Centre for Internet and Society

'We Need to Proactively Ensure that People Can't File Patents Representative of the Creativity of a FOSS Community'

rohini — 2015-09-27T11:51:50Z

Rohini Lakshané attended “Open Innovation, Entrepreneurship, and Our Digital Culture” in Bangalore on August 13, 2015. Major takeaways from the event are documented in this post.

Speakers: Prof. Eben Moglen, Keith Bergelt, and Mishi Choudhary; Panel discussion moderator: Venkatesh Hariharan. See the event page here. The organizers republished Rohini's report on their website.

Prof. Eben Moglen on FOSS and entrepreneurship

The culture of business in the 21^st century needs open source software or free software because there is one Internet governed by one set of rules, protocols and APIs that make it possible for us to interact with each another. The Internet made everybody interdependent on everybody else. Startup culture needs free and open source software (FOSS) because startups are an insurgency, a guerrilla activity in business. The incumbents in a capitalistic world dislikes competition and detests that existing resources, such as FOSS, enable insurgents to circumvent some of the steep curve that they had to climb in order to become incumbents.
Hardware is developing in ways that make the idea of proprietary development of software obsolete. There is no large producer of proprietary software that isn't also dependent on FOSS. Microsoft Cloud is based on deployments that do not use Windows but are based on FOSS. The era of Android as a semi-closed, semi-proprietary form of FOSS is over. Big and small companies around the world are exploiting the open source nature of Android.
Free software is a renewable resource not a commodity. Management is needed to avoid over-consumption or destruction of the FOSS ecosystem. Software is to the 21^st century economic life what coal, steel, and rare earth metals were at the end of the previous century.
FOSS turned out to be about developing human brains. It turned out to be about using human intelligence in software better. Earlier universities, engineering colleges and research institutions were the greatest manufacturers and users of FOSS. Now businesses of all sizes are.
When Richard Stallman and Prof. Eben Moglen set out to make GPL free, they initiated a large public discussion process, the primary goal of which was to ensure that individual developers have as much right to talk and to be heard as loudly as the largest firms in the world. At the end of the negotiation process, 35 or 36 of the largest patent holders in the IT industry accepted the basic agreement to be a part of the commons. --- Incumbents like people to pay for a seat at the table. Paying to have an opinion is a pretty serious part of the landscape of the patent system.

Prof. Eben Moglen on Digital India

Every e-governance project that the Indian government buys should use FOSS. The very nature of the way the citizens and governments interact can come to be mediated by software that people can read, understand, modify, and improve. An enormous ecosystem will come up -- a kind of public–private partnership (PPP) in the improvement of governance and government services, which is far more useful than most other forms of PPP conceptualised in the developed world in the 20^th century.
Everybody has a stake in the success of this policy. Several corporations are working against this policy as they once stated that they do not need FOSS.
The biggest market for both making and consuming software in the world is in India, because the science done here will dominate global software making, which in turn will define how the Internet works, which in turn will define society. One can't develop the largest society on earth by reinventing the wheel. The government is going to understand that only the sharing of knowledge and the sharing of forms of inventing would enable the largest society in the world to develop itself freely and take its place in the forefront of digital humanity.
If every state government's data centre across India is going to be turned into a cloud, one state might have VMWare, another might have AWS, and so on, it would be disastrous. To prevent this, all e-governance activities of every state government and federal agency in India could be conducted in one, big, homogeneous Indian cloud. This would enable utility computing across the country for all citizens, which would also make room for citizen computing to happen. When one moves towards architectures of omnipresent utility computing with large amounts of memory flatly available to everybody, one is going to be describing a national computing environment for a billion people. We can't even begin to model it until we start accomplishing it.
Prof. Eben Moglen's ambition is that there comes a time not very long from now when basic data science is taught in Indian secondary schools. The software is free and all the big data sets are public. A nation of a 100 million data scientists rules the world.

Keith Bergelt on the Open Invention Network

Over the past 10 years, Open Invention Network (OIN) has emerged as the largest patent non-aggression community in the history of technology. It has around 1,700 participants and is adding almost 2 participants every day. In the last quarter, OIN had approximately 200 licensees.
There is now a cultural transformation where companies are recognising that where OIN members collaborate, they shouldn't use patents to stop or slow down progress. Where members compete, they choose to invent while utilising defensive patents publications. What we are doing is a patent collaboration and a technical collaboration that exists in major projects around the world.
OIN has been making a major effort since January 2015 to spend more time in India and China to be able to ensure that the technological might and expertise represented in the two countries can be a part of the global community, and that global projects can start here. “We can expect to leverage the expertise of the community to be able to drive innovation from here [India and China]. It's not about IBM investing a billion dollars a year since 1999 and having some birthright to driving the open source initiatives around the world or about Google or Red Hat or anyone else. You have the ability to impact major changes and we want to be able to support you in the name of freedom of action as participants.”

