Centre for Internet and Society

Links in the Chain - Volume X, issue 3

praskrishna — 2012-12-05T07:33:34Z

Digital Natives newsletter, Volume X, issue 3.

For more details visit https://cis-india.org/digital-natives/blog/changing-face-of-citizen-action.pdf

Linking Aadhaar with social media or ending encryption is counterproductive

sunil — 2019-08-28T01:39:47Z

Should Aadhaar be used as KYC for social media accounts? We have recently seen a debate on this question with even the courts hearing arguments in favour and against such a move.

The article was published in Prime Time on August 26, 2019.

The case began in Madras High Court and later Facebook moved the SC seeking transfer of the petition to the Apex court. The original petition was filed in July, 2018 and sought linking of Aadhaar numbers with user accounts to further traceability of messages.

Before we try and answer this question, we need to first understand the differences between the different types of data on social media and messaging platforms. If a crime happens on an end to end cryptographically secure channel like WhatsApp the police may request the following from the provider to help solve the case:

Identity data: Phone numbers of the accused. Names and addresses of the accused.
Metadata: Sender, receiver(s), time, size of message, flag identifying a forwarded messages, delivery status, read status, etc.
Payload Data: Actual content of the text and multimedia messages.

Different countries have taken different approaches to solving different layers of the surveillance problem. Let us start with identity data. Some like India require KYC for sale of SIM cards while others like the UK allow anonymous purchases. Corporations also have policies when it comes to anonymous speech on their platforms – Facebook for instance enforces a soft real ID policy while Twitter does not crack down on anonymous speech. The trouble with KYC the old fashioned way is that it exposes citizens to further risk. Every possessor of your identity documents is a potential attack surface. Indian regulation should not result in Indian identity documents being available in the millions to foreign corporations. Technical innovations are possible, like tokenisation, Aadhaar paperless local e-KYC or Aadhaar offline QR code along with one time passwords. These privacy protective alternatives must be mandatory for all and the Aadhaar numbers must be deleted from previously seeded databases. Countries that don’t require KYC have an alternative approach to security and law enforcement. They know that if someone like me commits a crime, it would be easy to catch me because I have been using the same telecom provider for the last fifteen years. This is true of long term customers regardless if they are pre-paid or post-paid. The security risk lies in the new numbers without this history that confirms identity. These countries use targeted big data analytics to determine risk and direct surveillance operations to target new SIM cards. My current understanding is that when it comes to basic user data – all the internet giants in India comply with what they consider as legitimate law enforcement requests. Some proprietary and free and open source [FOSS] alternatives to services offered by the giants don’t provide such direct cooperation in India.

When it comes to payload data – it is almost impossible (meaning you will need supercomputers) to access the data unless the service/software provider breaks end-to-end cryptography. It is unwise, like some policy-makers are proposing, to prohibit end-to-end cryptography or mandate back doors because our national sovereignty and our capacity for technological self-determination depends on strong cryptography. A targeted ban or prohibition against proprietary providers might have a counterproductive consequence with users migrating to FOSS alternatives like Signal which won’t even give the police identity data. As a supporter of the free software movement, I would see this as a positive development but as a citizen I am aware that the fight against crime and terror will become harder. So government must pursue other strategies to getting payload data such as a comprehensive government hacking programme.

Meta-data is critical when it comes to separating the guilty from the innocent and apportioning blame during an investigation. For example, who was the originator of a message? Who got it and read it last? WhatsApp claims that it has implemented the Signal protocol faithfully meaning that they hold no meta-data when it comes to the messages and calls. Currently there is no regulation which mandates data retention for over the top providers but such requirements do exist for telecom providers. Just like access to meta-data provides some visibility into illegal activities it also provides visibility into legal activities. Therefore those using end-to-end cryptography on platforms with comprehensive meta-data retention policies will have their privacy compromised even though the payload data remains secure. Here is a parallel example to understand why this is important. Early last year, the Internet Engineering Task Force chose a version of TLS 1.3 that revealed less meta-data over one that provided greater visibility into the communications. This hardening of global open standards, through the elimination of availability of meta-data for middle-boxes, makes it harder for foreign governments to intercept Indian military and diplomatic communications via imported telecom infrastructure. Courts and policy makers across the world have to grapple with the following question: Are meta-data retention mandates for the entire population of users a “necessary and proportionate” legal measure to combat crime and terror. For me, it should not be illegal for a provider who voluntarily wishes to retain data, provided it is within legally sanctioned limits but it should not be requirement under law.

There are technical solutions that are yet to be properly discussed and developed as an alternative to blanket meta-data retention measures. For example, Dr. V Kamakoti has made a traceability proposal at the Madras High Court. This proposal has been critiqued by Anand Venkatanarayanan as being violative in spirit of the principles of end-to-end cryptography. Other technical solutions are required for those seeking justice and for those who wish to serve as informers for terror plots. I have proposed client side metadata retention. If a person who has been subjected to financial fraud wishes to provide all the evidence from their client, it should be possible for them to create a digital signed archive of messages for the police. This could be signed by the sender, the provider and also the receiver so that technical non-repudiation raises the evidentiary quality of the digital evidence. However, there may be other legal requirements such as the provision of notice to the sender so that they know that client side data retention has been turned on.

The need of the hour is sustained research and development of privacy protecting surveillance mechanisms. These solutions need to be debated thoroughly amongst mathematicians, cryptographers, scientists, technologists, lawyers, social scientists and designers so that solutions with the least negative impact can be rolled out either voluntarily by providers or as a result of regulation.

For more details visit https://cis-india.org/internet-governance/blog/prime-time-august-26-2019-sunil-abraham-linking-aadhaar-with-social-media-or-ending-encryption-is-counterproductive

Limits to Privacy

Prashant Iyengar — 2012-12-14T10:28:55Z

In his research article, Prashant Iyengar examines the limits to privacy for individuals in light of the provisions of the Constitution of India, public interest, security of state and maintenance of law and order. The article attempts to build a catalogue of all these justifications and arrive at a classification of all such frequently used terms invoked in statutes and upheld by courts to deprive persons of their privacy.

Introduction

In 1965, the Supreme Court of India heard and decided State of UP v. Kaushaliya[1], a case which involved the question of whether women who are engaged in prostitution can be forcibly removed from their residences and places of occupation, or whether they were entitled, along with other citizens of India, to the fundamental right to move freely throughout the territory of India, and to reside and settle in any part of the territory of India [under Article 19(1)(d) and (e) of the Constitution of India]. In other words, did these women possess an absolute right of privacy over their decisions in respect to their occupation and place of residence? In its decision, the Supreme Court denied them this right holding that "the activities of a prostitute in a particular area... are so subversive of public morals and so destructive of public health that it is necessary in public interest to deport her from that place." In view of their 'subversiveness', the statutory restrictions imposed by the Suppression of Immoral Traffic Act on prostitutes, were upheld by the court as constitutionally-permissible “reasonable restrictions” on their movements.

The legal alibis that the State employs to justify its infringement of our privacy are numerous, and range from ‘public interest’ to 'security of the state' to the 'maintenance of law and order'. In this chapter we attempt to build a catalogue of these various justifications, without attempting to be exhaustive, with the objective of arriving at a rough taxonomy of such frequently invoked terms. In addition we also examine some the more important justifications such as 'public interest' and 'security of the state' that have been invoked in statutes and upheld by courts to deprive persons of their privacy.

The statutory venues of deprivation of privacy by the state being many – strictly, any statute that imposes any restriction on movement, or authorizes the search or examination of any residence or book, or the interception of communication may be read as a violation of a privacy right — tracking each of these down would not only be an impossible exercise, but also contribute little to the analytical exercise we are attempting here. Instead, in this chapter we only list provisions from a few statutes that are the familiar instruments by which the state impinges on our privacy. This is done with the limited object of arriving at a rough inventory of the common technologies which the state employs to impinge on our privacy.

Even if intrusions into our privacy are statutorily authorised, these statutes must withstand constitutional scrutiny. We therefore, begin this chapter with a discussion of the constitutional framework within which these statutes operate, and against which the severity of their incursions must be measured.

Constitutional Jurisprudence on Privacy

The 'right to privacy' has been canvassed by litigants before the higher judiciary in India by including it within the fold of two fundamental rights: the right to freedom under Article 19 and the right to life and personal liberty under Article 21.

It would be instructive to provide a brief background to each of these Articles before delving deeper into the privacy jurisprudence expounded by the courts under them.

Part III of the Constitution of India (Articles 12 through 35) is titled ‘fundamental rights’ and lists out several rights which are regarded as fundamental to all citizens of India (some apply all persons in India whether citizens or not). Article 13 forbids the State from making “any law which takes away or abridges the rights conferred by this Part”.

Thus, Article 19(1) (a) stipulates that "all citizens shall have the right to freedom of speech and expression". However this is qualified by Article 19(2) which states that this will not "affect the operation of any existing law, or prevent the State from making any law, in so far as such law imposes reasonable restrictions on the exercise of the right … in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence".

Thus, the freedom of expression guaranteed by Article 19(1) (a) is not absolute, but a qualified right that is susceptible, under the Constitutional scheme, to being curtailed under specified conditions.

The other important fundamental right from the perspective of privacy jurisprudence is Article 21 which reads "No person shall be deprived of his life or personal liberty except according to procedure established by law."

Where Article 19 contains a detailed list of conditions under which freedom of expression may be curtailed, by contrast Article 21 is thinly-worded and only requires a "procedure established by law" as a pre-condition for the deprivation of life and liberty. However, the Supreme Court has held in a celebrated case Maneka Gandhi vs. Union of India [2] that any procedure "which deals with the modalities of regulating, restricting or even rejection of a fundamental right falling within Article 21 has to be fair, not foolish, carefully designed to effectuate, not to subvert, the substantive right itself. Thus, understood, 'procedure' must rule out anything arbitrary, freakish or bizarre."

Four decisions by the Supreme Court have established the right to privacy in India as flowing from Articles 19 and 21.

The first was a seven-judge bench judgment in Kharak Singh vs The State of U.P.[3] The question for consideration before this court was whether 'surveillance' under Chapter XX of the U.P. Police Regulations constituted an infringement of any of the fundamental rights guaranteed by Part III of the Constitution. Regulation 236(b) which permitted surveillance by 'domiciliary visits at night' was held to be violative of Article 21.The word ‘life’ and the expression ‘personal liberty’ in Article 21 were elaborately considered by this court in Kharak Singh`s case. Although the majority found that the Constitution contained no explicit guarantee of a ‘right to privacy’, it read the right to personal liberty expansively to include a right to dignity. It held that "an unauthorised intrusion into a person's home and the disturbance caused to him thereby, is as it were the violation of a common law right of a man —an ultimate essential of ordered liberty, if not of the very concept of civilization."

In a minority judgment in this case, Justice Subba Rao held that "the right to personal liberty takes is not only a right to be free from restrictions placed on his movements, but also free from encroachments on his private life. It is true our Constitution does not expressly declare a right to privacy as a fundamental right but the said right is an essential ingredient of personal liberty. Every democratic country sanctifies domestic life; it is expected to give him rest, physical happiness, peace of mind and security. In the last resort, a person's house, where he lives with his family, is his 'castle' it is his rampart against encroachment on his personal liberty." This case, especially Justice Subba Rao’s observations, paved the way for later elaborations on the right to privacy using Article 21.

In 1972, the Supreme Court decided a case — one of the first of its kind — on wiretapping. In R. M. Malkani vs State of Maharashtra [4] the petitioner’s voice had been recorded in the course of a telephonic conversation where he was attempting blackmail. He asserted in his defence that his right to privacy under Article 21 had been violated. The Supreme Court declined his plea holding that “the telephonic conversation of an innocent citizen will be protected by courts against wrongful or high handed interference by tapping the conversation. The protection is not for the guilty citizen against the efforts of the police to vindicate the law and prevent corruption of public servants.”

The third case, Govind vs. State of Madhya Pradesh [5] , by a three-judge bench of the Supreme Court is regarded as being a setback to the right to privacy jurisprudence. Here, the court was evaluating the constitutional validity of Regulations 855 and 856 of the Madhya Pradesh Police Regulation which provided for police surveillance of habitual offenders including domiciliary visits and picketing. The Supreme Court desisted from striking down these invasive provisions holding that "It cannot be said that surveillance by domiciliary visit, would always be an unreasonable restriction upon the right of privacy. It is only persons who are suspected to be habitual criminals and those who are determined to lead criminal lives that are subjected to surveillance."

The court went on to make some observations on the right to privacy under the Constitution:

"Too broad a definition of privacy will raise serious questions about the propriety of judicial reliance on a right that is not explicit in the Constitution. The right to privacy will, therefore, necessarily, have to go through a process of case by case development. Hence, assuming that the right to personal liberty, the right to move freely throughout India and the freedom of speech create an independent fundamental right of privacy as an emanation from them it could not he absolute. It must be subject to restriction on the basis of compelling public interest. But the law infringing it must satisfy the compelling state interest test. It could not be that under these freedoms that the Constitution-makers intended to protect or protected mere personal sensitiveness."

The next case in the series was R. Rajagopal vs. State of Tamil Nadu [6] which involved a balancing of the right of privacy of citizens against the right of the press to criticize and comment on acts and conduct of public officials. The case related to the alleged autobiography of Auto Shankar who was convicted and sentenced to death for committing six murders. In the autobiography, he had commented on his contact and relations with various police officials. The right of privacy of citizens was dealt with by the Supreme Court in the following terms: -

The right to privacy is implicit in the right to life and liberty guaranteed to the citizens of this country by Article 21. It is a "right to be let alone". A citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, childbearing and education among other matters. None can publish anything concerning the above matters without his consent — whether truthful or otherwise and whether laudatory or critical. If he does so, he would be violating the right to privacy of the person concerned and would be liable in an action for damages. Position may, however, be different, if a person voluntarily thrusts himself into controversy or voluntarily invites or raises a controversy.
The rule aforesaid is subject to the exception, that any publication concerning the aforesaid aspects becomes unobjectionable if such publication is based upon public records including court records. This is for the reason that once a matter becomes a matter of public record, the right to privacy no longer subsists and it becomes a legitimate subject for comment by press and media among others. We are, however, of the opinion that in the interests of decency [Article 19(2)] an exception must be carved out to this rule, viz., a female who is the victim of a sexual assault, kidnap, abduction or a like offence should not further be subjected to the indignity of her name and the incident being publicised in press/media.

Elsewhere in the same decision, the court took a cautionary stance and held that "the right to privacy...will necessarily have to go through a process of case-by-case development."

The final case that makes up the 'privacy quintet' in India was the case of PUCL v. Union of India [7] in which the court was called upon to consider whether wiretapping was an unconstitutional infringement of a citizen’s right to privacy. The court held:

The right privacy — by itself — has not been identified under the Constitution. As a concept it may be too broad and moralistic to define it judicially. Whether right to privacy can be claimed or has been infringed in a given case would depend on the facts of the said case. But the right to hold a telephone conversation in the privacy of one’s home or office without interference can certainly be claimed as a ‘right to privacy’. Conversations on the telephone are often of an intimate and confidential character. Telephone conversation is a part of modern man's life. It is considered so important that more and more people are carrying mobile telephone instruments in their pockets. Telephone conversation is an important facet of a man's private life. Right to privacy would certainly include telephone-conversation in the privacy of one's home or office. Telephone-tapping would, thus, infract Article 21 of the Constitution of India unless it is permitted under the procedure established by law.

The court also read this right to privacy as simultaneously deriving from Article 19. "When a person is talking on telephone, he is exercising his right to freedom of speech and expression", the court observed, and therefore "telephone-tapping unless it comes within the grounds of restrictions under Article 19(2) would infract Article 19(1) (a) of the Constitution."

However, the court in this case made two observations which would have a lasting impact on privacy jurisprudence in India –firstly, it rejected the contention that 'prior judicial scrutiny' should be mandated before any wiretapping could take place and accepted the contention that administrative safeguards would be sufficient.

Thus, to conclude this section of this chapter, it may be observed that the right to privacy in India is, at its foundations a limited right rather than an absolute one. In the sections that follow, it will become apparent that this limited nature of the right provides a somewhat unstable assurance of privacy since it is frequently made to yield to all manners of competing interests which happen to have a more pronounced legal standing.

Vocabularies of Privacy Limitation

Article 12 of the Universal Declaration of Human Rights (1948) defines privacy in the following terms:

"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

Similarly, Article 17 of the International Covenant of Civil and Political Rights (to which India is a party) declares that:

"No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home and correspondence, nor to unlawful attacks on his honour and reputation."

In this section, we look briefly at sections in some statutes that authorize the deprivation of privacy. These statutes have been classified under three headings, following the aforementioned international covenants, each dealing with a) our communications, b) our homes and c) bodily privacy.

Privacy of Communications

Communications laws

All laws dealing with mediums of inter-personal communication — post, telegraph and telephony and email – contain similarly worded provisions permitting interception under specified conditions.

Thus, section 26 of the India Post Office Act 1898 confers powers of interception of postal articles for the 'public good'. According to this section, this power may be invoked "On the occurrence of any public emergency, or in the interest of the public safety or tranquillity". The section further clarifies that “a certificate from the State or Central Government” would be conclusive proof as to the existence of a public emergency or interest of public safety or tranquillity.

Similarly, section 5(2) of the Telegraph Act authorizes the interception of any message

on the occurrence of any public emergency, or in the interest of the public safety; and
if satisfied that it is necessary or expedient so to do in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence,

Thus, the events that trigger an action of interception are the occurrence of any ‘public emergency’ or in the interests of ‘public safety’.

Most recently, section 69 of the Information Technology Act 2008 contains a more expanded power of interception which may be exercised "when they [the authorised officers] are satisfied that it is necessary or expedient" to do so in the interest of:

sovereignty or integrity of India,
defence of India,
security of the State,
friendly relations with foreign States or
public order or
preventing incitement to the commission of any cognizable offence relating to above or
for investigation of any offence,

[More details of the occasions and the mandatory procedural safeguards before these powers may be exercised are contained in our briefing notes on Privacy and Telecommunications and Privacy and the IT Act]

From a plain reading of these sections, there appears to be a gradual loosening of standards from the Post Office Act to the latest Information Technology Act. The Post Office Act requires the existence of a ‘state of public emergency’ or a ‘threat to public safety and tranquillity’ as a precursor to the exercise of the power of interception. This requirement is continued in the Telegraph Act with the addition of a few more conditions, such as expediency in the interests of sovereignty, etc. Under the most recent IT Act, the requirement of a public emergency or a threat to public safety is dispensed with entirely – here, the government may intercept merely if it feels it ‘necessary or expedient’.

