age of the internet, to fix the transactions around such an object that is rapidly changing hands and circulating at an exponential speed through the internet.

The court is in a bind -- the wrong person is accused. Not the corporate body of Bazee but the CEO of Bazee himself (the boy is a juvenile so is facing lesser charges in the juvenile court). The court has the responsibility to fix the blame of the circulation of the obscene object on Avinash Bajaj, without being able to establish that there is any knowledge on his part about the existence of the clip. Though the court was able to establish that there was negligence on the part of Bazee in running the website (in spite of notification, the clip remained on sale for a whole working day after the complaint), and that the filters used by Bazee were obviously inadequate to control what is sold through the website, it was still not possible to find the CEO liable for obscenity charges. If the company had been charged, this would have been possible. Eventually, even though obscenity as a charge couldn’t stick, similar provisions in the IT Act (Section 67 read with Section 85) were used to charge Avinash Bajaj himself, as opposed to Bazee (the corporate body or the company itself).

Here again the court is forced to confront a pornographic text only in instances where there has been a public furore around it, and the eventual judgment is not likely to be able to even remotely address the phenomenon of MMS clips and hidden camera footage from cybercafes and hostels that has been spawned as a result of this incident. The slippery transaction of the gaze with the pornographic object is difficult to fix though in a different way from the earlier judgment – here the pornographic nature of the text is understood rather than examined, more for its violation of privacy than actual elements of obscenity. But it is still hard to determine for the law, especially with the internet, how and by whom has circulation of the pornographic object has taken place and to fix these transactions to ensure legal culpability.

*****
Curiously this tale of women advocates and judges as representatives of law and justice, who are averting their gaze from the pornographic text or find that the text is constantly eluding their legal stare, must deal in its closure with the figure of the male judge. Anne McClintock’s male judge in her article ‘Screwing the System’ (14) is a judge who gets a hard-on each time he sentences a prostitute -- a judge who otherwise pays to be beaten by the very same prostitutes. The Hidayatullah paradox of obscenity law is that the judge who decides on obscenity has to decide on the basis of whether he is affected, or rather aroused -- and if he is turned on, then how is he any longer the reasonable judge, or even the 'reasonable man' who can be expected to pass judgment with the dispassionate authority of law? The work of both Shrimoyee N. Ghosh (on the dance bar judgment) and Lawrence Liang (on cinema and the law) on the relation between law and affect, gestures towards an interesting puzzle for us to consider here: if we could look into the eyes of justice, if she were not blindfolded, what would we see? And is the purpose of the blindfold indeed to prevent us from observing the affective life of law itself – its arousal, disgust and embarrassment?

Endnotes:

1. Ranjit Udeshi v. State of Maharashtra. Only in the recent fairly progressive judgment on Hussain’s painting, that held eventually after examining it, that it was not obscene, was there an attempt at giving some distinction to the category of pornography apart from it being an aggravated form of obscenity and to say that it, as a class of objects, images, paintings, videos, is designed for sexual arousal, while other material which may or may not be obscene is meant to have other meanings. Such reading of the author’s intentions is a convoluted way of restating Justice Potter’s statement – 'I know it (hard core), when I see it'.
2. Fatima Riswana v. State Rep. By A.C.P., Chennai & Ors.Case No.: Appeal (crl.) 61-62 of 2005
3. -'…in a clear shift of subject matter, what we are now seeing is an explicitly politicized moral censor looking at all this—looking not so much at the sex industry as at society-in-general, at society itself now theatricalised into a morbid stage of sleaze'. Ashish Rajadhyaksha, in his essay ‘Is Realism Pornographic?,’ which deals with the writings of Pramod Navalkar, former Minister for Culture in Maharashtra, points to how explicit or hard-core pornography does not seem to be the concern as much as a whole range of practices attached to the phenomenon of modernity
4. Anastasia Guha, The Beatitudes Of A Bountiful Bhabhi, Tehelka, Vol 5, Issue 19, Dated May 17, 2008. Available online at http://www.tehelka.com/story_main39.asp?filename=hub170508the_beatitudes.asp
5. Savitha Bhabi threatened, http://infotech.indiatimes.com/quickiearticleshow/3476748.cms
6. For instance, the court held that in Bandit Queen, the nudity during the sequence of rape and torture of Phoolan Devi is necessary in the narrative and essential for the impact and the moral that the story is trying to convey – her anger with the upper caste feudal landlords and her quest for justice become identifiable for the viewer, and hence the nudity is in fact necessary in the story, and has no ‘tendency to deprave or corrupt’.
7. The regulation of cybercafes takes place in a manner reminiscent of how cinema spaces such as movie theatres were sought to be regulated by the colonial law. Current laws demand placing of computers so monitors face outward, use of identity cards for every visit, data retention for at least a month for most users, etc.
8. Though the latter might be a valid assumption (and certainly beneficial for us) it is an assumption whose presumptuous certainties are shaken in the age of the internet, especially that primarily men access pornography and cyber sex through these newly opening up online spaces.
9. Maqbool Fida Husain v. Raj Kumar Pandey CRL. REVISION PETITION No. 114/2007. Decided on 08-05-2008

10. Williams, Linda. Hard Core: Power, Pleasure and the Frenzy of the Visible. Berkeley: University of California Press, 1989
11. Costas Douzinas, Lynda Nead (Eds), Law and the Image: the Authority of Art and the Aesthetics of Law. University of Chicago Press, 1999
12. Anonymous Letter-Un-Signed vs The Commissioner Of Police And Others on 26 December, 1996
13. For a judicial system that is invested in narrative film or narrative structure for reasons of copyright law (see generally Anne Baron, The Legal Property of Film) or for aesthetic reasons, as is evident from the judgment in Bandit Queen (that held nudity when she was paraded naked in front of the villagers to not be obscene because those scenes are needed for a narrative impact – for people to feel moved and disgusted by Phoolan Devi’s plight) it must also be a different kind of horror to find films chopped up into twenty sundry pieces, the last piece thrown somewhere else.
14. Anne McClintock, Screwing the System: Sexwork, Race and the Law, Boundary 2, Vol. 19, No. 2, Feminism and Postmodernism (Summer, 1992), 70-95.

For more details visit https://cis-india.org/raw/histories-of-the-internet/blogs/law-video-technology/the-blindfolded-gaze-of-the-law-and-pornography