Panel Discussion

Patent Wars and Innovation

In the past 5 to 7 years, patent wars in the handset segment of the information technology (IT) market have wasted tens of billions of dollars on litigation, and on raising the price of patent armaments. This patent litigation was purely an economic loss to the IT industry and it contributed nothing. If the patent system strangles invention, non-profit groups, non-commercial bodies, free software makers, and start-ups cannot invent freely.
Defensive patent publications, such as those made by IBM, lead to the gross underestimation of the inventive power and output of the company. People are struggling to find something to evaluate the productive output of an entity – startup, micro-industry or macro-industry. Patents are being used inappropriately and it's part of the corruption of the patent system. Any venture capitalist (VC) who believes that either the innovative capacities or the potential success factors of a start-up are tied to its patents should know that there are only a minuscule number of cases where patents are the differentiator. The differentiators required in order to sustain business are how smart the people are, how quickly they innovate, and how quickly they are able to adapt to complex situations. We see a trend in the US of not equating patents with innovation. The core-developer and hacker communities are largely anti-patent.
However, the flip side is that if the FOSS communities do not patent defensively, i.e., acquire and publish patents for their inventions in order to prevent others from getting patents in one jurisdiction or another, patent trolls will eventually encroach on the communities' inventive output. The only people making money out of this whole process are lawyers. It is slowing down the uptake of technology by creating fears and doubts in the system.
FOSS communities didn't qualify everything produced in the 23 years of (Linus') Linux, which would have let the service serve as stable prior art, preventing other people from filing patents. We can debate what is patentable subject matter in general or whether software should be patentable, but in the meantime if we can be proactive and file everything that we have in defensive publications and make it accessible to the patent and trademark offices here and around the world, we will have far fewer patents. We need to be activists in making sure that people can't file patents that are representative of the creativity of a community.
The Chinese government has instituted a programme designed to produce defensive publications in order to capture all the inventiveness across their industries, to be able to ensure that the quality of what ultimately gets patented is at least as high.
The US has a massive repository called ip.com, which is with every patent examiner of the USPTO.
India does not grant software patents as per section 3(k) of the Indian Patents Act, but that doesn't mean that no software patents are being granted. One of the empirical studies conducted by the Software Freedom Law Centre (SFLC) in India shows that 98.3% of the [telecom and computing technology] patents granted till 2013 went to multinational corporations. Almost none of the assignees are Indian.
In the context of the ongoing patent infringement law suits filed in the Delhi High Court by Ericsson [link]: The Delhi High Court has had a reputation of being very pro-intellectual property from the beginning.
Also, there is pressure from trade organisations. In August 2015, Ericsson along with ASSOCHAM invited the Director General of the Competition Commission of India to present a paper about why patents are good. It is essential to determine how the rules of conflict of interest apply here. This is exactly what the pharmaceutical industry would do. The only bodies who would object are Doctors Without Borders (MSF) or some local organisations who realise that high priced patented drugs is not what India needs and that we do not need to have the same IP policy as the US or Japan. We only need a different policy.
The Special 301 Report of the United States Trade Representative (USTR) is a big sham, and it suggests that India doesn't have strict enforcement of IP law. India does, unlike China.
Accenture has been granted a software patent in India. The patent is about an expert present in a remote location transferring knowledge to somebody who is listening in another location. Universities offering MOOCs, BPOs, and many other services would fall under such a patent. SFLC spent four years trying to fight this patent. The first defence of Accenture's battery of lawyers was that they won't use the patent.
Patents of very low quality are being bought at very high prices. The tax system or the subsidy system for innovation regards all patents as equal. This is a pricing failure and that should be corrected by other forms of intervention. The pendulum has already begun to swing the other way. Alice Corp was the third consecutive and unanimous ruling by the US Supreme Court that abstract ideas are not patentable. Patent applications pertaining to business methods and algorithms are increasingly being rejected by the USPTO after the ruling.

Prof. Eben Moglen on Facebook:

Facebook is a badly designed technology because there is one Man in the Middle who keeps all the logs. The privacy problem with Facebook is not just about what people post. It's about surveillance and data mining of web reading behaviour. It is a social danger that ought not to exist. I have said since 2010 is that we can't forbid it; let's replace it. It means bringing the web back as a writeable medium for people in an easy way. What I see as next-generation architecture could just as well be described as Tim Burners Lee's previous generation architecture.

You have to be able to trust the Internet. If you can't, you are going to be living in the shadow of govt surveillance, corporate surveillance, the fear of identity theft, and so on. We need to be able to explain to people what kind of software they can trust and what kind they can't. Distributed social networking will happen; it's not that difficult a problem.

An example of federated networking is Freedombox, a cheap hardware doing router jobs using free software in ways that encourage privacy. The pilot project for Freedombox has been deployed in little villages in Andhra Pradesh and Karnataka. These routers don't deliver logs to a thug in a hoodie in Menlo Park.

For more details visit https://cis-india.org/a2k/blogs/we-need-to-proactively-ensure-that-people-cant-file-representatives-of-the-creativity-of-a-foss-community

Civil Society Organisations and Internet Governance in India - Open Review

sumandro — 2015-11-13T05:51:03Z

This is a book section written for the third volume (2000-2010) of the Asia Internet History series edited by Prof. Kilnam Chon. The pre-publication text of the section is being shared here to invite suggestions for addition and modification. Please share your comments via email sent to raw[at]cis-india[dot]org with 'Civil Society Organisations and Internet Governance in India - Comments' as the subject line. This text is published under Creative Commons Attribution-NoDerivatives 4.0 International license.

You are most welcome to read the pre-publication drafts of other sections of the Asia Internet History Vol. 3, and share your comments: https://sites.google.com/site/internethistoryasia/book3.

Early Days

The overarching context of development interventions and rights-based approaches have shaped the space of civil society organizations working on the topics of information and communication technologies (ICTs) and Internet governance in India. Early members of this space came from diverse backgrounds. Satish Babu was working with the South Indian Federation of Fishermen Societies (SIFFS) in mid-1990s, when he set up a public mailing list called 'FishNet,' connected to Internet via the IndiaLink email network, (then) run by India Social Institute to inter-connect development practitioners in India. He went on to become the President of Computer Society of India during 2012-2013; and co-founded Society for Promotion of Alternative Computing and Employment (SPACE) in 2003, where he served as the Executive Secretary during 2003-2010 [Wikipedia 2015]. Anita Gurumurthy, Executive Director of IT for Change and one of the key actors from Indian civil society organizations to take part in the World Summit on the Information Society (WSIS) process, had previously worked extensively on topics related to public health and women's rights [ITfC b], which deeply shaped the perspectives she and IT for Change have brought into the Internet governance sphere, globally as well as nationally [Gurumurthy 2001]. Arun Mehta initiated a mailing list titled 'India-GII' in 2002 to discuss 'India's bumpy progress on the global infohighway' [India-GII 2005]. This list played a critical role in curating an early community of non-governmental actors interested in the topics of telecommunication policy, spectrum licensing, Internet governance, and consumer and communication rights. As Frederick Noronha documents, the mailing list culture grew slowly in India during the late 1990s and early 2000s. However, they had a great impact in organizing early online communities, sometimes grouped around a topical focus, sometimes functioning as a bridge among family members living abroad, and sometimes curating place-specific groups [Noronha 2002].