How much of a difference does it make?

In Hukam Chand Shyam Lal v. Union of India and ors [8] , the Supreme Court was required to interpret the meaning of ‘public emergency’. Here, the court was required to consider whether disconnection of a telephone could be ordered due to an ‘economic emergency’. The Government of Delhi had ordered the disconnection of the petitioner’s telephones due to their alleged involvement, through the use of telephones, in (then forbidden) forward trading in agricultural commodities. According to the government, this constituted an ‘economic emergency’ due to the escalating prices of food. Declining this contention, the Supreme Court held that:

a 'public emergency' within the contemplation of this section is one which raises problems concerning the interest of the public safety, the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or the prevention of incitement to the commission of an offence.

Economic emergency is not one of those matters expressly mentioned in the statute. Mere 'economic emergency'— as the high court calls it—may not necessarily amount to a 'public emergency' and justify action under this section unless it raises problems relating to the matters indicated in the section.

In addition the other qualifying term, 'public safety' was interpreted in an early case by the Supreme Court to mean "security of the public or their freedom from danger. In that sense, anything which tends to prevent dangers to public health may also be regarded as securing public safety. The meaning of the expression must, however, vary according to the context."[9]

Thus, the words ‘public emergency’ and 'public safety' does provide some legal buffer before the government may impinge on our privacy in the case of post and telecommunications. In a sense, they operate both as limits on our privacy as well as limits on the government’s ability to impinge on our privacy — since the government must demonstrate their existence to the satisfaction of the court, failing which their actions would be illegal.

However, as mentioned, even these requirements have been dispensed with in the case of electronic communications falling under the purview of the Information Technology Act where sweeping powers of interception have been provided extending from matters affecting the sovereignty of the nation, to the more mundane 'investigation of any offence'.

Privileged Communications

In addition to laying down procedural safeguards which restrict the conditions under which our communication may be intercepted, the law also safeguards our privacy in certain contexts by taking away the evidentiary value of certain communications.

Thus, for instance, under the Evidence Act, communications between spouses and communications with legal advisors are accorded a special privilege.

Section 122 of the Evidence Act forbids married couples from disclosing any communications made between them during marriage without the consent of the person who made it. This however, does not apply in suits “between married persons, or proceedings in which one married person is prosecuted for any crime committed against the other.”

This rule was applied in a case before the Kerala High Court, T.J. Ponnen vs M.C. Varghese [10] where a man sued his son-in-law for defamation based on statements about him written in a letter addressed to his daughter. The trial court held that the prosecution was invalid since it was based on privileged communications between the couple. This was upheld by the high court. The petitioner had attempted to argue that it was immaterial how he gained possession of the letter. The high court disagreed with this contention holding that this would defeat the purpose of section 122.

Similarly section 126 forbids “barristers, attorneys, pleaders or vakils” from disclosing, without their client’s express consent “any communication made to him in the course and for the purpose of his employment as such barrister, pleader, attorney or vakil... or to state the contents or condition of any document with which he has become acquainted in the course and for the purpose of his professional employment or to disclose any advice given by him to his client in the course and for the purpose of such employment.”

As with section 122, this privilege also comes with exceptions. Thus, the following kinds of communications are exempted from the privilege:

any communication made in furtherance of any illegal purpose,
any fact observed by any barrister, pleader, attorney or vakil, in the course of his employment as such showing that any crime or fraud has been committed since the commencement of his employment.

Section 127 extends the scope attorney-client privilege to include any interpreters, clerks and servants of the attorney or barrister. They are also not permitted to disclose the contents of any communication between the attorney and her client.

Section 129 enacts a reciprocal protection and provides that clients shall not be compelled to disclose to the court any "confidential communication which has taken place between him and his legal professional adviser."

Section 131 of the Evidence Act further cements the legal protection afforded to married couples, attorneys and their clients by providing that "No one shall be compelled to produce documents in his possession, which any other person would be entitled to refuse to produce if they were in his possession" unless that person consents to the production of such documents.

Note that these privileges do not limit the ability of the state to intercept communications – they merely negate the evidentiary value of any communications so intercepted.

Privacy of the Home: Search and Seizure Provisions

Under what circumstances may the State invade the privacy of our homes? What are the limits of these powers? Technically, any law that authorizes “search and seizure” can be said to authorize an invasion of our privacy. Many laws permit searches, for various grounds — ranging from the Income Tax Act which authorizes searches to recover undisclosed income, to the Narcotics Act which prescribes a procedure to search and sieze drugs, to the Excise Act and the Customs Act which do so in order to discover goods that are manufactured or imported in violation of those respective statutes. In this section we deal only with the general provisions for search and seizure under the Code of Criminal Procedure.

The Code of Criminal Procedure (CrPC) provides that a house or premises may be searched either under a search warrant issued by a court, or, in the absence of a court-issued-warrant, by a police officer in the course of investigation of offences.

Thus, a court may issue a search warrant where

it has reason to believe that a person to whom a summons has been, or might be, addressed, will not or would not produce the document or thing as required by such summons; or
where such document or thing is not known to the court to be in the possession of any person, or
where the court considers that the purposes of any inquiry, trial or other proceeding under this Code will be served by a general search or inspection,

Similarly, section 165 of the Code of Criminal Procedure permits for searches to be conducted by “police officers in charge of police station or a police officer making an investigation” without first obtaining a warrant. Such a search may be conducted if he has “reasonable grounds for believing that anything necessary for the purposes of an investigation into any offence which he is authorised to investigate may be found in any place within the limits of the police station of which he is in charge, or to which he is attached”, and if, in his opinion, such thing cannot “be otherwise obtained without undue delay”.

Such officer must record in writing the grounds of his belief and specify “so far as possible” the thing for which search is to be made.

In both cases, the Code of Criminal Procedure requires the search to conform to procedures including the presence of "two or more independent and respectable inhabitants of the locality”. The preparation, in their presence, of “a list of all things seized in the course of such search, and of the places in which they are respectively found", the delivery of this list to the occupant of the place being searched.

However, in reality, these requirements are observed more in the breach. Courts have consistently held that not following these provisions would not make evidence obtained inadmissible — it would make the search irregular, not unlawful. Thus, in State of Maharashtra v. Natwarlal Damodardas Soni [11], where a search was conducted under the Customs Act to recover smuggled gold, the Supreme Court held that

Assuming that the search was illegal it would not affect either the validity of the seizure and further investigation by the customs authorities or the validity of the trial which followed on the complaint of the Assistant Collector of Customs.

In a different case, Radhakrishan v. State of U.P. [12] which involved an illegal search in contravention of the Code of Criminal Procedure , the Supreme Court held that:

"So far as the alleged illegality of the search is concerned, it is sufficient to say that even assuming that the search was illegal the seizure of the Articles is not vitiated. It may be that where the provisions of ... Code of Criminal Procedure, are contravened the search could be resisted by the person whose premises are sought to be searched. It may also be that because of the illegality of the search the Court may be inclined to examine carefully the evidence regarding the seizure. But beyond these two consequences no further consequence ensues."

India inherits the common law notion that a man’s house is his castle. In the light of the cases discussed above, this claim certainly appears to be lofty. However, there is still hope. In a recent case, the Supreme Court struck down provisions of a legislation on grounds that it was too intrusive of citizens’ right to privacy. The case involved an evaluation of the Andhra Pradesh Stamp Act which authorized the collector to delegate “any person” to enter any premises in order to search for and impound any document that was found to be improperly stamped. Thus, for instance, banks could be compelled to cede all documents in their custody, including clients documents, for inspection on the mere chance that some of them may be improperly stamped. These banks were then compelled under law to pay the deficit stamp duty on the documents, even if they themselves were not party to the transactions recorded in the documents.

After an exhaustive analysis of privacy laws across the world, and in India, the Supreme Court held that in the absence of any safeguards as to probable or reasonable cause or reasonable basis, this provision was violative of the constitutionally guaranteed right to privacy, both of the house and of the person. [13]

The case marks a welcome redrawing of the boundaries of the right to privacy against state intrusion.

Privacy of the Body

To what extent do we have a right to privacy that protects what we may do with our own bodies and may be done to them? This section deals with this question in the context of four issues that have arisen before courts:

the ability of the state to order persons to undergo medical-examination,
to undergo a range of 'truth technologies' including narco analysis, brain mapping, etc.,
to submit to DNA testing and d) to abortion. In most cases, as we shall see, the right to privacy cedes ground to any available competing interest.

Court-ordered Medical Examinations

Can courts compel persons to undergo medical examinations against their will? In the case of Sharda v. Dharmpal[14], decided in 2003, the Supreme Court held that they could. Here a man filed for divorce on that grounds that his wife suffered from a mental illness. In order to establish his case, he requested the court to direct his wife to submit herself to a medical examination. The trial court and the high court both granted his application. On appeal to the Supreme Court, the woman contested the order on grounds firstly, that compelling a person to undergo a medical examination by an order of the court would be violative of her right to 'personal liberty' guaranteed under Article 21 of the Constitution of India. Secondly, in absence of a specific empowering provision, a court dealing with matrimonial cases cannot subject a party to undergo medical examination against his her volition. The court could merely draw an adverse inference.

The Supreme Court rejected these contentions holding that the right to privacy in India was not absolute. If the "respondent avoids such medical examination on the ground that it violates his/her right to privacy or for a matter right to personal liberty as enshrined under Article 21 of the Constitution of India, then it may in most of such cases become impossible to arrive at a conclusion. It may render the very grounds on which divorce is permissible nugatory."

The court upheld the rights of matrimonial courts to order a person to undergo medical test. Such an order, the court held, would not be in violation of the right to personal liberty under Article 21 of the Constitution of India. However, this power could only be exercised if the applicant had a strong prima facie case, and there was sufficient material before the court. Crucially, the court held that if, despite the order of the court, the respondent refused to submit herself to medical examination, the court would be entitled to draw an adverse inference against him.

Thus, oddly, one limitation on the right to privacy appears to be the statutory rights of others. One is entitled to the privacy of one’s body, to the extent that another person is not, thereby, deprived of a statutory right – as in this case, to divorce.

Reproductive Rights

Ahmedabad: A 13-year-old girl, who conceived after being repeatedly raped, has moved the Gujarat High Court and sought permission to medically terminate her pregnancy after a sessions court rejected her plea.

Express India(April 2010) [15]

To what extent do pregnant women enjoy a right to privacy over their bodies and their reproductive decisions? Are there circumstances when the State can intervene and either order or forbid an abortion?

According to the Medical Termination of Pregnancy Act, 1971 a pregnancy may be terminated before the twentieth week if:

the continuance of the pregnancy would involve a risk to the life of the pregnant woman or of grave injury to her physical or mental health; or
there is a substantial risk that if the child were born, it would suffer from such physical or mental abnormalities to be seriously handicapped.
where any pregnancy is alleged by the pregnant woman to have been caused by rape,
where any pregnancy occurs as a result of failure of any device or method used by any married woman or her husband for the purpose of limiting the number of children.

Consent for termination needs to be obtained from the guardian in cases of minors or women who are mentally ill. In all other cases, the woman herself must consent.

Beyond the period of 20 weeks, the pregnancy may only be terminated if there is immediate danger to the life of the woman.

In August 2009, the Supreme Court heard an expedited appeal that was filed on behalf of a destitute mentally retarded woman who had become pregnant consequent to having been raped at a government run shelter. The government had approached the high court seeking permission to terminate her pregnancy, which had been granted by that court despite the finding by an ‘expert body’ of medical practitioners that she was keen on continuing the pregnancy. On appeal the Supreme Court held, very curiously, that the woman was not ‘mentally ill’, but ‘mentally retarded’, and consequently her consent was imperative under the Act. [16] However, not content to stop there, the court made several puzzling and contradictory observations:

Firstly, the court took the opportunity to affirm, generally, women’s rights to make reproductive choices as a dimension of their `personal liberty' as guaranteed by Article 21 (Right to Life and Personal Liberty) of the Constitution of India. The court observed:

“It is important to recognise that reproductive choices can be exercised to procreate as well as to abstain from procreating. The crucial consideration is that a woman's right to privacy, dignity and bodily integrity should be respected. This means that there should be no restriction whatsoever on the exercise of reproductive choices such as a woman's right to refuse participation in sexual activity or alternatively the insistence on use of contraceptive methods. Furthermore, women are also free to choose birth-control methods such as undergoing sterilisation procedures. Taken to their logical conclusion, reproductive rights include a woman's entitlement to carry a pregnancy to its full term, to give birth and to subsequently raise children. (emphasis mine) [17]

However, the court went on to affirm, in language that curiously imitates Roe v Wade,[18] that there was “a `compelling state interest' in protecting the life of the prospective child.[19]

Secondly, the Supreme Court upheld the woman’s consent as determinative and in doing so, categorically rejected the high court approach. The court held that since she suffered from `mild mental retardation' this did not render her "incapable of making decisions for herself". Simultaneously, however, the Supreme Court proceeded gratuitously to apply the common law doctrine of `parens patriae' to resume jurisdiction over the woman in her “best interests”. According to a court-appointed expert committee, her mental age was “close to that of a nine-year old child” and she was capable of “learning through rote memorisation and imitation” and of performing “basic bodily functions”.[20] In this light, the court deemed in her ‘best interests’, as defined by an expert committee, to defer to her wishes.

The findings recorded by the expert body indicate that her mental age is close to that of a nine-year old child and that she is capable of learning through rote-memorisation and imitation. Even the preliminary medical opinion indicated that she had learnt to perform basic bodily functions and was capable of simple communications. In light of these findings, it is the `best interests' test alone which should govern the inquiry in the present case and not the `substituted judgment' test. [21]

If one disregards the liberalism of its outcome, there are various problems with this decision. Chiefly, the Supreme Court relied on the woman’s expressed consent to deny the legitimacy of the high court’s decision in favour of abortion. Inexplicably, however, in the same move, the Supreme Court reserved to itself the right to adjudicate the ‘best interests’ of the woman. Thus, in relation to abortion, mentally retarded women are more autonomous than minor girls (since their own consent is determinative, rather than their guardians) but they are still less autonomous than ‘normal’ women (since their decisions are subject to adjudication based on what the court thinks is in their best interests)!

DNA Tests in Civil Suits

Do we have a right to privacy over the interiors of our body – our blood, our tissue, our DNA? There is, by now, a strong line of cases decided by the Supreme Court in which our right to ‘bodily integrity’ has been held to not be absolute, and may be interfered with in order to settle many terrestrial issues. In most cases, this question has arisen in the context of the determination of paternity – either in divorce or maintenance proceedings. Central in the determination of these issues is section 112 of the Evidence Act which stipulates that birth of a child during the continuance of a valid marriage (or within 280 days of its dissolution) would be conclusive proof of legitimacy of that child, “unless it can be shown that the parties to the marriage had no access to each other at any time when he could have been begotten.”

As is evident, this section creates a strong legal presumption of legitimacy that leaves no room for a scientific rebuttal. Various litigants have, nevertheless, sought the courts’ indulgence in accepting medical evidence to displace this formidable legal presumption. These efforts have yielded a measure of success, and a steady line of precedents since the early 1990s now affirms the right of courts to direct medical evidence in cases they consider fit. In these cases, the court has frequently invoked privacy rights as an important consideration to be weighed before ordering a person to submit to any test.

In one of the earliest and most frequently invoked cases, Goutam Kundu vs State of West Bengal and Anr (1993) [22] the Supreme Court laid down guidelines governing the power of courts to order blood tests. The court held:

courts in India cannot order blood test as matter of course;

wherever applications are made for such prayers in order to have roving inquiry, the prayer for blood test cannot be entertained.

There must be a strong prima facie case in that the husband must establish non-access in order to dispel the presumption arising under section 112 of the Evidence Act.

The court must carefully examine as to what would be the consequence of ordering the blood test; whether it will have the effect of branding a child as a bastard and the mother as an unchaste woman.

No one can be compelled to give sample of blood for analysis.

On the particular facts of this case, the Supreme Court refused to order the respondent to submit to the test, since in its view, there was no prima facie case made out that cast doubts on the legal presumption of legitimacy.

These guidelines have been frequently invoked in subsequent cases. In a complex set of facts, in Ms. X vs Mr. Z and Anr (2001), [23] the Delhi High Court was called to consider whether a foetus had a ‘right to privacy’ – or whether the mother of the foetus could assert a right to privacy on it’s behalf. A woman had given birth to a still-born child and tissues from the foetus had been stored at the All India Institute of Medical Sciences. Her husband approached to obtain an order permitting a DNA test to be carried out to determine if he was the father. In her defence, the woman claimed that this would offend her right to privacy. The high court reaffirmed the guidelines laid down in the Gautam Kundu case (supra), and also upheld the petitioner’s right to privacy over her own body. However, the court took the stance that she did not have a right of privacy over the foetus once it had been discharged from her body:

"The petitioner indeed has a right of privacy but is being not an absolute right, therefore, when a foetus has been preserved in All India Institute of Medical Science, the petitioner, who has already discharged the same cannot claim that it affects her right of privacy.

However, if the petitioner was being compelled to subject herself to blood test or otherwise, she indeed could raise a defense that she cannot be compelled to be a witness against herself in a criminal case or compelled to give evidence against her own even in a civil case but the position herein is different. The petitioner is not being compelled to do any such act. Something that she herself has discharged, probably with her consent, is claimed to be subjected to DNA test. In that view of the matter, in the peculiar facts, it cannot be termed that the petitioner has any right of privacy."

The decision has wide-ranging implications since it virtually divests control and ownership over any material that has been discarded from the body – from nails to hair to tissue samples. In an interesting case in the US, Moore v. Regents of the University of California [24], the Supreme Court of California was faced with a suit to determine whether a man retained ownership over cells that had been removed from his body through a surgical procedure. In this case, cells from a patient’s spleen were used to conduct research which resulted in the patenting of a cell-line by the defendant. The patient sued for a share in the profits, but this was rejected by the court which held that he had no property rights to his discarded cells or any profits made from them. The court specifically rejected the argument that his spleen should be protected as property as an aspect of his privacy and dignity. The court held these interests were already protected by informed consent.

In a sense the Ms. X vs Mr. Z case arrives at identical conclusions without as much deliberation on its implications. It would be interesting to see how subsequent courts interpret and apply this precedent.