The inaugural conference of the Free Software Foundation of India [FSFI] in Thiruvananthapuram, on 20 July 2001, galvanized the Free/Libre and Open Source Software (FLOSS) community in India. The conference was titled 'Freedom First,' and Richard Stallman was invited as the chief guest. It was a vital gathering of actors from civil society organizations, software businesses, academia, and media, as well as the Secretary of the Department of Information Technology, Government of Kerala (the state where the conference was held). The conference laid the basis for sustained collaborations between the free software community, civil society organizations, emerging software firms in the state, and the Government of Kerala for the years to come. Two early initiatives that brought together free software developers and state government agencies were the Kerala Trasportation Project and the IT@School project, which not only were awarded to firms promoting use of FLOSS in electronic governance project, but facilitated a wider public dialogue regarding the need think critically about the making of information society in India [Kumar 2007]. The inter-connected communities and overlapping practices of the FLOSS groups, civil society organizations involved in ICT for Development initiatives, telecommunication policy analysts and advocates, and legal-administrative concerns regarding life in the information society – from digital security and privacy, to freedom of online expressions, to transparency in electronic governance infrastructures – have, hence, continued to shape the civil society space in India studying, discussing, responding, and co-shaping policies and practices around governance of Internet in India.

Key Organizations

IT for Change was established in 2000, in Bengaluru, as a non-governmental organization that 'works for the innovative and effective use of information and communication technologies (ICTs) to promote socio-economic change in the global South, from an equity, social justice and gender equality point of view' [ITfC]. It has since made important contributions in the field of ICTs for Development, especially in integrating earlier communication rights practices organised around old media forms with newer possibilities of production and distribution of electronic content using digital media and Internet [ITfC e], and in that of Internet governance, especially through their participation in the WSIS and Internet Governance Forum (IGF) processes and by co-shaping the global Souther discourse of the subject [ITfC d]. It has also done significant works in the area of women's rights in the information society, and have been a core partner in a multi-country feminist action research project on using digital media to enhance the citizenship rights and experiences of marginalized women in India, Brazil, and South Africa [ITfC c]. IT for Change has co-led the formation of Just Net Coalition in February 2014 [JNC].

Digital Empowerment Foundation (DEF) was founded by Osama Manzar, in New Delhi in 2002, with a 'deep understanding that marginalised communities living in socio-economic backwardness and information poverty can be empowered to improve their lives almost on their own, simply by providing them access to information and knowledge using digital tools' [DEF c]. DEF has contributed to setting up Community Information Resource Centres across 19 states and 53 districts in India, with computers, printers, scanners, and Internet connectivity [DEF]. DEF organises one of the biggest competitions in Asia to identify, foreground, and honour significant contributions in the area of ICT for Development [DEF d]. This annual competition series, titled 'Manthan Award' (Translation: 'manthan' means 'churning' in Sanskrit), started in 2004. It has alllowed DEF to create a detailed database of ICT for Development activities and actors in the South Asia and Asia Pacific region. Since 2011, DEF has started working with Association for Progressive Communications on a project titled 'Internet Rights' to take forward the agenda of 'internet access for all' in India [DEF b].

The Society for Knowledge Commons was formed in New Delhi 2007 by 'scientists, technologists, researchers, and activists to leverage the tremendous potential of the ‘collaborative innovation’ model for knowledge generation that has lead to the growth of the Free and Open Source Software community (FOSS) around the world' [Society for Knowledge Commons]. It has championed integration of FOSS into public sector operations in India – from electronic governance systems to use of softwares in educational institutes – and has made continuous interventions on Internet governance issues from the perspective of the critical importance of shared knowledge properties and practices for a more democratic information society. It is a part of the Free Software Movement of India [FSMI], an alliance of Indian organizations involved in advocating awareness and usage of FOSS, as well as a founding member of the Just Net Coalition [JNC].

The Centre for Internet and Society (CIS) was established in Bengaluru in 2008 with a research and advocacy focus on topics of accessibility of digital content for differently-abled persons, FOSS and policies on intellectual property rights, open knowledge and Indic Wikipedia projects, digital security and privacy, freedom of expression and Internet governance, and socio-cultural and historical studies of Internet in India [CIS]. In one of the key early projects, CIS contributed to the making of web accessibility policy for government websites in India, which was being drafted by the Department of Information Technology, Government of India [CIS 2008]. In the following years it took part in the Internet Governance Forum summits; submitted responses and suggestions to various policies being introduced by the government, especially the Information Technology (Amendment) Act, 2008, National Identification Authority of India (NIA) Bill, 2010, and the Approach Paper for a Legislation on Privacy, 2010; produced a report on the state of open government data in India [Prakash 2011b], and undertook an extensive study on the experiences of the young people in Asia with Internet, digital media, and social change [Shah 2011].

Software Freedom Law Centre has undertaken research and advocacy interventions, since 2011, in the topics digital privacy, software patents, and cyber-surveillance [SFLC]. The Internet Democracy Project, an initiative of Point of View, has organised online and offline discussions, participated in global summits, and produced reports on the topics of freedom of expression, cyber security and human rights, and global Internet governance architecture since 2012 [IDP].

The first Internet Society chapter to be established in India was in Delhi. The chapter began in 2002, but went through a period of no activity before being revived in 2008 [Delhi]. The Chennai chapter started in 2007 [Chennai], the Kolkata one in 2009 [Kolkata], and the Bengaluru chapter came into existence in 2010 [Bangalore]. Asia Internet Symposium have been organised in India twice: 1) the Kolkata one, held on on 1 December 2014, focused on 'Internet and Human Rights: Empowering the Users,' and 2) the Chennai symposium, held on 2 December 2014, discussed 'India in the Open and Global Internet.' The newest Internet Society chapter in India is in the process of formation in Trivandrum [Trivandrum], led by the efforts of Satish Babu (mentioned above).