One of the most critical factors, consistently weighed by courts alongside the privacy rights implicated, is the ‘best interests’ of the child. Thus, in Bhabani Prasad Jena v. Convenor Secretary, Orissa State Commission for Women & Anr.[25], the Supreme Court quashed a high court-mandated DNA test to determine the paternity of an unborn child in a woman’s womb. In doing so, the SC observed:

“In a matter where paternity of a child is in issue before the court, the use of DNA is an extremely delicate and sensitive aspect. One view is that when modern science gives means of ascertaining the paternity of a child, there should not be any hesitation to use those means whenever the occasion requires. The other view is that the court must be reluctant in use of such scientific advances and tools which result in invasion of right to privacy of an individual and may not only be prejudicial to the rights of the parties but may have devastating effect on the child. Sometimes the result of such scientific test may bastardise an innocent child even though his mother and her spouse were living together during the time of conception. In our view, when there is apparent conflict between the right to privacy of a person not to submit himself forcibly to medical examination and duty of the court to reach the truth, the court must exercise its discretion only after balancing the interests of the parties and on due consideration whether, for a just decision in the matter, DNA is eminently needed. (emphasis added)

A strong trend, evident in this case, is the bussing of the interests of the child (in not being declared illegitimate), along with the privacy rights of the mother. The two create a composite interest opposed to that of the putative father, which the courts have been reluctant to interfere with except for the most compelling reasons. But what happens when then the interests of the child conflict with the privacy rights of either parent?

In a high profile case in 2010, Shri Rohit Shekhar vs Shri Narayan Dutt Tiwari[26], the Delhi High was called upon to determine whether a man had a right to subject the person he named as his biological father to a DNA test. Contrary to the trend in the preceding cases, it was the biological father who pleaded his right to privacy in this case. The court relied on international covenants to affirm the “right of the child to know of her (or his) biological antecedents” irrespective of her (or his) legitimacy. The court ruled:

There is of course the vital interest of child to not be branded illegitimate; yet the conclusiveness of the presumption created by the law in this regard must not act detriment to the interests of the child. If the interests of the child are best sub-served by establishing paternity of someone who is not the husband of her (or his) mother, the court should not shut that consideration altogether.

The protective cocoon of legitimacy, in such case, should not entomb the child’s aspiration to learn the truth of her or his paternity.

The court went on to draw a distinction between legitimacy and paternity that may both "be accorded recognition under Indian law without prejudice to each other. While legitimacy may be established by a legal presumption [under section 112 of the Evidence Act], paternity has to be established by science and other reliable evidence"[27] The court, however, reaffirmed that the same considerations would apply as was laid down in previous cases – i.e., the plaintiff would have to establish a prima facie case and weigh the competing interests of privacy and justice before it could order a DNA test. In this case, the petitioner was able to produce DNA evidence that excluded the possibility that his legal father was his biological father. In addition, photographic and testimonial evidence suggested that the respondent could be his biological father. On these grounds the Delhi High Court ordered the respondent to undergo a DNA test. This was upheld in an appeal to the Supreme Court.

So from the foregoing cases, it appears that it is the ‘best interests of the child’ that undergrids the right to privacy of either parent. When the two are in conflict it is the former that will, the case law suggests, invariably prevail.

Bodily Effects — Fingerprints, handwriting samples, photographs, Irises, narco-analysis, brain maps and DNA

The human body easily betrays itself. We are incessantly dropping residues of our existence wherever we go – from shedding hair and fingernails, to fingerprints and footprints, handwriting – which, through use of modern technology, can implicate our bodies, and identify us against our will. Not even our thoughts are immune as new technologies like brain mapping pretend to be able to harvest psychic clues from our physiology.

In this section we explore occasions when the state may compel us to 'perform' our existence for instance, by submitting to photography, providing finger impressions or handwriting samples, submit to narco-analysis and truth tests, and more recently to provide iris scan data or our DNA.

Section 73 of the Evidence Act stipulates that the court "may direct any person present in the court to write any words or figures for the purpose of enabling the court to compare the words or figures so written with any words or figures alleged to have been written by such person."

This section was interpreted by the Supreme Court in State of U.P. v. Ram Babu Misra [28] where it was held that there must be “some proceeding before the court in which...it might be necessary... to compare such writings”. This specifically excludes, say, a situation where the case is still under investigation and there is no present proceeding before the court. “The language of section 73 does not permit a court to give a direction to the accused to give specimen writings for anticipated necessity for comparison in a proceeding which may later be instituted in the court.”

The pre-independence Identification of Prisoners Act, 1920 provides for the mandatory taking, by police officers, of 'measurements' and photograph of persons arrested or convicted for any offence punishable with rigorous imprisonment for a term of one year of upwards or ordered to give security for his good behaviour under section 118 of the Code of Criminal Procedure. [29] The Act also empowers a magistrate to order a person to be measured or photographed if he is satisfied that it is required for the purposes of any investigation or proceeding under the Code of Criminal Procedure, 1898. [30]

The Act also provides for the destruction of all photographs and records of measurements on discharge or acquittal. [31]

In addition, the Code of Criminal Procedure was amended in 2005 to enable the collection of a host of medical details from accused persons upon their arrest. Section 53 of the Code of Criminal Procedure provides that upon arrest, an accused person may be subjected to a medical examination if there are “reasonable grounds for believing” that such examination will afford evidence as to the crime. The scope of this examination was expanded in 2005 to include “the examination of blood, blood-stains, semen, swabs in case of sexual offences, sputum and sweat, hair samples and finger nail clippings by the use of modern and scientific techniques including DNA profiling and such other tests which the registered medical practitioner thinks necessary in a particular case.”

In a case in 2004, the Orissa High Court affirmed the legality of ordering a DNA test in criminal cases to ascertain the involvement of persons accused. Refusal to co-operate would result in an adverse inference drawn against the accused.

After weighing the privacy concerns involved, the court laid down the following considerations as relevant before the DNA test could be ordered:

the extent to which the accused may have participated in the commission of the crime;
the gravity of the offence and the circumstances in which it is committed;
age, physical and mental health of the accused to the extent they are known;
whether there is less intrusive and practical way of collecting evidence tending to confirm or disprove the involvement of the accused in the crime;
the reasons, if any, for the accused for refusing consent [32]

Most recently the draft DNA Profiling Bill pending before the Parliament attempts to create an ambitious centralized DNA bank that would store DNA records of virtually anyone who comes within any proximity to the criminal justice system. Specifically, records are maintained of suspects, offenders, missing persons and “volunteers”. The schedule to the Bill contains an expansive list of both civil and criminal cases where DNA data will be collected including cases of abortion, paternity suits and organ transplant. Provisions exist in the bill that limit access to and use of information contained in the records, and provide for their deletion on acquittal. These are welcome minimal guarantors of privacy.

It is evident that the utility of this mass of information – fingerprints, handwriting samples and photographs, DNA data – in solving crimes is immense. Without saying a word, it is possible for a person to be convicted based on these various bodily affects – the human body constantly bears witness and self-incriminates itself. Both handwriting and finger impressions beg the question of whether these would offend the protection against self-incrimination contained in Article 20(3) of our Constitution which provides that “No person accused of any offence shall be compelled to be a witness against himself.” This argument was considered by the Supreme Court in the State of Bombay vs Kathi Kalu Oghad and Ors. [33] The petitioner contended that the obtaining of evidence through legislations such as the Identification of Prisoners Act amounted to compelling the person accused of an offence "to be a witness against himself" in contravention of Article 20(3) of the Constitution. The court held that “there was no infringement of Article 20(3) of the Constitution in compelling an accused person to give his specimen handwriting or signature, or impressions of his thumb, fingers, palm or foot to the investigating officer or under orders of a court for the purposes of comparison. ...Compulsion was not inherent in the receipt of information from an accused person in the custody of a police officer; it will be a question of fact in each case to be determined by the court on the evidence before it whether compulsion had been used in obtaining the information.” [34]

Over the past two decades, forensics has shifted from trying to track down a criminal by following the trail left by her bodily traces, to attempting to apply a host of invasive technologies upon suspects in an attempt to ‘exorcise’ truth and lies directly from their body. One statement by Dr M.S. Rao, Chief Forensic Scientist, Government of India captures this shift:

Forensic psychology plays a vital role in detecting terrorist cases. Narco-analysis and brainwave fingerprinting can reveal future plans of terrorists and can be deciphered to prevent terror activities⁄ Preventive forensics will play a key role in countering terror acts. Forensic potentials must be harnessed to detect and nullify their plans. Traditional methods have proved to be a failure to handle them. Forensic facilities should be brought to the doorstep of the common man⁄ Forensic activism is the solution for better crime management. [35]

Although there are several such 'technologies' which operate on principles ranging from changes in respiration, to mapping the electrical activity in different areas of the brain, what is common to them all, in Lawrence Liang’s words is that they “maintain that there is a connection between body and mind; that physiological changes are indicative of mental states and emotions; and that information about an individual’s subjectivity and identity can be derived from these physiological and physiological measures of deception” [36]

So, how legal are these technologies, in view of the constitutional protections against self-incrimination? In a case in 2004 the Bombay High Court upheld these technologies by applying the logic of the Kathi Kalu Oghad case discussed above. The court drew a distinction between ‘statements’ and ‘testimonies’ and held that what was prohibited under Article 20(3) were only ‘statements’ that were made under compulsion by an accused. In the court’s opinion, “the tests of Brain Mapping and Lie Detector in which the map of the brain is the result, or polygraph, then either cannot be said to be a statement”. At the most, the court held, “it can be called the information received or taken out from the witness.” [37]

This position was however overturned recently by the Supreme Court in Selvi v. State of Karnataka (2010)[38]. In contrast with the Bombay High Court, the Supreme Court expressly invoked the right of privacy to hold these technologies unconstitutional.

“Even though these are non- invasive techniques the concern is not so much with the manner in which they are conducted but the consequences for the individuals who undergo the same. The use of techniques such as 'Brain Fingerprinting' and 'FMRI-based Lie-Detection' raise numerous concerns such as those of protecting mental privacy and the harms that may arise from inferences made about the subject's truthfulness or familiarity with the facts of a crime.”

Further down, the court held that such techniques invaded the accused’s mental privacy which was an integral aspect of their personal liberty.

“There are several ways in which the involuntary administration of either of the impugned tests could be viewed as a restraint on 'personal liberty' ... the drug-induced revelations or the substantive inferences drawn from the measurement of the subject's physiological responses can be described as an intrusion into the subject's mental privacy”

Following a thorough-going examination of the issue, the Supreme Court directed that “no individual should be forcibly subjected to any of the techniques in question, whether in the context of investigation in criminal cases or otherwise. Doing so would amount to an unwarranted intrusion into personal liberty.” The court however, left open the option of voluntary submission to such techniques and endorsed the following guidelines framed by the National Human Rights Commission:

No Lie Detector Tests should be administered except on the basis of consent of the accused. An option should be given to the accused whether he wishes to avail such test.
If the accused volunteers for a Lie Detector Test, he should be given access to a lawyer and the physical, emotional and legal implication of such a test should be explained to him by the police and his lawyer.
The consent should be recorded before a judicial magistrate.
During the hearing before the magistrate, the person alleged to have agreed should be duly represented by a lawyer.
At the hearing, the person in question should also be told in clear terms that the statement that is made shall not be a `confessional' statement to the magistrate but will have the status of a statement made to the police.
The magistrate shall consider all factors relating to the detention including the length of detention and the nature of the interrogation.
The actual recording of the lie detector test shall be done by an independent agency (such as a hospital) and conducted in the presence of a lawyer. 250
A full medical and factual narration of the manner of the information received must be taken on record.

Although the right against self-incrimination and the inherent fallaciousness of the technologies were the main ground on which decision ultimately rested, this case is valuable for the court’s articulation of a right of ‘mental privacy’ grounded on the fundamental right to life and personal liberty. It remains to be seen whether this articulation will find resonance in other determinations in domains such as, say, communications.

Privacy of Records

Since at least the mid-nineteenth century, we have been living in what Nicholas Dirks has termed an 'ethnographic state' — engaged relentlessly and fetishistically in the production and accumulation of facts about us. From records of birth and death, to our academic records, most of our important transactions, our income tax filings, our food entitlements and our citizenship, most of us have assuredly been documented and lead a shadow existence somewhere on the files. Not only does the government keep records about us, but a host of private service providers including banks, hospitals, insurance and telecommunications companies maintain volumes of records about us. In this last section of this paper, we look at the privacy expectation of records both maintained by the government and the private sector.

Various statutes require records to be maintained of activities conducted under their authority and entire bureaucracies exist solely in service of these documents. Thus, for instance, the Registration Act requires various registers to be kept which record documents which have been registered under the Act. [39]; Once registered under this Act, all documents become public documents and State Rules typically contain provisions enabling the public to obtain copies of all documents for a fee. Similarly, a number of legislation – typically dealing with land records at the state level contain enabling provisions that allow the public to access them upon payment of a fee.

Where no provisions are provided within the statute itself that enable the public to obtain records, two recourses are still available.

Firstly, the Evidence Act enables courts to access records maintained by any government body. Secondly, private citizens may access records kept in public offices through the Right to Information Act. Each of these avenues is described in some details below:

Section 74 of the Evidence Act defines 'public documents' as including the following

Documents forming the acts, or records of the acts

Of the sovereign authority,
Of Official bodies and the Tribunals, and
Of public officers, legislative, judicial and executive, of any part of India or of the Commonwealth, or of a foreign country.

Public records kept in any state of private documents

It is clear from this definition that most records maintained by any government body are regarded as public documents. Section 76 mandates that every public officer "having custody of a public document, which any person has a right to inspect, shall give that person on demand a copy of it on payment of the legal fees therefor together with a certificate written at the foot of such copy that it is a true copy of such document or part thereof".

Since there is no legislative guidance within the Evidence Act to indicate who may be said to possess "a right to inspect", this has been interpreted to mean that where the right to inspect and take a copy is not expressly conferred by a statute (as in the Registration Act mentioned above), “the extent of such right depends on the interest which the applicant has in what he wants to copy, and what is reasonably necessary for the protection of such interest". So it isn’t any officious meddler who may access such records – only persons with genuine interests in the matter, either personal or pecuniary, may obtain copies through this route.

In addition to the Evidence Act, copies of documents may also be obtained under the Right to Information Act 2005 which confers on citizens the right to inspect and take copies of any information held by or under the control of any public authority. Information is defined widely to include "any material in any form, including records, documents, memos, e-mails, opinions, advices, press releases, circulars, orders, logbooks, contracts, reports, papers, samples, models, data material held in any electronic form and information relating to any private body which can be accessed by a public authority under any other law for the time being in force".

Section 8 (j) of the Act exempts "disclosure of personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual” unless the relevant authority “is satisfied that the larger public interest justifies the disclosure of such information".

In an interesting case Mr. Ansari Masud A.K vs Ministry of External Affairs (2008)[40] , the Central Information Commission has held that “details of a passport are readily made available by any individual in a number of instances, example to travel agents, at airline counters, and whenever proof of residence for telephone connections etc. is required. For this reason, disclosure of details of a passport cannot be considered as causing unwarranted invasion of the privacy of an individual and, therefore, is not exempted from disclosure under Section 8(1)(j) of the RTI Act.” This is despite the fact that nothing in the Passport Act itself authorizes disclosure of any documents under any circumstances.

However, the Right to Information Act isn’t as convenient a vehicle for privacy abuse as this case may suggest. The RTI adjudicatory apparatus has on several occasions upheld the denial of information on grounds of privacy violation – most famously in a case where an applicant sought information from the Census Department on the ‘religion and faith’ of Sonia Gandhi – the President of the largest party currently in power in India. Both the Central Information Commission – the apex body adjudicating RTI appeals as well as the Punjab and Haryana High Court upheld the denial of information as it would otherwise lead to an unwarranted incursion into her privacy.[41]

A similar concept of 'public interest' would seem to apply when private companies disclose personal information without a person’s consent. Without delving into the issue in too much detail, it would suffice here to mention one of the most important cases to have come up on the issue. In Mr. X vs Hospital Z[42] , a person sued a hospital for having disclosed his HIV status to his fiancé without his knowledge resulting in their wedding being called off. The Supreme Court held that the hospital was not guilty of a violation of privacy since the disclosure was made to protect the public interest. While affirming the duty of confidentiality owed to patients, the court ruled that the right to privacy was not absolute and was "subject to such action as may be lawfully taken for the prevention of crime or disorder or protection of health or morals or protection of rights and freedom of others."

Conclusion

Reflecting on the volume of case law that we have in India on privacy, one is struck at once, both by the elasticity of the concept of privacy — spanning, as it does, diverse fields from criminal law to paternity suits to wiretapping —as well as its fragility — the flag of privacy is constantly being raised only to be ultimately overridden on pretexts that range from security of state, to a competing private interest.

On the one hand, one marvels at the success of the concept, only a few decades old in Indian law, in insinuating itself into legal arguments across diverse contexts. On the other hand, one is dismayed by the fact that rarely does the concept seem to score a victory. There is an almost ritual quality to the way in which the “right to privacy” is invoked in these cases - always named as a relevant factor; it never seems to substantially influence the outcome of the case at hand.

The right to privacy in India was an Oops baby, born on the ventilator of a minority decision of the Supreme Court, and nourished in the decades that followed by sympathetic judges, who never failed to point out that this right was contingent — not absolute, not meant to be under the Constitution, but carved out anyway. Some five decades after its first invocation by the Supreme Court, one gets the feeling that the right to privacy, conceptually, hasn’t moved, and is still what it was then. We don’t, today, for the many times it has been invoked by courts, have a thicker, more robust concept of privacy than we started out with. So the question, that one is stuck with is, what work does this concept of privacy do?

One of the failings of the concept of privacy in India is that it doesn’t exist as a positive right, but is merely a resistive right against targeted intrusion. So for instance, the right to privacy would be useless as a concept to resist something like generalized street video surveillance – as long as a citizen is not singled out for a disadvantage, this right would be of no use. So this right to privacy is a negative right to not be interfered with. Under it one does not have the right to be as private as one wishes, but only no less than the next person. Still, even this limited concept could be useful, if it were applied more rigorously.