Global and National Events

The first World Summit on the Information Society (WSIS) conference in Geneva, held on 10-12 December 2003, was not attended by many civil society organizations from India. Several Indian participants in the conference were part of the team of representatives from different global civil society organizations, like Digital Partners, Development Alternatives with Women for a New Era (DAWN), and International Centre for New Media [ITU 2003]. Between the first and the second conference, the engagement with the WSIS process increased among Indian civil society organizations increased of the WSIS process, which was especially led by IT for Change. In early 2005, before the second Preparatory Committee meeting of the Tunis conference, it organized a discussion event titled 'Gender Perspectives on the Information Society: South Asia Pre-WSIS Seminar' in partnership with DAWN and the Indian Institute of Management, Bangalore, which was supported by UNIFEM and the UNDP Asia-Pacific Development Information Programme [Gurumurthy 2006]. In a separate note, Anita Gurumurthy and Parminder Jeet Singh of IT for Change have noted their experience as a South Asian civil society organization engaging with the WSIS process [Gurumurthy 2005]. The second WSIS conference in Tunis, held on 16-18 November 2005, however, neither saw any significant participation from Indian civil society organizations, except for Ambedkar Centre for Justice and Peace, Childline India Foundation / Child Helpline International, and IT for Change [ITU 2005]. This contrasted sharply with the over 60 delegates from various Indian government agencies taking part in the conference [ITU 2005].

Two important events took place in India in early 2005 that substantially contributed to the civil society discourses in India around information technology and its socio-legal implications and possibilities. The former is the conference titled 'Contested Commons, Trespassing Publics' organized by the Sarai programme at the Centre for the Study of Developing Societies, Alternative Law Forum, and Public Service Broadcasting Trust, in Delhi on 6-8 January 2005. The conference attempted to look into the terms of intellectual property rights (IPR) debates from the perspectives of experiences in countries in Asia, Latin America, and Africa. It was based on the research carried out by the Sarai programme and Alternative Law Forum on contemporary realities of media production and distribution, and the ways in which law and legal instruments enter into the most intimate spheres of social and cultural life to operationalise the IPRs. The conference combined academic discussions with parallel demonstrations by media practitioners, and knowledge sharing by FLOSS communities [Sarai 2005]. The latter event is the first of the Asia Source workshop that took place in Bengaluru during 28 January - 4 February 2005 . It brought together more than 100 representatives from South and South-East Asian civil society organizations and technology practitioners working with them, along with several leading practitioners from Africa, Europe, North America, and Latin America, to promote adoption and usage of FLOSS across the developmental sector in the region. The workshop was organized by Mahiti (Bengaluru) and Tactical Technology Collective (Amsterdam), with intellectual and practical support from an advisory group of representatives from FLOSS communities and civil society organizations, and financial support from Hivos, the Open Society Institute, and International Open Source Network [Asia Source].

While the participation of representatives from Indian civil society organizations at the IGFs in Athens (2006) and Rio de Janeiro (2007) was minimal, the IGF Hyderabad, held on 3-6 December 2008, provided a great opportunity for Indian civil society actors to participate in and familiarize themselves with the global Internet governance process. Apart from various professionals, especially lawyers, who attended the Hyderabad conference as individuals, the leading civil society organizations participating in the event included: Ambedkar Center for Justice and Peace, Centre for Internet and Society, Centre for Science, Development and Media Studies, Digital Empowerment Foundation, Internet Society Chennai chapter, IT for Change, and Mahiti. The non-governmental participants from India at the event, however, were predominantly from private companies and academic institutes [IGF 2008].

IT for Change made a critical intervention into the discourse of global Internet governance during the Hyderabad conference by bringing back the term 'enhanced cooperation,' as mentioned in the Tunis Agenda for the Information Society [ITU 2005 b]. At IGF Sharm El Sheikh, held during 15-18 November 2009, Parminder Jeet Singh of IT for Change explained:

[E]nhanced cooperation consists of two parts. One part is dedicated to creating globally applicable policy principles, and there is an injunction to the relevant organizations to create the conditions for doing that. And I have a feeling that the two parts of that process have been conflated into one. And getting reports from the relevant organizations is going on, but we are not able to go forward to create a process which addresses the primary purpose of enhanced cooperation, which was to create globally applicable public policy principles and the proof of that is that I don't see any development of globally applicable public policy principles, which remains a very important need. [IGF 2009]

This foregrounding of the principle of 'enhanced cooperation' have since substantially contributed to rethinking not only the global Internet governance mechanisms and its reconfigurations, but also the Indian government's perspectives towards the same. It eventually led to the proposal made by a representative of Government of India at the UN General Assembly session on 26 October 2011 regarding the establishment of a UN Committee for Internet-Related Policies [Singh 2011].

Internet Policies and Censorship

One of the earliest instances of censorship of online content in India is the blocking of several websites offering Voice over IP (VoIP) softwares, which can be downloaded to make low-cost international calls, during late 1990s. The India-GII mailing list initiated by Arun Mehta, as mentioned above, started almost as a response to this blocking move by Videsh Sanchar Nigam Limited (VSNL), the government-owned Internet Service Provider (ISP). Additionally, Mehta filed a case against VSNL for blocking these e-commerce websites, which might be identified as the first case of legal activism for Internet-related rights in India [India-GII 2001]. During the war between India and Pakistan during 1999, the Indian government instructed VSNL to block various Pakistani media websites, including that of Dawn. Like in the case of websites offering VoIP services, this blocking did not involve direct intervention with the websites concerned but only the ability of Indian users to access them [Tanna 2004]. The first well-known case of the Government of India blocking digital content for political reasons occurred in 2003, when a mailing list titled 'Kynhun' was banned. Department of Telecommunications instructed all the But the previously deployed URL-blocking strategy did not work in the new situation of mailing lists. Blocking the URL of the group did not stop it from being used by members of the group to continue sharing email through it. Government of India then approached Yahoo directly to ensure that the mailing list is closed down, which Yahoo declined to implement. This resulted in imposing of a blanket blocking of all Yahoo Groups pages across ISPs in India during September 2003. By November, Yahoo decided to close down the mailing list, and the blanket blocking was repealed [Tanna 2004]. Further blocking of several blogs and websites continued through 2006 and 2007, where the government decided to work in collaboration with various platforms offering hosted blog and personal webpage services to remove access to specific sub-domains. In resistance to this series of blocking orders by the government, there emerged an important civil society campaign titled 'Bloggers Against Censorship' led by Bloggers Collective Group, a distributed network of bloggers from all across India [Bloggers 2006].