Unfortunately, as the case law indicates, the right to privacy cedes too quickly to competing interests. An incomplete rough catalog of these competing rights, drawn from the case law surveyed in this paper include:

public emergency and public safety (communications)
criminal investigation (search and seizure/communications)
competing private interests (divorce proceedings)
best interests of the child (paternity suits)
public interest (Right to Information)
competing fundamental rights (HIV status)

One may perhaps add judicial inactivity as one of the limiting factors on privacy. By holding that violations of procedure by investigating agencies would not vitiate trials, the judiciary has been complicit in perhaps some of the more damaging incursions into privacy. Once a person is implicated in any manner in the criminal justice system – either as a victim, a witness or an offender, investigating agencies are immediately invested with plenary powers. They can search his house without warrant. They can place him arrest. Subject him to ‘medical examinations’, take his fingerprints and DNA and hold it in a bank and there is nothing you can do. In this context, perhaps the strongest privacy safeguard can come from a reform in criminal procedure alone.

Notes

[1].The State of Uttar Pradesh V. Kaushaliya and Others AIR 1964 SC 416

[2].(1978) 2 SCR 621

[3]. 1 SCR 332

[4].AIR 1973 SC 157, 1973 SCR (2) 417

[5].(1975) 2 SCC 148

[6].(1994) 6 S.C.C. 632

[7].AIR 1997 SC 568

[8].AIR 1976 SC 789,1976 SCR (2)1060, (1976) 2 SCC 128

[9].Romesh Thappar vs The State Of Madras AIR 1950 SC 124 , 1950 SCR 594

[10].1966 AIR 1967 Ker 228, 1967 CriLJ 1511

[11].AIR 1980 SC 593 , 1980 SCR (2) 340

[12].[1963] Supp. 1 S.C.R. 408

[13].Distt. Registrar & Collector, Hyderabad v. Canara bank etc. AIR 2005 SC 186

[14].(2003) 4 SCC 493

[15].13-yr-old rape victim to HC: let me abort -, EXPRESS INDIA, April 21, 2010, http://tinyurl.com/13yrindian (last visited May 2, 2010).

[16].Suchita Srivastava v. Chandigarh Administration, (2009) 9 SCC 1. http://courtnic.nic.in/supremecourt/temp/dc%201798509p.txt (last visited May 2, 2010).

[17].Ibid

[18].410 U.S. 113 (1973)

[19].Article 21 does not limit the abridgement of the right to life by the state to only cases where the state has compelling state interest. The Article reads “No person shall be deprived of his life or personal librty except according to procedure established by law”

[20].Ibid

[21].Ibid

[22].AIR 1993 SC 2295, 1993 SCR (3) 917 <http://indiankanoon.org/doc/1259126/>

[23].AIR 2002 Delhi 217 <http://indiankanoon.org/doc/627683/>

[24].51 Cal. 3d 120; 271 Cal. Rptr. 146; 793 P.2d 479

[25].AIR 2010 SC 2851 <http://indiankanoon.org/doc/486945/>

[26].23 December, 2010 <http://indiankanoon.org/doc/504408/>

[27].Ibid

[28].AIR 1980 SC 791 , 1980 SCR (2)1067 , (1980) 2 SCC 343

[29].Sections 3 & 4 of the Identification of Prisoners Act, 1920

[30].Ibid, Section 5

[31].Section 7

[32].Thogorani Alias K. Damayanti vs State Of Orissa And Ors 2004 Cri L J 4003 (Ori) < http://indiankanoon.org/doc/860378/>

[33].AIR 1961 SC 1808 < http://indiankanoon.org/doc/1626264/>

[34].Ibid

[35].Keynote address given to the 93rd Indian Science Congress. See http://mindjustice.org/india2-06.htm, cited in Liang, L., 2007. And nothing but the truth, so help me science. In Sarai Reader 07 - Frontiers. Delhi: CSDS, Delhi, pp. 100-110. Available at: http://www.sarai.net/publications/readers/07-frontiers/100-110_lawrence.pdf [Accessed April 11, 2011].

[36].Ibid

[37].Ramchandra Ram Reddy v. State of Maharashtra [1 (2205) CCR 355 (DB)

[38].(2010) 7 SCC 263 http://indiankanoon.org/doc/338008/

[39].See Section 52 of the Registration Act 1908

[40].CIC/OK/A/2008/987/AD dated December 22, 2008 <http://indiankanoon.org/doc/1479476/>

[41].Anon, 2010. High Court dismisses appeal seeking information on Sonia Gandhi’s religion. NDTV Online. Available at: http://www.ndtv.com/article/india/high-court-dismisses-appeal-seeking-information-on-sonia-gandhi-s-religion-69356 [Accessed April 12, 2011].

[42].(2003) 1 SCC 500 40

Download file here [PDF, 312kb]

For more details visit https://cis-india.org/internet-governance/blog/privacy/limits-to-privacy

Limits to Privacy

praskrishna — 2012-12-14T10:28:59Z

In this chapter we attempt to build a catalogue of these various justifications, without attempting to be exhaustive, with the objective of arriving at a rough taxonomy of such frequently invoked terms. In addition we also examine some the more important justifications such as “public interest” and “security of the state” that have been invoked in statutes and upheld by courts to deprive persons of their privacy.

For more details visit https://cis-india.org/internet-governance/publications/limits-privacy.pdf

Letter to MPs on Concerns on Regional Comprehensive Economic Partnership

sinha — 2016-07-29T02:39:44Z

The Centre for Internet and Society sent a letter to Members of Parliament on July 27, 2016 to appeal to re-examine the Regional Comprehensive Economic Partnership (RCEP).

To,

The Hon’ble Chief Minister / Member of Parliament

We are writing to you to draw your attention to the concerns related to India’s engagement in the Regional Comprehensive Economic Partnership (RCEP), a mega-regional trade agreement (MRTA), currently under negotiation. We write as part of a forum on free trade agreements (FTAs), which is a network of over 80 civil society organisations and concerned individuals from across India. It came together in 2008 to analyse the impacts of India’s FTAs on people’s lives & livelihoods.

As you may know, RCEP is a FTA consisting of 10 ASEAN Countries plus Australia, New Zealand, South Korea, Japan, China and India. It is a comprehensive FTA dealing with not only tariff cuts but also a range of other issues such as investment, intellectual property rights, e-commerce, services, competition, etc. RCEP has far reaching implications on India’s future economic and social development. India is currently facing huge trade deficit with ASEAN, South Korea, Japan and China. RCEP is expected to worsen the huge trade deficit and damage India’s manufacturing sector.

Similarly, concerns are expressed in the field of intellectual property (IP). Many proposals by Japan and South Korea in the area of IP go well beyond our current national IP legislation, especially the Indian Patents Act 1970. Whereas, the Indian act permits only a narrow scope for patenting of software, the RCEP texts reveal disastrous proposals to hugely widen the scope, which, if accepted could compromise access to technologies in many critical areas. Likewise, Japanese & Korean negotiators' proposals run contrary to existing Indian copyright legislation. They mandate that all RCEP member countries to increase the term of copyright protection to 70 years from the year of the death of the author. The leaked chapters also envisage strong technological protection measures, without any limitations or exceptions for fair dealing use; creating new rights for making copies for temporary storage and blanket prohibition on re-transmission over the internet. All these changes would be extremely damaging to increasing access to knowledge in a developing country like India.

Further, the proposals also urge RCEP members to become members of another IP agreement on seeds – the UPOV Convention. Firstly, this would be ‘TRIPS-plus’, taking us beyond what WTO requires us to do in the area of seed. Secondly, it will mean going against the ‘farmer’s rights’ provisions in our national law – Protection of Plant Varieties & Farmers’ Rights Act (passed by Parliament in 2001 in compliance with WTO).

The leaked investment chapter shows that the proposals are going against India’s current position on investment treaties. India has developed a model BIPA text. India has also re-negotiating 57 of its 83 bilateral investment treaties (BITs) on the basis of its new model BIPA & to avoid one-sided approach to protecting investor’s interest. But demands being made in RCEP, may push us beyond our position on investments as well, for example, on the investor-state dispute mechanism.

The RCEP talks have picked up pace, hence the appeal to you to get involved.

Since 2013 RCEP negotiations have completed 13 rounds. The 14th round of negotiations is to take place in Vietnam on 15th of August. The Chief negotiators from each of the 16 countries are meeting 18-19th July in Jakarta, Indonesia. The upcoming RCEP Ministerial meeting on 5th August at Laos is expected set the new deadline for the conclusion of the negotiation.

However, there are no studies available in the public domain with regard to the implications of RCEP on India. In reply to an RTI query, Government denied existence of any cost and benefit analyses of RCEP. Similarly, there is no consultation with State governments with regard to RCEP and no texts are available in the public domain. Against this background we request you to take initiative:

to demand socio-economic assessment of RCEP on India’s development, especially on poor and marginalised populations, including implications for women & children

To ask for wider consultations on RCEP including consultations with state governments and ordinary people (such stakeholder consultations have already been held with industry bodies).
To make publicly available all the negotiating texts and institutionalise the process of making them open.
To ensure discussion on the cost and benefits of FTAs in general and RCEP in particular in both houses of the Parliament, including in the relevant Parliamentary Standing Committee.
To demand a while paper on India’s experience - costs and benefits, from FTAs with Japan, South Korea, Thailand, Malaysia and ASEAN.

Anticipating your kind attention on this urgent matter.

Thank you.

Yours truly,

Anubha Sinha
Centre for Internet & Society

For more details visit https://cis-india.org/a2k/blogs/letter-to-mps-on-concerns-on-regional-comprehensive-economic-partnership

Letter to Education Secretary, Government of Karnataka, Advocating Adoption of FOSS in State IT Academies

sachia — 2011-08-23T02:55:16Z

The Centre for Internet and Society is a signatory to a letter being sent to the Education Secretary, Government of Karnataka, advocating the adoption of FOSS at state IT academies.

The state of Karnataka has signed a Memorandum of Understanding with Microsoft under which three IT academies have been established in the state, in Bangalore, Dharwad and Gulbarga, in 2004-05. Government school teachers are being trained at these academies. As per the MOU, only Microsoft decides the curriculum at these academies, and only Microsoft software applications are being taught to the teachers. This MOU will expire in the coming academic year. Therefore, Gurumurthy Kasinathan and members of the FOSS community in India are sending a letter to the Education Secretary for the state of Karnataka, advocating the adoption of a FOSS-based curriculum in these IT academies, and explaining why this would be a useful move.

The Centre for Internet and Society is one of the signatories to this letter, which is reproduced below.

-----

The Education Secretary

Government of Karnataka

MS Building

Bangalore, Karnataka.

Sub – Microsoft IT Academies in Karnataka

Dear Sri Nadadur,

Karnataka has a MOU with Microsoft under which three 'IT Academies' have been established in the State, in Bangalore, Dharwad and Gulbarga during 2004-05. Government school teachers are being trained in these academies. As per the MOU, only Microsoft decides the curriculum in these academies, and only Microsoft software applications are being taught to the teachers.

There are a couple of issues with this program.

Firstly Microsoft does not allow the teaching of software other than their own proprietary products. This deprives the teachers from learning alternative Free and Open Source Software (FOSS) platforms. There are compelling pedagogical, economic, social and political reasons why the education system needs to adopt and promote FOSS. Free software is software which gives the users the freedom to use, study, modify and share, while in the case of proprietary software, the vendor prevents the study, modification and distribution of the software. The freedoms of FOSS provide users and the rest of society with several important advantages, which are briefly listed below:

a. With proprietary software, the teachers only learn be superficial 'users'. This is because, proprietary software companies prevent access to the “source code” that goes into the creation of software. With FOSS, students can learn not only how to use software, but also how create and modify the software applications. Hence with FOSS, students will not just be passive users but will actually construct knowledge. As we know, 'Constructivism' is a key feature of the National Curriculum Framework 2005.

b. FOSS supports the creation of local language versions of the software. For example, Kerala has locally created software in Malayalam for its IT@School program. Similarly the Kannada community Sampada has created a complete Kannada distribution by customising existing FOSS software.

Though Microsoft has provided Windows and Microsoft Office gratis at these academies, it does not provide the same software to the teachers who are trained at the centre. Hence the teachers who intend to purchase computers would need to shell out considerable amounts for the software which they have become used to in the schools. However, if the teachers are trained on FOSS alternatives to Windows and Office, at at negligible price (the cost of a CD which is around Rupees ten), each teacher can be a given a copy of the software. The training can also cover the installation of the software, if required. In this way, the teacher training can lead to the actual use of computers in the schools and teachers homes and make the training meaningful and lead to the greater dispersion of ICTs. Currently, most teachers learn to use these products but have no continuity of learning which makes the training futile.

Of course, the issue of FOSS is not only one of cost. Even if proprietary software were offered free of cost, our nation will eventually have economic losses, due to permanent dependency on software monopoly.

These are some of the reasons why Karnataka has chosen FOSS in its own ICT@Schools program. The computers in Karnataka schools run on GNU/Linux platform under this program. We would like to submit that the teacher training in the IT Academies at Bangalore, Dharwad and Gulbarga also need to be aligned to the IT@School program, and hence teachers should be taught on the same FOSS software platforms as well.

We had a meeting with Ms Vandita Sharma last November, along with Dr Richard Stallman, the founder of the global Free Software movement, and explained these issues. She was sympathetic to these arguments on the public benefits from FOSS and mentioned that the department would take appropriate action in this regard as is consistent with the public interest and those of the teachers and children in our government schools. She mentioned that the MOU with Microsoft is expiring in the coming academic year and and requested us to formally write to her in this regard, hence this letter.

We request that the Government take a firm stance in favor of adopting and promoting FOSS and chose FOSS in its software procurement to align the department to the government schools.

A few months back, organisations that are working to promote FOSS came together to establish a 'Coalition of the FOSS Community in India' whose goal is to collaborate with governments and other organisations to promote the adoption of FOSS, specially in the public sector. Several of the member of this coalition are based in Bangalore, including the Centre for Internet and Society, Sampada, Swatantra Malayalam Computing, Deeproot Linux, IT for Change etc. Faculty from IIM-B, Bangalore University as well as other academic institutions are also members of this coalition. Members of this coalition are willing to provide any technical support or guidance that the government may require in this regard. For eg, FOSS curriculum for both schools and for teacher training is available in Kerala and can be adapted to Karnataka schools. It should be noted that FOSS is already being used in many institutions in Karnataka, including IISC, IIIT-B, IIIT-H, IITK and many engineering colleges.

We hope our submission will be considered by the education department as well as by the government and we look forward to working with you to help bring these ideals into reality. If you think it would be useful, we could plan a small workshop / interaction, or even a series of workshops for different stakeholders, to discuss the issue in more detail and look at the implications of the choice of the software platforms for the ICT programs in the department.

We look forward to your response.

Yours truly

Gurumurthy Kasinathan and members of the FOSS community in India (list of signatories is provided overleaf)

May 9^th 2009.

Copy - Commissioner for Public Instruction, Sri Kumar Naik

Copy - State Project Director, Sarva Shiksha Abhiyaan, Sri Selva Kumar

Copy - Principal Secretary, DPAR (Dept of Personnel and Administrative Reforms) e-Governance

Copy - Principal Secretary, Department of IT

enclosed:

Why Government of Karnataka should adopt and promote FOSS

Kerala IT@Schools project

For more details visit https://cis-india.org/openness/blog-old/letter-to-education-secretary-may-2009

Letter on South Africa's IPRs from Publicly Financed R&D Regulations

pranesh — 2011-08-04T04:42:15Z

Being interested in legislations in developing nations styled after the United States' Bayh-Dole Act, CIS responded to the call issued by the South African Department of Science and Technology for comments to the Intellectual Property Rights from Publicly Financed Research and Development Regulations.

For more details visit https://cis-india.org/a2k/blogs/letter-on-south-africas-iprs-from-publicly-financed-r-d-regulations

Letter from Civil Society Organizations to CII

pranesh — 2011-04-02T15:15:44Z

A total of 29 groups and individuals expressed their concern about the drive by CII to introduce TRIPS-plus enforcement standards in India.

Original report in Business Standard

Govt accepts panel report against narrowing of Indian patent law

BS Reporter / New Delhi August 18, 2009, 1:14 IST

The central government has accepted the recommendations of an expert committee headed by former Council of Scientific and Industrial Research (CSIR) chief R A Mashelkar on patent laws. The committee had concluded that limiting the grant of patents for pharmaceutical substances to new chemical entities will be a violation of the TRIPS agreement of the World Trade Organization (WTO).

In effect, the committee endorsed the current position taken by India, in allowing patenting of known medicines if they have substantial new therapeutic uses.

The Mashelkar committee was formed after the government got passed the Patent Bill in 2005. It was assigned to see if the demand for narrowing the patent laws would breach India’s obligations under the WTO agreement. Mashelkar had presented the committee report in 2007, only for it to be withdrawn due to complaints of “technical errors”. The revised copy, submitted to the government few months ago, was accepted recently.

The move has come as a setback to many civic groups who were hoping to see a a constriction of Indian patent laws. The domestic lobby groups were heartened after a committee of Parliamentarians recently recommended changes in the existing rules to limit patenting of medicines to just “new chemical entities”.

In a letter to commerce minister Anand Sharma, the National Working Group on Patent Laws asked for the “recommendations of the Parliamentary Committee to take precedence over those of the Mashelkar committee.” It wanted the Mashelkar committee recommendations to be disregarded and appropriate amendments introduced in the Patents Act, 1970.

The civil society groups are stepping up protest against the “alleged” move to link “counterfeit” issues with intellectual property protection. In an open letter to Confederation of Indian Industry today, 21 groups have protested against the intellectual property enforcement initiatives of the CII.

“It is disheartening to note that the CII, being an Indian industry organization, is hosting the Third International Conference on Counterfeiting and Piracy from 19-20th August 2009 in partnership with American Embassy and the Quality Brand Protection Committee (QBPC), China, a body that comprises over 80 multinational corporations”, Linu Mathew Phillip, acting director of the Delhi-based Centre for Trade and Development said. “It is of immense concern to all of us, since higher norms of intellectual property enforcement necessarily undermine various other rights of the people at large, including the right to access to medicines and access to knowledge,” he added.

For more details visit https://cis-india.org/news/letter-from-civil-society-organizations-to-cii

Letter for Civil Society Involvement in WCIT

Center for Democracy & Technology — 2012-05-24T06:55:30Z

This page features a letter from academics and civil society groups from around the world to International Telecommunication Union Secretary-General Dr. Hamadoun Touré regarding the lack of opportunity for civil society participation in the World Conference on International Telecommunications (WCIT) process.

This letter was published by the Center for Democracy & Technology.

A PDF of the letter is available here. ONG Derechos Digitales has provided a Spanish translation of the letter. For more background on the WCIT, see our policy post, Civil Society Must Have Voice as ITU Debates the Internet, and our ITU resource page.

Civil society organizations and academics are invited to join this call to address deficiencies in the WCIT process. For more information, contact signon@cdt.org.

17 May 2012

To Secretary-General Dr. Hamadoun Touré, the Council Working Group to Prepare for the WCIT-12, and ITU Member States:

The undersigned human rights advocates, academics, freedom of expression groups, and civil society organizations write to express our desire to participate in the preparatory process undertaken for the World Conference on International Telecommunications (WCIT). The current preparatory process lacks the transparency, openness of process, and inclusiveness of all relevant stakeholders that are imperative under commitments made at the World Summit on Information Society (WSIS). We ask that the Secretary-General, the Council Working Group, and Member States work to resolve these process deficiencies in several concrete ways.

The continued success of the information society depends on the full, equal, and meaningful participation of civil society stakeholders (along side the private sector, the academic and technical community, and governments) in the management of information and communications technology, including both technical and public policy issues. Indeed, WSIS outcome documents recognize the need for a multi-stakeholder approach in technical management and policy decision-making for ICTs. The Tunis Agenda for the Information Society urges international organizations “to ensure that all stakeholders, particularly from developing countries, have the opportunity to participate in policy decision-making … and to promote and facilitate such participation.” And such participation depends on transparency and openness of process at every stage of substantive and procedural dialogue.

Yet there has been scant participation by civil society in the Council Working Group’s preparatory process for the WCIT so far, even as media reports indicate that some Member States have proposed amending the International Telecommunication Regulations to address issues that could impact the exercise of human rights in the digital age, including freedom of expression, access to information, and privacy rights. Under the current process, civil society participation is severely limited by restrictions on sharing of preparatory documents, high barriers for ITU membership (including cost), and lack of mechanisms for remote participation in preparatory meetings.

As an important step towards fulfilling WSIS commitments for building a more inclusive information society, the undersigned request that the Secretary-General, the Council Working Group, and Member States:

Remove restrictions on the sharing of WCIT documents and release all preparatory materials, including the Council Working Group’s final report, consolidated reports from all preparatory activity, and proposed revisions to the International Telecommunication Regulations;
Open the preparatory process to meaningful participation by civil society in its own right and without cost at Council Working Group meetings and the WCIT itself, providing formal speaking opportunities and according civil society views an equal weight as those of other stakeholders. Facilitate remote participation to the extent possible; and
For Member States, open public processes at the national level to solicit input on proposed amendments to the International Telecommunication Regulations from all relevant stakeholders, including civil society, and release individual proposals for public debate.

We welcome Secretary-General Touré’s commitment to creating a more inclusive information society and ensuring equitable access to ICT around the world. Collectively and individually, the undersigned human rights advocates, academics, freedom of expression groups, and civil society organizations work to fulfill this vision through a range of national and global institutions and we call for the same opportunity to engage at the WCIT, consistent with WSIS commitments. We urge you to ensure the outcomes of the WCIT and its preparatory process truly represent the common interests of all who have a stake in the future of our information society.

Sincerely,
Access
Article 19
Association for Progressive Communications (APC)
Eduardo Bertoni, Centro de Estudios en Libertad de Expresión y Acceso a la
Información (CELE), Universidad de Palermo, Argentina
Bytes for All, Pakistan
Canadian Internet Policy & Public Interest Clinic (CIPPIC)
Center for Democracy & Technology
Center for Technology and Society (CTS/FGV), Brazil
Centre for Internet & Society (CIS), India
Consumers International
Digitale Gesellschaft e.V.
Egyptian Initiative for Personal Rights
Electronic Frontier Foundation
European Digital Rights
Freedom House
Global Partners & Associates
Global Voices Advocacy
Human Rights in China
Human Rights Watch
Internet Democracy Project, India
Internet Governance Project (IGP)
Kictanet, Kenya
Rebecca MacKinnon
MobileActive Corp
New America Foundation’s Open Technology Institute
ONG Derechos Digitales, Chile
Open Rights Group
Panoptykon Foundation, Poland
Public Knowledge
Reporters sans frontières / Reporters Without Borders
World Press Freedom Committee

Ageia Densi, Argentina
Bolo Bhi, Pakistan
Index on Censorship
IP Justice
Julia Group, Sweden
Net Users' Rights Protection Association, Belgium

For more details visit https://cis-india.org/letter-for-civil-society-involvement

Leslie Chan Lectures in Tiruvananthapuram and Mysore

praskrishna — 2012-12-12T06:26:42Z

Prof. Leslie Chan from the University of Toronto, Canada is giving a series of lectures in Tiruvananthapuram and Mysore from December 17, 2012 to December 19, 2012.

Programme of Prof. Leslie Chan in Thiruvananthapuram

Knowledge Management in the Open Access Environment
Date: December 17, 2012 Time: 11.00 a.m. – 1.00 p.m. Venue: Dept. of Library & Information Science, University of Kerala Organiser: University of Kerala Contact person : Dr. KP Vijayakumar / 9496749901 (Mob) / 0471-2308034 (Off) E-Mail : kpvijayakumar2@gmail.com
Emerging Trends in Scholarly Communications and Impact Measures in the Open Knowledge Environment
Date: December 17, 2012 Time: 3.00 p.m. – 5.00 p.m. Venue: National Institute of Interdisciplinary Science & Technology (NIIST)(CSIR), Pappanamcode, Trivandrum Organiser: NIIST and CSIR Contact person: Mrs. Nishy P/9645086468 (Mob)/0471-2515293(Off) E-Mail: nishy22@gmail.com Evening : Discussion with Prof. VN Rajasekharan Pillai, Executive Vice President, KSCSTE, Sasthrabhavan, Trivandrum
Lecture-cum-Open Forum on Open Access Initiatives (OAI)
Time: 10.30 a.m. – 1.00 p.m. Venue:Indian Institute of Information Technology & Management-Kerala (IIITMK), Technopark, Trivandrum Organiser: IITMK Contact person : KP Sadasivan : 9447903282 (Mob) / 0471-2527567 Ext.103 (Off) E-Mail: kps31147@yahoo.com or sadasivan.kp@iiitmk.ac Afternoon : Visit to ICFOSS, Technopark, Trivandrum (Co-sponsored by IIITMK & ICFOSS) Contact person : KP Sadasivan : 9447903282 (Mob) / 0471-2527567 Ext.103 (Off) E-Mail : kps31147@yahoo.com or sadasivan.kp@iiitmk.ac

A Special Lecture by Prof. Leslie Chan in Mysore

Emerging Trends in Scholarly Communications and Impact Measures in the Open Knowledge Environment
Organisers: Mysore University Library, Department of Studies in Library and Information Science (DLIS-UoM), Mysore Library and Information Scientist’s Association (MyLISA) and SDM Institute of Management Development, Mysore. Date: Wednesday, December 19, 2012 Venue: Manasa Media Centre, Mysore University Library, Manasagangotri, Mysore

For more details visit https://cis-india.org/news/leslie-chan-lectures-in-tiruvananthapuram-and-mysore

Legal Issues pertaining to Cloud Computing

praskrishna — 2022-02-07T15:29:00Z

The Law and Technology Society of National Law School of India University, Bangalore is organizing the 6th edition of its flagship conference ‘Consilience’ on December 14 and 15, 2013 at NLSIU Campus, Bangalore. The Centre for Internet and Society is supporting this event.

The Conference will see some of the best lawyers, jurists and industry leaders in India speak on different issues surrounding the theme. The Conference is co- branded with ‘Salesforce.com’, ‘International Technology Law Association’ and the Centre for Internet and Society (http://www.cis-india.org/). Apart from making an effective contribution towards greater understanding of the subject, the Conference will lead to a recommendatory policy paper to the government of India.

Key speakers for the Conference include:

Senapathy (Kris) Gopalakrishnan (Co-Founder and Executive Vice Chairman, Infosys & President, CII )
Pavan Duggal (Advocate, Supreme Court)
Abhishek Malhotra (Founding Partner, TMT Law Practice)
Azmul Haque (Partner, Shook Lin & Bok, Singapore)
Chris Edwards (Senior Associate, DLA Piper, Singapore)
Prof. Rahul De (IIM Bangalore)
Pamela Kumar (Chair, Cloud Computing Innovation Council of India)
Suhaan Mukherji (Expert advisor, Office of Adviser to the Prime Minister of India on Public Information Infrastructure and Innovations)

Registrations for the Conference are open and fee for the same is as follows:

Students: Rs. 500/-
Professionals: Rs. 750/-

Please find attached the concept note, programme schedule and speakers’ profiles. To register, visit http://www.consilience.co.in/index.php/consilience-2013/register-for-the-conference. For any other queries, please write to ltech.nls@gmail.com .

or contact

Shivam Singla (Ph: +91-9916708701)
Ayushi Sutaria (Ph: +91-8123925725)

Conference Programme

Saturday, December 14th, 2013
Venue: Conference Hall, Academic Block, NLSIU

Lunch
08.30 09.30	Breakfast and Registration
09.45 10.00	Inauguration
10.00 10.30	Keynote Address
10.30 12.30	SESSION 1: INTRODUCTION TO CLOUD COMPUTING How does cloud computing work? - An overview of the basic technical features The current legal regime related to cloud computing in India- Main issues and challenges
13.15 15.15	SESSION 2: THE RELATION BETWEEN PARTIES TO CLOUD COMPUTING- USERS, INTERMEDIARIES AND GOVERNMENT BODIES Legal obligations of the intermediaries towards (i) the government and (ii) the users Cyber security concerns Standards of data protection Government's surveillance powers and privacy issues
Tea Break
15.30 17.30	SESSION 3: REGULATION AND MONITORING OF DATA CONTENT Current data control monitoring systems by intermediaries Data ownership and intellectual property issues- Possible threats and need for regulation Sensitive or critical data- Security concerns relating to their storage
High Tea/Networking Session

Sunday, December 15th, 2013
Venue: Conference Hall, Academic Block, NLSIU

Tea Break
09.00 10.00	Breakfast and Registration
10.00 12.00	SESSION 4: THE INTERNATIONAL PERSPECTIVE ON CLOUD COMPUTING Jurisdiction and choice of law issues- how do we counter the confusion? International laws applicable to cloud computing Need for a comprehensive international framework to simplify the situation?
12.15 14.15	SESSION 5: COMPARATIVE ANALYSIS WITH LEGAL FRAMEWORKS IN OTHER COUNTRIES Legal frameworks in UK and Singapore Beneficial features of these legal regimes and their suitability in the Indian context Lessons to be learnt for India
Lunch
15.00 17.00	SESSION 6: THE WAY FORWARD – SUGGESTIONS AND RECOMMENDATIONS Overview of the important challenges and suggestions Possible Policy and Legislative steps to improve the Cloud Computing regime in India
High Tea/Networking Session

Click to read the sub tracks for discussion
Access the speakers' profiles here

For more details visit https://cis-india.org/events/legal-issues-on-cloud-computing

Legal Challenges to Mapping in India #1 - Laws, Policies, and Cases

Adya Garg — 2016-05-11T13:43:11Z

Responding to the draft Geospatial Information Regulation Bill and the draft National Geospatial Policy made public recently, this post provides an overview of the present configuration of laws, policies, and guidelines that provides the legal framework in India for governance of creation and sharing of geospatial data in India. The post also studies these policies in action by describing the key legal cases around the creation and use of geospatial data. The next post of this series will document the reflections and opinions of the key geospatial industry actors in India, as well as the free and open source mapping community.

1. Introduction

2. Mapping the Legal Journey of Geospatial Data: Past to Present

2.1. National Map Policy, 2005

2.2. Guidelines issued by Survey of India

2.3. Remote Sensing Data Policy (RSDP)

2.4. Civil Aviation Rules

3. Incidents of Legal Actions Faced by Agencies

3.1. Google's Mapathon in Legal Trouble

3.2. One Country - Two Boundaries

3.3. J. Mohanraj v Google and Others

4. Conclusion

5. References

6. Author Profile

1. Introduction

“Maps, like faces, are the signature of history.” – Will Durant [1]

Throughout the course of history geospatial information has played an important role in technological, economic, political and cultural dimensions of the human society. With technological developments taking place, the field of mapping – that is collection, analysis, and representation of geospatial data – is continuously evolving. On the face of it, creation of geospatial data seems to be an exclusive scientific and technological matter. However, the political and economic facets of geospatial data are often as predominant and complex as its scientific practice. Continuing from the colonial era, the political facet of mapping emerged significantly in the public discourse from the 1990s onwards as digital technologies amplified the ability of non-governmental actors to collect, generate, and share geospatial data, in the form of maps or otherwise [2]. This 'democratisation' of the ability to map and share private/user-generated maps structurally undermined the government's ability to have an authoritative and universal voice when it comes to geospatial depiction of the nation and its various components. Similar to the other upsurges in the digitized world, which is often followed by an introduction of legal provisions in order to keep access to and use of digital data under mechanisms of monitoring and permission, mapping in India has also has subsequently been governed under policies addressing both terrestrial mapping and remote sensing. Concerns of national security, naturally, have driven much of these policies.

This post focuses on providing an overview of the present configuration of laws, policies, and guidelines that provides the legal framework in India for governance of creation and sharing of geospatial data in India. The post also studies these policies in action by describing the key legal cases around the creation and use of geospatial data. The next post of this series will document the reflections and opinions of the key geospatial industry actors in India, as well as the free and open source mapping community.

2. Mapping the Legal Journey of Geospatial Data: Past to Present

“We know every inch of the nation, because we map every inch of it!” – Survey of India [3]

Aforementioned slogan adopted by the primary organization responsible for mapping all geospatial data in India indicates the importance of the geospatial data and mapping the same. While it indicates the importance of having access to mapping data in order to be aware of the geospatial features of one’s country, it also cleverly reveals the vulnerability that having access to mapped data brings. The phrase can be said to imply that mapping every inch of the country leads to information about every inch of the nation which is useful if in the hands of government agency but repugnant to security if in the hands of external agencies. This conflict between access to information about the country and the security concerns arising from such an open access has led to a rich evolution of legal policies governing the same.

Set up in 1767, Survey of India (hereinafter “SOI”) was required to map the terrains of India to fulfill the commercial and political convenience of the East India Company [4]. During these colonial times, maps were considered to be essential for governmental purposes and thus their dissemination to unauthorized persons was barred by Clause 5 of the Official Secrets Act, 1923 [5]. Thus, till 1950s mapping was being governed by the colonial provisions which maps restricted to official use only [6]. With independence, the functions of the SOI shifted mainly towards providing information for the defense forces [7].

An important change came in the form of orders and notifications by Ministry of Defence (hereinafter “MOD”) during 1960s, the major one being the 1965 order that permitted distribution of maps of scale 1:4 M [8]. The Map Restriction Policy of the MOD, however, imposed categorical restrictions on sharing of maps, aerial photos, and all geophysical data for various parts of India - with a focus on international border areas in the North-Eastern state, and the coastal zone that included several large cities like Chennai, Kochi, Kolkata, and Mumbai [9]. Dr. Manosi Lahiri notes that "[t]his had a far reaching effect on the mapping culture of independent India and perpetuated the perception among many that maps were a security threat" [10]." By 1971, however, the functions of SOI extended to catering to inter alia all development activities and was hence brought under the ambit of Department of Science and Technology [11].

However, the catalytic transformation came in the form of National Map Policy, 2005 which made SOI the nodal governmental agency for dealing with all processes involving geospatial data. While harping for open access to geospatial data, the policy accompanied by corresponding guidelines have largely restricted the power to map geospatial data to SOI. The Policy and the guidelines have been discussed in detail as under.

2.1. National Map Policy, 2005

The National Map Policy, 2005 (hereinafter, “NMP”) was announced by the Central Government on May 19, 2005 [12]. The preamble of the policy identifies the importance of high quality spatial data in various facets such as socio-economic development, conservation of natural resources, infrastructure development etc [13]. Topographic map database constitutes the foundation of all spatial data and its production, maintenance, and dissemination has been assigned as a responsibility to SOI, which is to "liberalize access" to spatial data without compromising upon security concerns. Thus, the conflict between national security and right to have access to information regarding one’s country is clearly highlighted in the policy as a need for enactment of the same. Thus, the policy objectives include access to National Topographic Database (NTDB) [14] and promotion of geospatial based intelligence, subject to confirmation to national standards of SOI.

In order to realize the security concerns, inter alia, a dual-classification was created amongst the maps, namely - i) Defence Series Maps (“DSM”) and ii) Open Series Maps (“OSM”). While the former constitutes of topographical maps that mainly cater to defence and security requirements of the country, the latter supports developmental activities. Hence, DSMs whether in analogue or digital form, fall under the classified category and the power to issue guidelines pertaining to their use vests digit mainly for developmental purposes, they are not openly accessible by ipso facto and need to gain the ‘unrestricted’ tag after clearance from MOD. A table specifying the distinction between DSMs and OSMs in detail has been provided below:

Sub-Topic	Defence Series Maps (“DSM”)	Open Series Maps (“OSM”)
Why are these maps used?	The maps under this series cater to defence and security requirements of the country.	The maps under this series are useful in supporting various developmental activities in the country.
What are the technical classifications?	Everest/WGS-84 Datum and Polyconic/UTM Projection) on various scales (with heights, contours and full content without dilution of accuracy).	In UTM Projection on WGS-84 datum, bearing different map sheet numbers. (And as provided in Annexure B of the NMP)
Who can use these maps?	Maps (in analogue or digital forms) for the entire country will be classified.	Both hard copy and digital form will become “Unrestricted” after obtaining a one-time clearance of the Ministry of Defence.
How can the maps be used?	Guidelines regarding the use of DSMs will be formulated by the Ministry of Defence.	Guidelines regarding the use of OSMs will be formulated by SOI regarding aspects like procedure for access, further dissemination /sharing, ways and means of protecting business and commercial interests of SOI etc.

While the DSMs are completely classified, restrictive provisions regarding usage and dissemination of OSMs have also been incorporated in the policy. OSMs are not allowed to show any civil and military Vulnerable Areas and Vulnerable Points (VA’s/VP’s). OSMs on a scale larger than 1:1 needs to be disseminated either by sale or an agreement, which will allow the agency to add its own value to the maps obtained, and to share these maps with others.

The primary transaction between SOI and the agency as well as all the subsequent transactions between the agency and other users have to be registered in the Map Transaction Registry for records. While the Map Transaction Registry forms an important part of the NMP, no such registry information has been made available on the official website of SOI as indicated by the screenshot below.