A few weeks after the IGF Hyderabad, the Government of India passed the Information Technology (Amendment) Act 2008 on 22 December 2008 [MoLaJ 2009], although it was notified and enforced much later on 27 October 2009 [MoCaIT 2009]. This amendment attempted to clarify various topics left under-defined in the Information Technology Act of 2000. However, as Pranesh Prakash of the Centre for Internet and Society noted, the casual usage of the term 'offensive content' in the amendment opened up serious threats of broad curbing of freedom of online expression under the justification that it caused 'annoyance' or 'inconvenience' [Prakash 2009]. The sections 66 and 67 of the amended Information Technology Act, which respectively address limits to online freedom of expression and legally acceptable monitoring of digital communication by government agencies, have since been severely protested against by civil society organizations across India for enabling a broad-brushed censorship and surveillance of the Internet in India. The section 66A has especially allowed the government to make a series of arrests of Internet users for posting and sharing 'offensive content' [Pahwa 2015].

In 2011, the Government of India introduced another critical piece of policy instrument for controlling online expressions – the Information Technology (Intermediary Guidelines) Rules, 2011 [MoCaIT 2011] – targeted at defining the functions of the intermediaries associated with Internet-related services and communication, and how they are to respond to government's directives towards taking down and temporary blocking of digital content. The draft Rules were published in early 2011 and comments were invited from the general public. One of the responses, submitted by Privacy India and the Centre for Internet and Society, explicitly highlighted the draconian implications of the (then) proposed rules:

This rule requires an intermediary to immediately take steps to remove access to information merely upon receiving a written request from “any authority mandated under the law”. Thus, for example, any authority can easily immunize itself from criticism on the internet by simply sending a written notice to the intermediary concerned. This is directly contrary to, and completely subverts the legislative intent expressed in Section 69B which lays down an elaborate procedure to be followed before any information can be lawfully blocked. [Prakash 2011]

The policy apparatus of controlling online expression in India took its full form by the beginning of the decade under study here. The 'chilling effect' of this apparatus was made insightfully evident by a study conducted by Rishabh Dara at the Centre for Internet and Society, where fake takedown notices (regarding existing digital content) were sent to 7 important Internet intermediaries operating in India, and their responses were studied. The results of this experiment demonstrated that:

[T]he Rules create uncertainty in the criteria and procedure for administering the takedown thereby inducing the intermediaries to err on the side of caution and over-comply with takedown notices in order to limit their liability; and as a result suppress legitimate expressions. Additionally, the Rules do not establish sufficient safeguards to prevent misuse and abuse of the takedown process to suppress legitimate expressions. [Dara 2012]

Reference

[Bloggers 2006] Bloggers Collective Group, Bloggers Against Censorship. Last updated on April 30, 2009‎. Accessed on July 08, 2015, from http://censorship.wikia.com/wiki/Bloggers_Against_Censorship.

[Dara 2012] Dara, Rishabh, Intermediary Liability in India: Chilling Effects on Free Expression on the Internet. The Centre for Internet and Society. April 27. Accessed on July 08, 2015, from http://cis-india.org/internet-governance/chilling-effects-on-free-expression-on-internet.

[DEF] Digital Empowerment Foundation (DEF). Community Information Resource Centre. Accessed on July 08, 2015, from http://defindia.org/circ-2/.

[DEF b] Digital Empowerment Foundation (DEF). Internet Rights. Accessed on July 08, 2015, from http://internetrights.in/.

[DEF c] Digital Empowerment Foundation (DEF). Our Story. Accessed on July 08, 2015, from http://defindia.org/about-def/.

[DEF d] Digital Empowerment Foundation (DEF). Manthan Awards. Accessed on July 08, 2015, from http://defindia.org/manthan-award-south-asia-masa/.

[FSFI] Free Software Foundation of India. Accessed on July 08, 2015, from http://fsf.org.in/.

[FSMI] Free Software Movement of India. Accessed on July 08, 2015, from http://www.fsmi.in/node.

[Gurumurthy 2001] Gurumurthy, Anita, A Gender Perspective to ICTs and Development: Reflections towards Tunis. January 15. Accessed on July 08, 2015, from http://www.worldsummit2003.de/en/web/701.htm.

[Gurumurthy 2005] Gurumurthy, Anita, and Parminder Jeet Singh, WSIS PrepCom 2: A South Asian Perspective. Association for Progressive Communications. April 01. Accessed on July 08, 2015, from https://www.apc.org/en/news/hr/world/wsis-prepcom-2-south-asian-perspective.

[Gurumurthy 2006] Gurumuthy, Anita et al (eds.), Gender in the Information Society: Emerging Issues. UNDP Asia-Pacific Development Information Programme. Accessed on July 08, 2015, from http://www.genderit.org/sites/default/upload/GenderIS.pdf.

[India-GII 2001] India-GII, Status of VSNL Censorship of IP-Telephony Sites. Accessed on July 08, 2015, from http://members.tripod.com/~india_gii/statusof.htm.

[India-GII 2005] India-GII. 2005. Last modified on May 24. Accessed on July 08, 2015, from http://india-gii.org/.

[IDP] Internet Democracy Project. Accessed on July 08, 2015, from http://internetdemocracy.in/.