Map Transaction Registry, Survey of India, URL: http://www.surveyofindia.gov.in/pages/view/48

The policy allows users to publish maps on hard copy or web (with or without GIS interface) subject to a certification from SOI in case of depiction of international boundaries. The policy also upholds the validity of the previous MOD notifications pertaining to mapping subject to the modifications introduced by the policy and authorises SOI to issue further guidelines corresponding to the policy.

2.2. Guidelines issued by Survey of India

Under the powers vested by the NMP, SOI has issued detailed clarificatory guidelines in furtherance of the policy [15]. The restrictions arising on mapping of geospatial data can be attributed to two major factors namely, Security concerns and Copyright provisions [16]. Under the guidelines, copyright of both digital and analogue maps has been vested with the SOI. Penal consequences have been mentioned as a result of violation of SOI’s copyrights. In furtherance of security concerns, the guidelines uphold the Ministry of Finance (Department of Revenue) Notification No. 118-Cus./F.No.21/ 5/62-Cus. I/VIII dated 4th May 1963 which prohibits the export of all maps/digital data in 1: 250K and larger scales through any means. Digital Topographical data has been an exclusive licensing domain of only Indian individuals, organisations, firms or companies.

While paper maps can be accessed from SOI offices against payment of price, digitisation of maps has been strictly made forbidden by the guidelines. Ownership of digital data has been vested completely with the SOI and can only be gained against payment after application through a specified proforma.

2.3 Remote Sensing Data Policy (RSDP)

In 2011, the confusion pertaining to applicability of NMP to both territorial and satellite mapping was resolved with the release of the Remote Sensing Data Policy (RSDP). The policy recognized the importance of remote sensing data and noted that it was largely used by government and non-government users from Indian and foreign remote sensing satellites. However, again banking upon the need for security considerations, the policy was released with the purpose of “…managing and/ or permitting the acquisition/dissemination of remote sensing data in support of developmental activities" [17]. Department of Science (DOS) was made the nodal government agency for all actions pertaining to remote sensing data under the policy.

A basic perusal of the policy indicates a parallelism between the RSDP and the NMP. Thus, similar to NMP, RSDP assures of a government managed Indian Remote Sensing Satellites (IRS) Programme, the data produced by which will be solely owned by the government and other users could only be provided with licences if need be. Any attempt at acquiring and/or dissemination of remote sensing data within India requires permission through the nodal government agency. National Remote Sensing Centre (NRSC) of the Indian Space Research Organisation (ISRO)/ DOS is vested with the authority to acquire and disseminate all satellite remote sensing data in India, both from Indian and foreign satellites. NRSC is also supposed to maintain a systematic National Remote Sensing Data Archive, and a log of all acquisitions/ sales of data for all satellites. Thus, nodal government agencies were created for both terrestrial mapping and satellite imagery, former being SOI and latter NRSC.

2.4 Civil Aviation Rules

Aerial instruments and aircrafts act as important instruments for geophysical surveys and mapping. Thus, this area does not go ungoverned. While, till date, India doesn’t impose an explicit bar on foreign registered aircraft overflying its territory for aerial photography and geo-physical survey, the same is subject to prior clearance under rule 158 and 158A of the Aircraft Rules, 1937 on account of safety and security concerns, the procedure for which has been given under Civil Aviation Rules (CAR) [18]. CAR is applicable to inter alia agencies undertaking aerial photography, geophysical surveys etc. An application is required to be made as per Annexure E which inter alia requires confinement of photography/sensing to the exact area as applied and cleared by the Ministry of Defence. The application is forwarded by DGCA to the Ministry of Defence and other agencies responsible for issuing NOC.

DGCA’s restrictions extends to voluntary geographic information with prohibition of civilian drones in India. Unmanned drones are an important equipment used for the purpose of collecting geo-spatial data. The ban on flying drones in India exist from October, 2014 but is not in common knowledge [19]. While it is argued that drones could harm people and lead to chances of crashing, the major argument has always been the use of drones by anti-national elements to peruse sensitive places for plotting terror attacks [20]. While there is an ambiguity regarding using drones in India, flying drones over defence establishments and historical places is completely banned [21]. Thus, civilians using drones for clicking pictures of monuments etc. have often been confronted by the police [22].

Thus, there is no single policy that acts as a deterrent for mapping in India but an accumulation of multiple policies, guidelines and legal provisions that are used by departments of government to restrict mapping in the name of security. These restrictions have also witnessed incidents in their furtherance as detailed below.

3. Incidents of Legal Actions Faced by Agencies

Since the advent of restrictive mapping policies, numerous incidents have come forth when agencies have found themselves faced by legal actions for violating such policies. In recent times, these incidents were publicly highlighted in 1998 when the sale of the CD-Roms of Delhi Guide Maps created by Eicher were prohibited [23]. Eicher has been one of the oldest players of the private mapping market, creating city and road maps for India in the private sector for public distribution. While having faced a ban in earlier times, it is also one of the few companies been able to access the SOI data for value addition. It works in collaboration with SOI now, often launching products in ‘strategic alliance’ with them. After the implementation of NMP, we have witnessed two major legal controversies, both involving SOI on one hand and Google on the other.

3.1. Google's Mapathon in Legal Trouble

In furtherance of Google’s constant endeavour to have every nook and corner mapped, Google holds a competition called ‘Mapathon’ each year [2]. The competition invites people to map their local surroundings incentivised by lucrative prizes to winners. However, an initiative launched for purely mapping purposes had to face a large legal hurdle in the year of 2013. Google-Mapathon, 2013, held in February-March, had declared Vishal Saini as the 1st winner who had mapped the military-prone city of Pathankot. According to legal provisions governing mapping practices in India, civil and military Vital Areas (VAs) /Vital Points (VPs) cannot be shown on maps in public domain [25]. Thus, the tech-giant found itself amidst legal controversy for having held the competition without permission from Survey of India after a concern raised by BJP’s Tarun Vijay. A case was filed by SOI at the R.K. Puram Police Station. The primary contention was that the “Mapathon 2013 activity is likely to jeopardise national security interest and violates the National Map Policy. Citizens of the country, who are ignorant of the legal consequences, are likely to violate the law of the land” [26].

Considering the involvement of a U.S. based company, the investigation was handed over to CBI During the probe, it was alleged by then Surveyor General of India Swarna Subba Rao that Google did not refrain from “polluting” [27] the internet with classified material despite having been asked so. Further, then Additional Surveyor-General of India R.C. Padhi wrote claimed that “The Survey of India is only mandated to undertake ‘Restricted’ category surveying and mapping, and no other government/private organisations or any individual are authorised to do so” [28]. He told Reuters that some of the information provided by locals to Google could be ‘sensitive’ and the security of the nation could not be compromised at any cost [29].

Google on the other hand said that its primary motive was to map local information of daily needs such as hospitals, restaurants, markets etc. and the competition was in tandem with national laws. Further, it was heard that Google had been approached regarding Mapathon by SOI and it had replied with intimation of willingness to talk to SOI. However, SOI had not reverted back and Google was always ready and willing to talk out the matter. However, the much hyped case did not have a substantial result and CBI had to close the probe on account of lack of evidence [30].

Considered a thing of past, the controversy resurfaced in the recent times of January, 2016 post the Pathankot Air Base strike [31]. Google was dragged to the court for having displayed sensitive geospatial data regarding Pathankot that made possible an airstrike at the location. An injunction was sought to refrain Google from showing sensitive military areas and defence establishments on the maps made available by it. While the injunction was refused, Delhi High Court had asked the centre and the additional solicitor to look into the same and keep the court apprised. Thus, this can be termed as an open and unfinished matter ongoing legal contemplation.

While it is understandable that some areas are considered as vulnerable due to security concern. The lost keeps changing often leading to transgression into security places. But the major point being the list of vulnerable areas is classified and not released to public. In absence of such a list, how is it possible for google to vet its data to comply with security concerns.

3.2. One Country - Two Boundaries

Another major legal controversies in the field of geospatial mapping has been with regards to wrong depiction of international boundaries of India by Google. A basic perusal of the official website of SOI provides a list of only three documents under the tab of ‘Public Awareness’, all dealing with the crime of depicting wrong Indian boundaries [32]. While one of them includes the certified map with correct boundaries, to be complied with, other is a gazette notification bringing the Criminal Law Amendment Act, 1961 which criminalized the act of showing wrong depiction of boundaries. Section 69A of the IT Act has also been used earlier to restrict access to links depicting incorrect maps of India [33] though it only speaks about restricting public access to data, necessary in the interest of Sovereignty and Integrity inter alia, the section per se does not deal with dissemination of geos-spatial data.

It was in the year of 2014, that on the directions of Department of Science and Technology, SOI filed a complaint against Google at the Dehradun Police Station for depiction of international boundaries not in a “wrong manner” i.e. not in compliance with Government of India authentication [34]. The result was that today Google shows different boundaries on Indian domain, in compliance with SOI and different on International domain.

Google was also involved in a controversy when in 2009, Google maps for India marked areas of Arunachal Pradesh, including its capital Itanagar and Tawang, in China [35]. It was followed by an apology from Google and an immediate rectification for Indian users. However, Google uses a different version for China and the world creating disparity in the boundary depiction [36].

Google has not been the only platform having faced the anger of Indian community for wrong depiction. In 2011, copies of the Economist Magazine were seized for having depicted the map of Kashmir divided between India, Pakistan and China [37]. For similar reasons, Al-Jazeera was taken off air by the Indian government after a 5-day ban imposed under Section 69A of the IT Act [38]. Modi’s visit to Queensland University of Technology was accompanied by an “unqualified apology” from the authorities for having depicting Indian map without portions of Kashmir [39]. Urban Development Department of Bihar also ended up show-causing one of its employees for putting up wrong map on its website and substituting the same with SOI’s version after media attention [40]. India seems to be the country often having been angered due to wrong depictions of maps.

While India seems to be actively involved in Geo-politics, it isn’t the only country Google has fallen in legal trouble with, for wrongly depicting International Boundaries. In 2010, Google gained a lot of media attention for allegedly starting the ‘First Google Maps War’ [41]. It occurred when a Nicaraguan official led his forces to the Costa Rican territory on other side of the customary border and used Google Maps as a proof to deny trespassing. Nicaragua and Costa Rica have a long territorial dispute and Google seem to have fuelled it by depicting the Nicaraguan version of border according to which that area of Cost Rican territory came within the boundaries of Nicaragua [42]. Despite Nicaragua’s petition to Google to not accept Costa Rica’s petition to shift borders, Google voluntarily changed its borders to comply with the Costa Rican stance [43].

Another such incident followed in the case of Google’s depiction of Dutch-German border with respect to Dollart Bay [44]. Germany claimed the border to be closer to Dutch land while Dutch claimed it to be more towards centre. Google, however, chose to depict a self-version that transferred the German city of Emden to the territorial control of Netherlands. This infuriated the city which resorted to expressing its displeasure and asking Google to change the depiction. Google, this time, however remained dormant and no amendment in the depiction of Dutch-German border could be witnessed.

At the time of Crimean referendum supporting independence, U.N. had passed a resolution condemning the same and supporting territorial integrity of Ukraine. Google, however, believed in the contrary and was quick to bring changes into its maps to depict formation of independent Crimea [45]. Rather than a mistake, this time, Google had adopted a stance against the UN resolution and used its maps to vocalize the same.

Similarly during the inclusion of South Sudan in the U.N.G.A., while members voted, they were unaware of the exact territorial division between North and South Sudan. It was then that Google initiated the process of collecting geo-spatial information regarding South Sudan from locals in order to better the territorial integrity [46].

Thus, Google has times and again fallen into criticism for wrong depiction of international boundaries and even varied depictions of boundaries as per the perspective of the political entity. However, “Popularity does not bestow authority” [47] and Google’s maps cannot be accurately relied upon for proving sovereign territorial holds. Thus, most of the international incidents have witnessed countries resorting to peaceful petitions to Google informing it regarding the inaccuracy of the border and requesting a shift in the same. Hardly has the world witnessed penal provisions being invoked against Google for depicting versions other than the perceived ones.

3.3. J. Mohanraj v Google and Others

Apart from the above two incidents, another pertinent case is the 2008 judgment by the Madras High Court in J. Mohanraj v (1) Secretary To Government, Delhi; (2) Indian Space Research Organisation, Bangalore; (3) Google India Private Limited, Bangalore . A writ petition was filed by Mohanraj seeking a complete ban on Google Earth and ‘Bhuvan’; mapping initiatives by Google and ISRO respectively [48].

The petition was allegedly filed in public interest considering the security apparatus of Indian Government along with the threat posed by the terrorists. The petitioner claimed that the initiatives such as Google Earth used high quality satellite imagery to display bird’s eye view of various establishments including minute details and were bound to cover defense establishments and sensitive areas, posing a threat to Indian security. Dr. A.P.J. Abdul Kalam’s speech was referred to indicate his views against such open creation of geospatial data. The provisions of the NMP was highlighted and it was alleged that such mapping practices violated the individual rights of a person under Article 21 of the Constitution. Further, it was claimed that such practices could only be taken up by SOI and were outside the purview of private organizations.

However, the Court held that the petitioner was unable to produce any specific “Guidelines/Rules/Law laid down by the Central/State Governments, prohibiting the private organisations or any other individuals to Interactive Mapping Program, covering vast majority of the Planet”. Since the court could only interpret existing provisions and not lay down guidelines, passed the judgment against the petitioners.

From the above explained incident it seems that the NMP per se does not refrain creation of mapping data by agencies other than SOI. The centre of the conflict seems to lie with the interpretation of the policy by SOI claiming itself to be the exclusive agency entitled to map data. Hence, often though complaints and cases are filed against such activities, no concrete consequence emerges from the same. Further, the courts have also neglected the grievance of the issue and given ambiguous judgments in most cases. Thus no judicial sanction or opposition to the SOI’s guidelines exist till date often allowing SOI to continue with following its own version. While these cannot be termed as a solution, they definitely indicate towards the root of the problem.

4. Conclusion

It can be concluded from above compilation of legal provisions and incidents that it is perhaps SOI’s interpretation to NMP that gives rise to exclusive authority to map geospatial data and not the policy per se. The objective of the policy clearly advocates for promotion of the use of geospatial knowledge and intelligence. More than one provision under the SOI guidelines indicate towards the arbitrary abuse of power. First, a provision regarding ‘Settlement of disputes’ has been included in the guidelines. Secretary, Department of Science & Technology has been vested with binding decision making powers in case of a dispute on the applicability or interpretation of the guidelines between the SOI and any other person. Thus, instead of a judicial forum, an executive authority has been vested with quasi-judicial powers. Such a dispute resolution mechanism cannot be considered as devoid of bias towards the governmental agency, hampering fair and equal justice. Second, SOI assumed the power of mapping data but under the guidelines considers itself devoid of complete responsibility for the loss caused to any person on account of failure of proper dissemination of data. Third, the SOI has reserved the right to add, delete, modify or amend every provision of the guidelines at any time without assigning any reason or notice.

While depiction of wrong boundaries has been specifically been criminalized and can be accepted as symbolic of sovereign hold over contentious territorial areas, it hardly fulfills a security purpose other than acting as a proof to the international community. The incident regarding Mapathon, on the other hand, though did not result in penal consequences towards Google, seem counterproductive in the first place for asking for a ban on increase of geospatial resource data. Considering the same, prudency demands that India also adopt policies and measures that are more peaceful and accommodating in nature such as resolving territorial matters by talking out with Google and other agencies. The current and proposed stringent penal provisions only act as dis-incentivising measures for geo-spatial agencies to map India, which is not the motive sought to be achieved by the bill.

However, the interpretation of the policy cannot be blamed alone for restrictions such as depiction of VAs and VPs have been specifically mentioned in the policy. Above mentioned policies and guidelines have often been criticized for being overly restrictive in nature and a consequence of colonial hangover. In times of crowdsourcing of mapping data, the need of the hour exist in critically analysing the existent policies and their interpretation. The same is especially so in the absence of a high quality digital version of the correct boundary of India. While a map in PDF form has been put up by Survey of India, the same cannot be converted to digital form to be complied with or used to resolve territorial disputes of detailed nature. This makes it absolutely impossible to completely comply with the Indian version of the boundaries without a proper resource acting as a comparison check. The need of the hour is for the Government to release less ambiguous and specific details as to what it considers to be outside the scope of private mapping and the correct boundaries along with a less stringent policy framework so that India can protect its security, sovereignty and integrity while promoting creation and dissemination of geo-spatial data.

5. References

[1] SV Srikantia, 'Restriction on maps: A denial of valid geographic information,' [2000] 79(4), Current Science 484.

[2] Fatima Alam, 'Mapping the politics of cartography,' Infosys Science Foundation, 31 March 2015, http://www.infosysblogs.com/infosysprize/2015/03/mapping_the_politics_of_cartog_2.html, accessed 11 May 2016.

[3] 'About Us,' Survey of India, http://www.surveyofindia.gov.in/pages/view/10-about-us, accessed 11 May 2016.

[4] Ibid.

[5] R Ramachandran, 'Public Access to Indian Geographical Data,' [2000] 79(4) Current Science 450.

[6] Ibid.

[7] Supra, 4.

[8] “Scale represents the relationship of the distance on the map/data to the actual distance on the ground. Map detail is determined by the source scale of the data: the finer the scale, the more detail.” Seen at http://gif.berkeley.edu/documents/Scale_in_GIS.pdf.

[9] Dr. Manosi Lahiri, 'Survey & Mapping in India: The Regulatory Framework,' Directions Magazine India, https://www.mlinfomap.com/Pdf/Survey&Mapping-Lahiri%202.1.pdf, accessed 11 May 2016.

[10] Ibid.

[11] Supra, 2.

[12] ‘Guidelines for implementing National Map Policy,’ Survey of India, http://surveyofindia.gov.in/files/nmp/Guidlines%20for%20Implementing%20National%20Map%20policy.pdf.

[13] 'National Map Policy, 2005, Preamble,' Survey of India, http://surveyofindia.gov.in/files/nmp/National%20Map%20Policy.pdf.

[14] Ibid, Objectives.

[15] Supra, 11.

[16] Supra, 5.

[17] 'Remote Sensing Data Policy, 2011,' National Remote Sensing Centre, Indian Space Research Organisation, http://www.nrsc.gov.in/Remote_Sensing_Data_Policy.