[ITU 2003] International Telecommunication Union (ITU), Geneva Phase of the WSIS: List of Participants. Accessed on July 08, 2015, from http://www.itu.int/wsis/docs/geneva/summit_participants.pdf.

[ITU 2005] International Telecommunication Union (ITU), List of Participants (WSIS) – Update 5 Dec 2005. Accessed on July 08, 2015, from http://www.itu.int/wsis/docs2/tunis/final-list-participants.pdf.

[ITU 2005 b] International Telecommunication Union (ITU), Tunis Agenda for the Information Society. November 18. Accessed on July 08, 2015, from http://www.itu.int/wsis/docs2/tunis/off/6rev1.pdf.

[IGF 2008] Internet Governance Forum, Hyderabad Provisional List of Participants. Accessed on July 08, 2015, from http://www.intgovforum.org/cms/index.php/component/content/article/385-hyderabad-provisional-list-of-participants.

[IGF 2009] Internet Governance Forum, Managing Critical Resources. IGF Sharm El Sheikh, Egypt . November 16. Accessed on July 08, 2015, from http://www.intgovforum.org/cms/2009/sharm_el_Sheikh/Transcripts/Sharm%20El%20Sheikh%2016%20November%202009%20Managing%20Critical%20Internet%20Resources.pdf.

[Bangalore] Internet Society Bangalore Chapter. Accessed on July 08, 2015, from http://www.isocbangalore.org/.

[Delhi] Internet Society Delhi Chapter. Accessed on July 08, 2015, from http://www.isocbangalore.org.

[Chennai] Internet Society Chennai Chapter. Accessed on July 08, 2015, from http://www.isocbangalore.org.

[Kolkata] Internet Society Kolkata Chapter. Accessed on July 08, 2015, from http://isockolkata.in/.

[Trivandrum] Internet Society Trivandrum Chapter. Accessed on July 08, 2015, from http://www.internetsociety.org/what-we-do/where-we-work/chapters/india-trivandrum-chapter.

[ITfC] IT for Change, About IT for Change. Accessed on July 08, 2015, from http://www.itforchange.net/aboutus.

[ITfC b] IT for Change, Anita Gurumurthy. Accessed on July 08, 2015, from http://www.itforchange.net/Anita.

[ITfC c] IT for Change, Gender and Citizenship in the Information Society: Southern Feminist Dialogues in Practice and Theory. Accessed on July 08, 2015, from http://www.gender-is-citizenship.net/.

[ITfC d] IT for Change, Internet Governance. Accessed on July 08, 2015, from http://www.itforchange.net/Techgovernance.

[ITfC e] IT for Change, Our Field Centre. Accessed on July 08, 2015, from http://www.itforchange.net/field_centre.

[JNC] Just Net Coalition (JNC). Accessed on July 08, 2015, from http://justnetcoalition.org/.

[Kumar 2007] Kumar, Sasi V. 2007. The Story of Free Software in Kerala, India. Accessed on July 08, 2015, from http://swatantryam.blogspot.in/2007/08/story-of-free-software-in-kerala-india.html.

[MoLaJ 2009] Ministry of Law and Justice (MoLaJ), The Information Technology (Amendment) Act, 2008. The Gazette of India. February 05. Accessed on July 08, 2015, from http://deity.gov.in/sites/upload_files/dit/files/downloads/itact2000/it_amendment_act2008.pdf.

[MoCaIT 2009] Ministry of Communications and Information Technology (MoCaIT), Notification. The Gazette of India. October 27. Accessed on July 08, 2015, from http://deity.gov.in/sites/upload_files/dit/files/downloads/itact2000/act301009.pdf.

[MoCaIT 2011] Ministry of Communications and Information Technology (MoCaIT), Information Technology (Intermediaries Guidelines) Rules, 2011. The Gazette of India. April 11. Accessed on July 08, 2015, from http://deity.gov.in/sites/upload_files/dit/files/GSR314E_10511%281%29.pdf.

[Noronha 2002] Noronha, Frederick, Linking a Diverse Country: Mailing Lists in India. The Digital Development Network. May 22. Accessed on July 08, 2015, from http://www.comminit.com/ict-4-development/content/linking-diverse-country-mailing-lists-india.

[Pahwa 2015] Pahwa, Nikhil, A List of Section 66A Arrests in India through the Years. Medianama. March 24. Accessed on July 08, 2015, from http://www.medianama.com/2015/03/223-section-66a-arrests-in-india/.

[Prakash 2009] Prakash, Pranesh, Short Note on IT Amendment Act, 2008 . The Centre for Internet and Society. February. Accessed on July 08, 2015, from http://cis-india.org/internet-governance/publications/it-act/short-note-on-amendment-act-2008/.

[Prakash 2011] Prakash, Pranesh, CIS Para-wise Comments on Intermediary Due Diligence Rules, 2011. The Centre for Internet and Society. Accessed on July 08, 2015, from http://cis-india.org/internet-governance/blog/intermediary-due-diligence.

[Prakash 2011 b] Prakash, Pranesh, et al, Open Government Data Study. The Centre for Internet and Society. Accessed on July 08, 2015, from http://cis-india.org/openness/blog/open-government-data-study.

[SFLC] Software Freedom Law Centre (SFLC). Accessed on July 08, 2015, from http://sflc.in/.

[Shah 2011] Shah, Nishant. 2011. Digital AlterNatives with a Cause? The Centre for Internet and Society. Accessed on July 08, 2015, from http://cis-india.org/digital-natives/blog/dnbook.

[Singh 2011] Singh, Dushyant, India's Proposal for a United Nations Committee for Internet-Related Policies. Sixty Sixth Session of the UN General Assembly, New York. October 26. Accessed on July 08, 2015, from http://www.itforchange.net/sites/default/files/ItfC/india_un_cirp_proposal_20111026.pdf.

[SKC] Society for Knowledge Commons. About Us. Accessed on July 08, 2015, from http://www.knowledgecommons.in/about-us/.

[Asia Source] Tactical Technology Collective, Asia Source. Accessed on July 08, 2015, from https://tacticaltech.org/asiasource.

[Tanna 2004] Tanna, Ketan, Internet Censorship in India: Is It Necessary and Does It Work?. Sarai-CSDS Independent Fellowship. Accessed on July 08, 2015, from http://www.ketan.net/INTERNET_CENSORSHIP_IN_INDIA.html.

[CIS] The Centre for Internet and Society. About Us. Accessed on July 08, 2015, from http://cis-india.org/about/.

[CIS 2008] The Centre for Internet and Society. 2008. Annual Report. Accessed on July 08, 2015, from http://cis-india.org/accessibility/annual-report-2008.pdf.

[Sarai 2005] The Sarai Programme, Contested Commons, Trespassing Publics. January 12. Accessed on July 08, 2015, from http://sarai.net/contested-commons-trespassing-publics/.

[Wikipedia 2015] Satish Babu. Wikipedia. Last modified on June 25. Accessed on July 08, 2015, from https://en.wikipedia.org/wiki/Satish_Babu.

For more details visit https://cis-india.org/raw/civil-society-organisations-and-internet-governance-in-india-open-review

Civil Society Organisations and Internet Governance in Asia - Open Review

sumandro — 2015-11-13T05:54:33Z

This is a book section written for the third volume (2000-2010) of the Asia Internet History series edited by Prof. Kilnam Chon. The pre-publication text of the section is being shared here to invite suggestions for addition and modification. Please share your comments via email sent to raw[at]cis-india[dot]org with 'Civil Society Organisations and Internet Governance in Asia - Comments' as the subject line. This text is published under Creative Commons Attribution-NoDerivatives 4.0 International license.

You are most welcome to read the pre-publication drafts of other sections of the Asia Internet History Vol. 3, and share your comments: https://sites.google.com/site/internethistoryasia/book3.

Preparations for the World Summit on the Information Society

The World Summit on the Information Society (WSIS) conferences organized by the United Nations in Geneva (2003) and Tunis (2005) initiated crucial platforms and networks, some temporary and some continued, for various non-governmental actors to intensively and periodically take part in the discussions of governance of Internet and various related activities towards the goals of inclusive development and human rights. Many of the civil society organizations taking part in the WSIS conferences, as well as the various regional and thematic preparatory meetings and seminars, had little prior experience in the topic of Internet governance. They were entering these conversations from various perspectives, such as local developmental interventions, human and cultural rights activism, freedom and diversity of media, and gender and social justice. With backgrounds in such forms of applied practice and theoretical frameworks, members of these civil society organizations often faced a difficult challenge in articulating their experiences, insights, positions, and suggestions in terms of the (then) emerging global discourse of Internet governance and that of information and communication technologies (ICTs) as instruments of development. At the WSIS: An Asian Response Meeting in 2002, Susanna George, (then) Executive Director of Isis International, Manila, succinctly expressed this challenge being faced by the members of civil society organizations:

For some feminist activists however, including myself, it has felt like trying to squeeze my concerns into a narrow definition of what gender concerns in ICTs are. I would like it to Cinderella’s ugly sister cutting off her toe to fit into the dainty slipper of gender concerns in ICTs. The development ball, it seems, can only accommodate some elements of what NGO activists, particularly those from the South, are concerned about in relation to new information and communications technologies. (George 2002)

The above mentioned seminar, held in Bangkok, Thailand, on November 22-24, 2002, was a crucial early meeting for the representatives from Asian civil society organizations to share and shape their understanding and positions before taking part in the global conversations during the following years. The meeting was organised by Bread for All (Switzerland), Communication Rights in the Information Society Campaign (Netherlands), Forum-Asia (Thailand), and World Association for Christian Communication (United Kingdom), as a preparatory meeting before the Asia-Pacific Regional Conference of WSIS, with 34 organizations from 16 Asian countries taking part in it. The Final Document produced at the end of this seminar was quite a remarkable one. It highlighted the simultaneity of Asia as one of the global centres of the information economy and the everyday reality of wide-spread poverty across the Asian countries, and went on to state that the first principle for the emerging global information society should be that the '[c]ommunication rights are fundamental to democracy and human development' (The World Summit on the Information Society: An Asian Response 2002). It proposed the following action items for the efforts towards a global inclusive information society: 1) strengthen community, 2) ensure access, 3) enhance the creation of appropriate content, 4) invigorate global governance, 5) uphold human rights, 6) extend the public domain, 7) protect and promote cultural and linguistic diversity, and 8) ensure public investment in infrastructure (ibid.).

Immediately after this Conference, several Asian civil society organizations attended the Asian Civil Society Forum, organised as part of the Conference of Non-governmental Organizations in Consultative Relations with the United Nations (CONGO), held in Bangkok, Thailand, during December 9-13, 2002. Representatives of Dhaka Ahsania Mission (Bangladesh), OneWorld South Asia (India), GLOCOM (Japan), Foundation for Media Alternative (Philippines), Korean Progressive Network – JINBONET (Republic of Korea), Friedrich Naumann Foundation (Singapore), International Federation of University Women (Switzerland), and Forum Asia (Regional) drafted a Joint Statement emphasising that a 'broad-based participation of civil society, especially from those communities which are excluded, marginalized and severely deprived, is critical in defining and building such a [true communicative, just and peaceful] society' (Aizu 2002). In the very next month, the Asia-Pacific Regional Conference was held in Tokyo during January 13-15, 2003, 'to develop a shared vision and common strategies for the “Information Society' (WSIS Executive Secretariat 2003: 2). The conference saw participation of representatives from 47 national governments, 22 international organizations, 54 private sector agencies, and 116 civil society organizations across the Asia-Pacific region. The Tokyo Declaration, the final document prepared at the conclusion of the Conference, recognized that:

[T]he Information Society must ... facilitate full utilization of information and communication technologies (ICT) at all levels in society and hence enable the sharing of social and economic benefits by all, by means of ubiquitous access to information networks, while preserving diversity and cultural heritage. (Ibid.: 2)