[18] Civil Aviation Requirement Section 3 Air Transport Series ‘F’ Part I Issue I, 12th October 2010.

[19] Nandagopal Rajan, 'Why India needs rules for flying drones, soon' (The Indian Express, 9 July, 2015) http://indianexpress.com/article/technology/gadgets/why-india-needs-rules-for-flying-drones-soon/ accessed 11 May 2016.

[20] TNN, 'Now, flying a drone can land you in prison' (The Times of India, 15 February, 2016) http://timesofindia.indiatimes.com/city/jaipur/Now-flying-a-drone-can-land-you-in-prison/articleshow/50990613.cms, accessed 11 May 2016.

[21] Ibid.

[22] Supra, 19; 20.

[23] Supra, 5.

[24] tech2 news staff, 'Why is Google’s Mapathon in hot waters in India? All you need to know' (Tech-2, 12 Aug, 2015) http://tech.firstpost.com/news-analysis/why-is-googles-mapathon-in-hot-waters-in-india-all-you-need-to-know-228810.html, accessed 6 May 2016

[25] Supra, 12.

[26] Supra, 24.

[27] ‘PTI, 'Google ‘polluted Internet’ with classified material: Survey of India' (The Hindu, 10 August, 2014) http://www.thehindu.com/sci-tech/technology/internet/mapathon-2013-row-google-polluted-internet-with-classified-material-says-survey-of-india/article6300853.ece, accessed 11 May 2016.

[28] Sandeep Joshi, ‘Google didn’t take permission for Mapathon’ (The Hindu, 24 April, 2013) http://www.thehindu.com/news/national/google-didnt-take-permission-for-mapathon/article4648589.ece, accessed 6 May 2016.

[29] Supra, 24.

[30] Abhishek Sharan, 'CBI may close probe against Google in Mapathon case' (Hindustan Times, 12 February, 2015) http://www.hindustantimes.com/india/cbi-may-close-probe-against-google-in-mapathon-case/story-CgZYWoP9NgYA3xVepjr5bN.html, accessed 6 May 2016.

[31] PTI, 'Pathankot attack: Sensitive sites on Google Maps under Delhi HC scanner' (Times of India, 15 January, 2016) http://timesofindia.indiatimes.com/tech/tech-news/Pathankot-attack-Sensitive-sites-on-Google-Maps-under-Delhi-HC-scanner/articleshow/50596143.cms, accessed 6 May 2016.

[32] ‘Public Awareness,' Survey of India, http://www.surveyofindia.gov.in/pages/display/190-public-awareness), accessed 6 May 2016.

[33] Aman Sharma, '7-year jail, Rs 100 crore fine soon for showing PoK, Arunachal as disputed' (The Economic Times, 05 May 2016) http://economictimes.indiatimes.com/news/politics-and-nation/7-year-jail-rs-100-crore-fine-soon-for-showing-pok-arunachal-as-disputed/articleshow/52117889.cms, accessed 6 May 2016.

[34] Jaspreet Sahni 'Survey of India files complaint against Google maps for wrong depiction of India's boundaries' (News18, 13 December 2014) http://www.news18.com/news/india/survey-of-india-files-complaint-against-google-maps-for-wrong-depiction-of-indias-boundaries-731101.html, accessed 6 May 2016.

[35] Itanagar agencies, 'Arunachal fumes over wrong map on iPhone4' (Deccan Herald, 04 October, 2010) http://www.deccanherald.com/content/101784/F, accessed 6 May 2016.

[36] CC, 'How Google represents disputed borders between countries' (The Economist, 04 September, 2014) http://www.economist.com/blogs/economist-explains/2014/09/economist-explains-1, accessed 6 May 2016.

[37] The Kashmir Walla, 'Ten Maps of Kashmir That Angered India' (The Kashmir Walla, 14 May, 2015) http://thekashmirwalla.com/2015/05/ten-maps-of-kashmir-that-angered-india/accessed 11 May 2016.

[38] Ibid.

[39] Ibid.

[40] Ibid.

[41] Frank Jacobs, 'The First Google Maps War' (The New York Times, 28 February, 2012) http://opinionator.blogs.nytimes.com/2012/02/28/the-first-google-maps-war/, accessed 11 May 2016.

[42] Ethan Merel, 'Google’s World: The Impact of "Agnostic Cartographers" on the State-Dominated International Legal System' [2016] Columbia Journal of Transnational Law 442-444.

[43] Ibid.

[44] Europe, 'Google map gives German harbour to Netherlands' (BBC, 23 February, 2011) http://www.bbc.com/news/world-europe-12558741, accessed 11 May 2016.

[45] Supra, 42, 448.

[46] Ibid, 449.

[47] Supra, 47.

[48] J. Mohanraj v (1) Secretary To Government, Delhi; (2) Indian Space Research Organisation, Bangalore; (3) Google India Private Limited, Bangalore, 2008 Indlaw MAD 3562.

6. Author Profile

Adya Garg is a law student at West Bengal National University of Juridical Sciences, Kolkata and has completed her second year. An ardent *SRK fan*, and a dancer at heart, she loves reading books in her free time. Always excited about exploring new fields, she never misses an opportunity to work on areas outside her legal curriculum.

For more details visit https://cis-india.org/openness/legal-challenges-to-mapping-in-india-1-laws-policies-cases

Lecture on Open Access and Open Content Licensing at ICAR (short course)

Admin — 2018-12-05T16:19:56Z

The ICAR-Indian Institute of Horticultural Research (IIHR) a constituent establishment of Indian Council of Agricultural Research (ICAR) organised a short course on 'ICTs for Improving Efficiency and Effectiveness in Agricultural Research, Education and Extension of NARES' during November 13-22, 2018 in Bangalore. Anubha Sinha delivered a lecture to the participants.

Read for more information about the programme.

For more details visit https://cis-india.org/openness/news/lecture-on-open-access-and-open-content-licensing-at-icar-short-course

Learning from Fukushima

praskrishna — 2011-08-30T12:47:25Z

Take remedial steps and demystify the unreasoning dread of nuclear power, says Shyam Ponappa in his latest column published by the Business Standard on April 7, 2011.

Official statistics report over 22,000 deaths related to fires, 27,000 by drowning and 144,000 in traffic accidents annually in India[1]. By contrast, the number of deaths resulting from the Chernobyl nuclear accident is about 10,000 in total, estimates Frank von Hippel, a nuclear physicist at Princeton, who is co-chairman of the International Panel on Fissile Materials (other estimates: World Health Organisation 4,000; International Agency for Research on Cancer 16,000; Belarus 93,000 plus 270,000 cancer patients; and Ukraine 500,000). Against this, he estimates the number of deaths owing to pollution from coal plants in the US alone at 10,000 each year [2].

In this context, what are we to make of a top Indian scientist’s demand for stopping nuclear power production in India pending a transparent safety audit of all nuclear plants? Why not stop all traffic because of traffic accidents, to paraphrase another leading scientist? Should we shut down all our cities and towns until the sewerage systems work? A conscious effort should be made to demystify nuclear power.

To consider this rationally, let’s begin with some reported facts. The Fukushima accident happened after the earthquake, after the plant shut down. The plant was designed to withstand waves of six metres, but was struck by an eight-metre high tsunami, according to the US’ National Oceanographic and Atmospheric Administration (other estimates range between 6.71 and 14 metres).

The reactor core takes several days to cool after being shut down and requires external cooling. The cooling system lost power from the grid because of the earthquake. The backup diesel generators worked for an hour, then stopped (there are conflicting reports on the reasons). The backup batteries then powered the pumps until they ran out. There are also conflicting reports of alternate diesel generators that were either of insufficient capacity or could not be connected for reasons that are unclear (flooded connectors, incompatible plugs and so on). The tsunami devastated the surroundings even as it hampered assistance from elsewhere. The failure appears to have been in the supply of power and water, that is , ancillary services.

Japan has 55 nuclear power reactors and it experiences frequent earthquakes. Though there have been instances of plants being shut down after earthquakes (2007: electrical transformer fire at Kashiwazaki-Kariwa, and some leaks of slightly radioactive water reported; 2004: one unit at the same plant was shut down), there has been no failure of nuclear plants because of earthquakes. So, no new facts relating to earthquakes or tsunamis seem to have surfaced to cause India to shut down its nuclear plants arbitrarily.

An increase in energy use in India is inescapable, given the correlation between growth and energy consumption. On balance, we need all the energy we can get staying within reasonable risks and costs. Objectively, what can we expect from our government and related agencies such as the Department of Atomic Energy and the Atomic Energy Agency?

Remedial Action

One could be to expect action to reduce risks based on experience.

After the Indian Ocean tsunami of 2004, a 3.2-km wall was constructed at Kalpakkam, which was in the path of the tsunami, fortified with sandbags, rocks and embankments. (The plant is situated at over 9 metres above the sea, with the reactor floors at a height of nearly 10.7 metres.)
The backup generators are located some distance away from the plant, out of the reach of tsunamis.
Mangroves and casuarinas along the coast helped diffuse the impact of the waves in 2004. News reports indicate the Department of Atomic Energy plans to augment these after its recent review of coastal nuclear plants.
News reports also mention that portable generators will be acquired for backup and tsunami alarms will be installed at coastal sites.

Other remedial measures based on experience may have been incorporated at Indian plants, or if not, could be incorporated now. For instance, referring to Fukushima, Dr von Hippel describes a filtered vent system designed to reduce radioactivity before releasing pressure from the containment building in the event of a meltdown (see diagram). Though it was ignored in the US, Sweden adopted it and so did France and Germany. Presumably, a benefit of Areva’s partnership with the Nuclear Power Corporation of India for constructing India’s new reactors will be the inclusion of filtered vents, if appropriate and not already in our design.

Costs, Benefits and Risks

Another issue is educating people on the risks, costs and benefits of different fuels. Life-cycle emissions capture one aspect of these costs (see figure for Europe).

A similar study is available for the US: “Life-Cycle Assessment of Electricity Generation Systems and Applications for Climate Change Policy Analysis” by Paul J Meier, University of Wisconsin-Madison, August 2002 (http://fti.neep.wisc.edu/pdf/fdm1181.pdf) Besides, there are costs such as population displacement and environmental effects associated with hydroelectric plants, land requirements and the environmental impact of manufacturing for solar generation, noise levels for wind farms, or pollution and the higher risk of accidents associated with coal [3].

Open Information and Communication

A third issue is easy access to accurate and relevant information. After the tsunami in 2004, the information sharing with the public was exemplary, with open and transparent briefings at Kalpakkam. This approach needs to be instituted as a standard operating procedure for governance by all departments and agencies, displaying integrity in systems, thereby instilling confidence in the public.

Prompt and accurate information about safety features including design and remedial measures could be compiled for ready access on websites, with pointers during press briefings. Regular and effective communication of systems and procedures, and measures to mitigate risks, could reduce our unreasoning dread of nuclear energy. Such steps would help assess risks reasonably and provide a good framework for governance and crisis management.

Notes

[1]."Table 38.1 Incidence of Accidental Deaths", http://mospi.nic.in/...38%20ACCIDENT%20STATISTICS/Table-38.1.xls [2008: latest available data].

[2].“It Could Happen Here”, Frank N von Hippel, New York Times, March 23, 2011: http://www.nytimes.com/2011/03/24/opinion/24Von-Hippel.html.

[3].“Nuclear power is safest way to make electricity, according to study”, David Brown, Washington Post, April 2, 2011: http://www.washingtonpost.com/national/nuclear-power-is-safest-way-to-make-electricity-according-to-2007-tudy/2011/03/22/AFQUbyQC_story.html.

For more details visit https://cis-india.org/telecom/blog/fukushima

Leaked Privacy Bill: 2014 vs. 2011

elonnai — 2014-04-01T10:52:41Z

The Centre for Internet and Society has recently received a leaked version of the draft Privacy Bill 2014 that the Department of Personnel and Training, Government of India has drafted.

Note: After obtaining a copy of the leaked Privacy Bill 2014, we have replaced the blog "An Analysis of the New Draft Privacy Bill" which was based off of a report from the Economic Times, with this blog post.

This represents the third leak of potential privacy legislation for India that we know of, with publicly available versions having leaked in April 2011 and September 2011.

When compared to the September 2011 Privacy Bill, the text of the 2014 Bill includes a number of changes, additions, and deletions. Below is an outline of significant changes from the September 2011 Privacy Bill to the 2014 Privacy Bill:

Scope: The 2014 Bill extends the right to Privacy to all residents of India. This is in contrast to the 2011 Bill, which extended the Right to Privacy to citizens of India. The 2014 Bill furthermore recognizes the Right to Privacy as a part of Article 21 of the Indian Constitution and extends to the whole of India, whereas the 2011 Bill did not explicitly recognize the Right to Privacy as being a part of Article 21, and excluded Jammu and Kashmir from its purview.
Definitions: The 2014 Bill includes a number of new definitions, redefines existing terms, and deletes others.

Terms that have been added in the 2014 Bill and the definitions

Personal identifier: Any unique alphanumeric sequence of members, letters, and symbols that specifically identifies an individual with a database or a data set.
Legitimate purpose: A purpose covered under this Act or any other law for the time being in force, which is certain, unambiguous, and limited in scope for collection of any personal data from a data subject.
Competent authority : The authority which is authorized to sanction interception or surveillance, as the case may be, under this Act or rules made there under or any other law for the time being in force.
Notification: Notification issued under this Act and published in the Official Gazette
Control : And all other cognate forms of expressions thereof, means, in relation to personal data, the collection or processing of personal data and shall include the ability to determine the purposes for and the manner in which any personal data is to be collected or processed.
Telecommunications system: Any system used for transmission or reception of any communication by wire, radio, visual or other electromagnetic means but shall not include broadcasting services.
Privacy standards: The privacy standards or protocols or codes of practice. developed by industry associations.

Terms that have been re-defined in the 2014 Bill from the 2011 Bill and the 2014 Bill definitions

Communication data:The data held or obtained by a telecommunications service provider in relation to a data subject including the data usage of the telecommunications
Data subject : Any living individual, whose personal data is controlled by any person
Interception: In relation to any communication in the course of its transmission through a telecommunication system, any action that results in some or all of the contents of that communication being made available, while being transmitted, to a person other than the sender or the intended recipient of the communication.
Person: Any natural or legal person and shall include a body corporate, partnership, society, trust, association of persons, Government company, government department, urban local body, or any other officer, agency or instrumentality of the state.
Sensitive personal data: Personal data relating to: (a) physical and mental health including medical history, (b) biometric, bodily or genetic information, (c) criminal convictions (d) password, (e) banking credit and financial data (f) narco analysis or polygraph test data, (g) sexual orientation. Provided that any information that is freely available or accessible in public domain or to be furnished under the Right to Information Act 2005 or any other law for time being in force shall not be regarded as sensitive personal data for the purposes of this Act.
Individual: a resident of Indian
Covert surveillance: covert Surveillance" means obtaining private information about an individual and his private affairs without his knowledge and includes: (i) directed surveillance which is undertaken for the purposes of specific investigation or specific operation in such a manner as is likely to result in the obtaining of private information about a person whether or not that person was specifically identified in relation to the investigation or operation; (ii) intrusive surveillance which is carried out by an individual or a surveillance device in relation to anything taking place on a residential premise or in any private vehicle. It also covers use of any device outside the premises or a vehicle wherein it can give information of the same quality and detail as if the device were in the premises or vehicle; (iii) covert human intelligence service which is information obtained by a person who establishes or maintains a personal or other relationship with an individual for the covert purpose of using such a relationship to obtain or to provide access to any personal information about that individual
Re-identify: means the recovery of data from an anonymised data, capable of identifying a data subject whose personal data has been anonymised;
Process: “process" and all other cognate forms of expressions thereof, means any operation or set of operations, whether carried out through automatic means or not by any person or organization, that relates to:(a) collation, storage, disclosure, transfer, updating, modification, alteration or use of personal data; or (b) the merging, linking, blocking, degradation or anonymisation of personal data;
Direct marketing: Direct Marketing means sending of a commercial communication to any individual
Data controller: any person who controls, at any point in time, the personal data of a data subject but shall not include any person who merely provides infrastructure for the transfer or storage of personal data to it data controller;
Government: the Central Government or as the case may be, the State Government and includes the Union territory Administration, local authority or any agency and instrumentality of the Government;

Terms that have been removed from the 2014 Bill that were in the 2011 Bill and the 2011 definition:

Consent: Includes implied consent
Maintain: Includes maintain, collect, use, or disseminate.
Data processor: In relation to personal data means any person (other than the employee of the data controller), who processes the data on behalf of the data controller.
Local authority: A municipal committee, district board, body of port commissioners, council, board or other authority legally entitled to, or entrusted by the Government with, the control or management of a municipal or local fund.
Prescribed: Prescribed by rules made under this Act.
Surveillance: Surveillance undertaken through installation and use of CCTVs and other system which capture images to identify or monitor individuals (this was removed from the larger definition of surveillance.)
DNA: Cell in the body of an individual, whether collected from a cheek, cell, blood cell, skin cell or other tissue, which allows for identification of such individual when compared with other individual.

Terms that have remained broadly (with some modification) the same between the 2014 Bill and 2011 Bill (as per the 2014 Bill definition):

Authority: The Data Protection Authority of India
Appellate tribunal: the Cyber Appellate Tribunal established under Sub-Section (1) of section n48 of the Information Technology Act, 2000.
Personal data: Any data which relates to a data subject, if that data subject can be identified from that data, either directly or indirectly, in conjunction with other data that the data controller has or is likely to have and includes any expression of opinion about such data subject.
Member: Member of the Authority
Disclose: and all other cognate forms of expression thereof, means disclosure, dissemination, broadcast, communication, distribution, transmission, or make available in any manner whatsoever, of personal data.
Anonymised: The deletion of all data that identifies the data subject or can be used to identify the data subject by linking such data to any other data of the data subject, by the data controller.

Exceptions to the Right to Privacy: According to the 2011 Bill, the exceptions to the Right to Privacy included:

Sovereignty, integrity and security of India, strategic, scientific or economic interest of the state
Preventing incitement to the commission of any offence
Prevention of public disorder or the detection of crime
Protection of rights and freedoms of others
In the interest of friendly relations with foreign state
Any other purpose specifically mentioned in the Act.

The 2014 Bill reflects almost all of the exceptions defined in the 2011 Bill, but removes ‘detection of crime’ from the list of exceptions. The 2014 Bill also qualifies that the application of each exception must be adequate, relevant, and not excessive to the objective it aims to achieve and must be imposed on the manner prescribed – whereas the 2011 Bill stated only that the application of exceptions to the Right to Privacy cannot be disproportionate to the purpose sought to be achieved.

Acts not to be considered deprivations of privacy: The 2011 Bill lists five instances that will not be considered a deprivation of privacy - namely

For journalistic purposes unless it is proven that there is a reasonable expectation of privacy,
Processing data for personal or household purposes,
Installation of surveillance equipment for the security of private premises,
Disclosure of information via the Right to Information Act 2005,
And any other activity exempted under the Act.

The 2014 limits these instances to:

The processing of data purely for personal or household purposes,
Disclosure of information under the Right to Information Act 2005,
And any other action specifically exempted under the Act.

Privacy Principles: Unlike the 2011 Bill, the 2014 Bill defines nine specific privacy principles: notice, choice and consent, collection limitation, purposes limitation, access and correction, disclosure of information, security, openness, and accountability. The Privacy Principles will apply to all existing and evolving practices.

Provisions for Personal Data: Both the 2011 Bill and the 2014 Bill have provisions that apply to the processing of personal and sensitive personal data. The 2011 Bill includes provisions addressing the:

Collection of personal data,
Processing of personal data,
Data quality,
Provisions relating to sensitive personal data,
Retention of personal data,
Sharing (disclosure) of personal data,
Security of personal data,
Notification of breach of security,
Access to personal data by data subject,
Updation of personal data by data subject
Mandatory processing of data,
Trans border flows of personal data.

Of these, the 2014 Bill broadly (though not verbatim) reflects the 2011 Bill provisions relating to the:

Collection of personal data,
Processing of personal data,
Access to personal data,
Updating personal data
Retention of personal data
Data quality,

The 2014 Bill has further includes provisions addressing:

Openness and accountability,
Choice,
Consent,
Exceptions for personal identifiers.

The 2014 Bill has made changes to the provisions addressing:

Provisions relating to sensitive personal data,
Sharing (disclosure of personal data),
Notification of breach of security,
Mandatory processing of data
Security of personal data
Trans border flows of personal data.

The changes that have been made have been mapped out below:

Provisions Relating to Sensitive Personal Data: The 2011Bill and 2014 Bill both require authorization by the Authority for the collection and processing of sensitive personal data. At the same time, both Bills include a list of circumstances under which authorization for the collection and processing of sensitive personal data is not required. On the whole, this list is the same between the 2011 Bill and 2014 Bill, but the 2014 Bill adds the following circumstances on which authorization is not needed for the collection and processing of sensitive personal data:

For purposes related to the insurance policy of the individual if the data relates to the physical or mental health or medical history of the individual and is collected and processed by an insurance company.
Collected or processed by the Government Intelligence agencies in the interest of the sovereignty, integrity, security or the strategic, scientific or economic interest of India.

The 2014 Bill also allows the Authority to specify additional regulations for sensitive personal data, and requires that any additional transaction sought to be performed with the sensitive personal information requires fresh consent to first be obtained. The 2014 Bill carves out another exception for Government agencies, allowing disclosure of sensitive personal data without consent to Government agencies mandated under law for the purposes of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences.

Notification of Breach of Security: The provisions relating to the notification of breach of security in the 2014 Bill differ from the 2011 Bill. Specifically, the 2014 Bill removes the requirement that data controllers must publish information about a data breach in two national news papers. Thus, in the 2014 Bill, data controllers must only inform the data protection authority and affected individuals of the breach.

Notice: The 2014 Bill changes the structure of the notice mechanism – where in the 2011 Bill, prior to the processing of data, data controllers had to take all reasonable steps to ensure that the data subject was aware of the following:

The documented purposes for which such personal data is being collected
Whether providing of personal data by the data subject is voluntary or mandatory under law or in order to avail of any product or service
The consequences of the failure to provide the personal data
The recipient or category of recipients of the personal data
The name and address of the data controller and all persons who are or will be processing information on behalf of the data controller
If such personal data is intended to be transferred out of the country, details of such transfer.

In contrast the 2014 Bill provides that before personal data is collected, the data controller must give notice of:

What data is being collected and
The legitimate purpose for the collection.

If the purpose for which the data was collected has changed the data controller will then be obligated to provide the data subject with notice of:

The use to which the personal data will be put
Whether or not the personal data will be disclosed to a third party and if so the identity of such person
If the personal data being collected is intended to be transferred outside India and the reasons for doing so, how the transfer helps in achieving the legitimate purpose and whether the country to which such data is transferred has suitable legislation to provide for adequate protection and privacy of the data.
The security and safeguards established by the data controller in relation to the personal data
The processes available to a data subject to access and correct his personal data
The recourse open to a data subject, if he has any complaints in respect of collection or processing of the personal data and the procedure relating thereto
The name, address, and contact particulars of the data controller and all persons who will be processing the personal data on behalf of the data controller.

Disclosure of personal data: Though titled as ‘sharing of personal data’ both the 2011 Bill and 2014 Bill require consent for the disclosure of personal information, but list exceptional circumstances on which consent is not needed. In the 2011 bill, the relevant provision permits disclosure of personal data without consent only if (i) the sharing was a part of the documented purpose, (ii) the sharing is for any purpose relating to the exceptions to the right to privacy or (iii) the Data Protection Authority has authorized the sharing. In contrast, the 2014 Bill permits disclosure of personal data without consent if (i) such disclosure is part of the legitimate purpose (ii) such disclosure is for achieving any of the objectives of section 5 (iii) the Authority has by order authorized such disclosure (iv) the disclosure is required under any law for the time being in force (v) the disclosure is made to the Government Intelligence agencies in the interest of the sovereignty, integrity, security or the strategic, scientific or economic interest of India. As a safeguard, the 2014 Bill requires that any person to whom personal information is disclosed, whether a resident or not, must adhere to all provisions of the Act. Furthermore, the disclosure of personal data must be limited to the extent which is necessary to achieve the purpose for which the disclosure is sought and no person can make public any personal data that is in its control.

Transborder flow of information: Though both the 2011 Bill and the 2014 Bill require any country that data is transferred to must have equivalent or stronger data protection standards in place, the 2014 Bill carves out an exception for law enforcement and intelligence agencies and the transfer of any personal data outside the territory of India, in the interest of the sovereignty, integrity, security or the strategic, scientific or economic interest of India.

Mandatory Processing of Data: Both the 2011 Bill and 2014 Bill have provisions that address the mandatory processing of data. These provisions are similar, but the 2014 Bill includes a requirement that data controllers must anonymize personal data that is collected without prior consent from the data subject within a reasonable time frame after collection.

Security of Personal Data: The provision relating to the security of personal information in the 2014 Bill has been changed from the 2011 Bill by expanding the list and type of breaches that must be prevented, but removing requirements that data controllers must ensure all contractual arrangements with data processors specifically ensure that the data is maintained with the same level of security.

Conditions on which provisions do not apply: Both the 2011Bill and 2014 Bill define conditions on which the provisions of updating personal data, access, notification of breach of security, retention of personal data, data quality, consent, choice, notice, and right to privacy will not apply to personal data. Though the 2011 Bill and 2014 Bill reflect the same conditions, the 2014 Bill carves out an exception for Government Intelligence Agencies - stating that the provisions of updating personal data, access to data by the data subject, notification about breach of security, retention of personal data, data quality, processing of personal data, consent, choice, notice, collection from an individual will not apply to data collected or processed in the interest of the sovereignty, integrity, security or the strategic, scientific or economic interest of India.
Privacy Officers: Unlike the 2011 Bill, the 2014 Bill defines the role of the privacy officer that must be established by every data controller for the purpose of overseeing the security of personal data and implementation of the provisions of the Act.
Power of Authority to Exempt: Both the 2011 Bill and 2014 Bill contain provisions that enable the Authority to waive the applicability of specific provisions of the Act. The circumstances on which this can be done are based on the exceptions to the Right to Privacy in both the 2011 and 2014 Bill. To this extent, the 2014 Bill differs slightly from the 2011 Bill, by removing the power of the Authority to exempt for the ‘detection of crime’ and ‘any other legitimate purpose mentioned in this Act’ .

The Data Protection Authority: The 2011 Bill and 2014 Bill both establish Data Protection Authorities, but the 2014 Bill further clarifies certain aspects of the functioning of the Authority and expands the functions and the powers of the Authority. For example, new functions of the Authority include:

Auditing any or all personal data controlled by the data controller to assess whether it is being maintained in accordance with the Act,
Suggesting international instruments relevant to the administration of the Act,
Encouraging industry associations to evolve privacy standards for self regulations, adjudicating on disputes arising between data controllers or between individuals and data controllers.

The 2014 Bill also expands the powers of the Data Protection Authority – importantly giving him the power to receive, investigate complaints about alleged violations of privacy and issue appropriate orders or directions.

At the same time, the 2014 Bill carves out an exception for Government Intelligence Agencies and Law Enforcement agencies – preventing the Authority from conducting investigations, issuing appropriate orders or directions, and adjudicating complaints in respect to actions taken by the Government Intelligences Agencies and Law Enforcement, if for the objectives of (a) sovereignty, integrity or security of India; or(b) strategic, scientific or economic interest of India; or(c) preventing incitement to the commission of any offence, or (d) prevention of public disorder, or(e) the investigation of any crime; or (f) protection of rights and freedoms of others; or (g) friendly relations with foreign states; or (h) any other legitimate purpose mentioned in this Act.

This power is instead vested with a court of competent jurisdiction.

The National Data Controller Registry: The 2014 Bill removes the National Data Controller Registry and requirements for data controllers to register themselves and oversight of the Registry by the Data Protection Authority.
Direct Marketing: Both the 2011 and 2014 Bills contain provisions regulating the use of personal information for direct marketing purposes. Though the provisions are broadly the same, the 2011 Bill envisions that no person will undertake direct marketing unless he/she is registered in the ‘National Data Registry’ and one of the stated purposes is direct marketing. As the 2014 Bill removes the National Data Registry, the 2014 Bill now requires that any person undertaking direct marketing must have on record where he/she has obtained personal data from.
Interception of Communications: Though maintaining some of the safeguards defined in the 2011 Bill for interception, 2014 Bill changes the interception regime envisioned in the 2011 Bill by carving out a wide exception for organizations monitoring the electronic mail of employees, removing provisions requiring the interception take place only for the minimum period of time required for achieving the purposes, and removing provisions excluding the use of intercepted communications as evidence in a court of law. Similar to the 2011 Bill, the 2014 Bill specifies that the principles of notice, choice and consent, access and correction, and openness will not apply to the interception of communications.
Video Recording Equipment in public places: Unlike the 2011 Bill, which addressed only the use of CCTV’s, the 2014 Bill addresses the installation and use of video recording equipment in public places. Though both the 2011 Bill and 2014 Bill both prevent the use of recording equipment and CCTVs for the purpose of identifying an individual, monitoring his personal particulars, or revealing personal, or otherwise adversely affecting his right to privacy - the 2014 Bill requires that the use of recording equipment must be in accordance with procedures, for a legitimate purpose, and proportionate to the objective for which the equipment was installed.

The 2014 Bill makes a broad exception to these safeguards for law enforcement agencies and government intelligence agencies in the interest of the sovereignty, integrity, security or the strategic, scientific, or economic interest of India.

Privacy Standards and Self Regulation: The 2014 Bill establishes a specific mechanism of self regulation where industry associations will develop privacy standards and adhere to them. For this purpose, an industry ombudsman should be appointed. The standards must be in conformity with the National Privacy Principles and the provisions of the Privacy Bill. The developed standards will be submitted to the Authority and the Authority may frame regulations based on the standards. If an industry association has not developed privacy standards, the Authority may frame regulations for a specific sector.
Settlement of Disputes and Appellate Tribunal: The 2014 Bill makes significant change to the process for settling disputes from the 2011 Bill. In the 2014 Bill an Alternative Dispute Mechanism is established where disputes between individuals and data controllers are first addressed by the Privacy Officer of each Data Controller or the industry level Ombudsman. If individuals are not satisfied with the decision of the Ombudsman they may take the complaint to the Authority. Individuals can also take the complaint directly to the Authority if they wish. If an individual is aggrieved with the decision of the Authority, by a privacy officer or ombudsman through the Alternative Dispute Resolution mechanism, or by the adjudicating officer of the Authority, they may approach the Appellate Tribunal. Any order from the Appellate Tribunal can be appealed at a high court.

In the 2011 Bill disputes between the data controller and an individual can be taken directly to the Appellate Tribunal and orders from the Authority can be appealed at the Tribunal. There is not further path for appeal to an order of the tribunal.

Offences and Penalties: The 2014 Bill changes the structure of the offences and penalties section by breaking the two into separate sections - one addressing offences and one addressing penalties while the 2011 Bill addressed offences and penalties in the same section.

Offences: The 2014 Bill penalizes every offence with imprisonment and a fine and empowers a police officer not below the rank of Deputy Superintendent of Police to investigate any offence, limits the courts ability to take cognizance of an offence to only those brought by the Authority, requires that the Court be no lower than a Chief Metropolitan Magistrate or a Chief Judicial Magistrate, and permits courts to compound offences. The 2014 Bill further specifies that any offence that is punishable with three years in prison and above is cognizable, and offences punishable with three years in prison are bailable. . Under the 2014 Bill offences are defined as:

Unauthorized interception of communications
Disclosure of intercepted communications
Undertaking unauthorized Covert Surveillance
Unauthorized use of disclosure of communication data

The offences defined under the Act are reflected in the 2011 Bill, but the time in prison and fine is higher in the 2014 Bill.

Penalties: The 2014 Bill provides a list of penalties including:

Penalty for obtaining personal data on false pretext
Penalty for violation of conditions of license pertaining to maintenance of secrecy and confidentiality by telecommunications service providers
Penalty for disclosure of other personal information
Penalties for contravention of directions of the Authority
Penalties for data theft
Penalties for unauthorised collection, processing, and disclosure of personal data
Penalties for unauthorized use of personal data for direction marketing. These penalties reflect the penalties in the 2011 bill, but prescribe higher fines

Adjudicating Officer: Unlike the 2011 Bill that did not have in place an adjudicating officer, the 2014 Bill specifies that the Chairperson of the Authority will appoint a Member of the Authority not below the Rank of Director of the Government of India to be an adjudicating officer. The adjudicating officer will have the power to impose a penalty and will have the same powers as vested in a civil court under the Code of Civil Procedure. Every proceeding before the adjudicating officer will be considered a judicial processing. When adjudicating the officer must take into consideration the amount of disproportionate gain or unfair advantage, the amount of loss caused, the respective nature of the default

Civil Remedies and compensation: Both the 2011 and 2014 Bill contain provisions that permit an individual to pursue a civil remedy, but the 2014 Bill limits these instances to - if loss or damage has been suffered or an adverse determination is made about an individual due to negligence on complying with the Act, and provides for the possibility that the contravening parties will have to provide a public notice of the offense.

The 2014 Bill removes provisions specifying that individuals that have suffered loss due to a contravention by the data controller of the Act are entitled to compensation.

Exceptions for intelligence agencies: Unlike the 2011 Bill, the 2014 Bill includes an exception for Government Intelligence Agencies and Law Enforcement Agencies – stating that the Authority will not have the power to conduct investigations, issue appropriate orders and directions or otherwise adjudicate complaints in respect of action taken by the Government intelligence agencies and Law Enforcement agencies for achieving any of the objectives that reflect the defined exceptions to privacy.

The Centre for Internet and Society welcomes many of the changes that are reflected in the Privacy Bill 2014, but are cautious about the wide exceptions that have been carved out for law enforcement and intelligence agencies in the Bill.

In 2012, the Report of Group of Expert s on Privacy was developed for the purpose of informing a privacy framework for India. As such the Centre for Internet and Society will be analyzing in upcoming posts the draft Privacy Bill 2014 and the recommendations in the Report of the Group of Experts on Privacy.

For more details visit https://cis-india.org/internet-governance/blog/leaked-privacy-bill-2014-v-2011

Centre for Internet and Society

Links in the Chain - Volume X, issue 3

Linking Aadhaar with social media or ending encryption is counterproductive

Limits to Privacy

Introduction

Constitutional Jurisprudence on Privacy

Vocabularies of Privacy Limitation

Privacy of Communications

Privileged Communications

Privacy of the Home: Search and Seizure Provisions

Privacy of the Body

Court-ordered Medical Examinations

Reproductive Rights

DNA Tests in Civil Suits

Bodily Effects — Fingerprints, handwriting samples, photographs, Irises, narco-analysis, brain maps and DNA

Privacy of Records

Conclusion

Notes

Limits to Privacy

Letter to MPs on Concerns on Regional Comprehensive Economic Partnership

Letter to Education Secretary, Government of Karnataka, Advocating Adoption of FOSS in State IT Academies

Letter on South Africa's IPRs from Publicly Financed R&D Regulations

Letter from Civil Society Organizations to CII

Govt accepts panel report against narrowing of Indian patent law

Letter for Civil Society Involvement in WCIT

Leslie Chan Lectures in Tiruvananthapuram and Mysore

Programme of Prof. Leslie Chan in Thiruvananthapuram

Knowledge Management in the Open Access Environment

Emerging Trends in Scholarly Communications and Impact Measures in the Open Knowledge Environment

Lecture-cum-Open Forum on Open Access Initiatives (OAI)

A Special Lecture by Prof. Leslie Chan in Mysore

Emerging Trends in Scholarly Communications and Impact Measures in the Open Knowledge Environment

Legal Issues pertaining to Cloud Computing

Conference Programme

Legal Challenges to Mapping in India #1 - Laws, Policies, and Cases

1. Introduction

2. Mapping the Legal Journey of Geospatial Data: Past to Present

2.1. National Map Policy, 2005

Map Transaction Registry, Survey of India, URL: http://www.surveyofindia.gov.in/pages/view/48

2.2. Guidelines issued by Survey of India

2.3 Remote Sensing Data Policy (RSDP)

2.4 Civil Aviation Rules

3. Incidents of Legal Actions Faced by Agencies

3.1. Google's Mapathon in Legal Trouble

3.2. One Country - Two Boundaries

3.3. J. Mohanraj v Google and Others

4. Conclusion

5. References

6. Author Profile

Lecture on Open Access and Open Content Licensing at ICAR (short course)

Learning from Fukushima

Remedial Action

Costs, Benefits and Risks

Open Information and Communication

Notes

Leaked Privacy Bill: 2014 vs. 2011