Further, it highlighted the following priority areas of action: 1) infrastructure development, 2) securing affordable, universal access to ICTs, 3) preserving linguistic and cultural diversity and promoting local content, 4) developing human resources, 5) establishing legal, regulatory and policy frameworks, 6) ensuring balance between intellectual property rights (IPR) and public interest, 7) ensuring the security of ICTs, and 8) fostering partnerships and mobilizing resources. It is not difficult to see how the focus of necessary actions shifted from an emphasis on concerns of community and human rights, and public investments and commons, towards those of legal and policy mechanisms, multi-partner delivery of services, and intellectual property rights. Civil society organizations, expectedly, felt sidelined in this Conference, and decided to issue a join statement of Asian civil society organizations to ensure that their positions are effectively presented. The first two topics mentioned in this document were: 1) '[c]ommunication rights should be fully recognized as a fundamental and universal human right to be protected and promoted in the information society,' and 2) '[t]he participation of civil society in the information society at all levels should be ensured and sustained, from policy planning to implementation, monitoring and evaluation' (UNSAJ et al 2003). The joint statement was endorsed by 30 civil society organizations: UDDIPAN (Bangladesh); COMFREL (Cambodia); ETDA (East Timor); The Hong Kong Council of Social Services (Hong Kong); Food India, IT for Change (India); Indonesian Infocom Society (Indonesia); Active Learning, CPSR, Forum for Citizens' Television and Media, JTEC, Kyoto Journal, Ritsumeikan University Media Literacy Project, UNSAJ (Japan); Computer Association Nepal, Rural Area Development Programme (Nepal); APC Women's Networking Support Programme, Foundation for Media Alternatives, ISIS International (Philippines); Citizens' Action Network, Korean Progressive Network – Jinbonet, Labor News Production, ZAK (Republic of Korea); e-Pacificka Consulting (Samoa); National University of Singapore (Singapore); Public Television Service, Taiwan Association for Human Rights (Taiwan); Asian-South Pacific Bureau for Adult Education, FORUM ASIA, and TVE Asia Pacific (Regional) (Ibid.).

Participation in the WSIS Process

The first WSIS conference was held in Geneva in December 2003. Through the processes of organizing this conference, and the second one in Tunis in November 2005, United Nations expressed a clear intention of great participation of actors from the private companies, civil society, academia, and media, along with the governmental organizations. During the first meeting of the WSIS Preparatory Committee (PrepCom-1) in Geneva, during July 1-5, 2002, the civil society organizations demanded that they should be allowed to co-shape the key topics to be discussed during the first conference (2003). There was already an Inter-Governmental Subcommittee on Contents and Themes, but no equivalent platform for the civil society organizations was available. With the approval of the Civil Society Plenary (CSP), the Civil Society Subcommittee on Content and Themes (WSIS-SCT) was instituted during PrepCom-1 (WSIS-SCT 2003b). At the second WSIS Preparatory Committee meeting (PrepCom-2) in Geneva, during February 17-28, 2003, the WSIS-SCT produced a summary of the views of its members titled 'Vision and Principles of Information and Communication Societies,' and also a one page brief titled 'Seven Musts: Priority Principles Proposed by Civil Society' to be used for lobbying purposes (Ibid.). This brief mentioned seven key principles of Internet governance identified by the civil society organization taking part in the WSIS process: (1) sustainable development, (2) democratic governance, (3) literacy, education, and research, (4) human rights, (5) global knowledge commons, (6) cultural and linguistic diversity, and (7) information security (WSIS-SCT 2003a).

Asian civil society organizations that took part in the PrepCom-2 meeting included United Nations Association of China (China); CASP - Centre for Adivasee Studies and Peace, C2N - Community Communications Network (India); ICSORC - Iranian Civil Society Organizations Resource Center (Iran); GAWF - General Arab Women Federation (Iraq); Daisy Consortium, GLOCOM - Center for Global Communications (Japan); Association for Progressive Communication, Global Knowledge Partnership (Malaysia); Pakistan Christian Peace Foundation (Pakistan); WFEO - World Federation of Engineering Organization (Palestine); Asian South Pacific Bureau of Adult Education, Foundation for Media Alternatives, ISIS International – Manila (Philippines); Korean Progressive Network - Jinbonet (Republic of Korea); IIROSA - International Islamic Relief Organization (Saudi Arabia); and Taking IT Global (India, Indonesia, Malaysia, Philippines, and Turkey) (ITU 2003a).

All these efforts led to development of the Civil Society Declaration to the World Summit on the Information Society, which was prepared and published by the Civil Society Plenary at the Geneva conference, on December 08, 2003. The Declaration was titled 'Shaping Information Societies for Human Needs' (WSIS Civil Society Plenary 2003). The Asian civil society organization that took part in the Geneva conference were BFES - Bangladesh Friendship Education Society, Drik, ICTDPB - Information & Communication Technology Development Program, Proshika - A Center for Human Development (Bangladesh); China Society for Promotion of the Guangcai Programme, Chinese People's Association for Friendship with Foreign Countries, United Nations Association of China (China); The Hong Kong Council of Social Service (Hong Kong); CASP - Centre for Adivasee Studies and Peace, Childline India Foundation / Child Helpline International, DAWN - Development Alternatives with Women for a New Era (India); Communication Network of Women's NGOs in Iran, Green front of Iran, ICTRC - Iranian Civil Society Organizations Training and Research Center, Islamic Women's Institute of Iran, Institute for Women's Studies and Research, Organization for Defending Victims of Violence (Iran); ILAM - Center for Arab Palestinians in Israel (Israel); Citizen Digital Solutions, Forum for Citizens' Television and Media, GLOCOM - Center for Global Communications, JCAFE - Japan Computer Access for Empowerment, Soka Gakkai International (Japan); LAD-Nepal - Literary Academy for Dalit of Nepal (Nepal); Asia-Pacific Broadcasting Union, Global Knowledge Partnership (Malaysia); PAK Educational Society / Pakistan Development Network, SMEDA - Small & Medium Enterprise Development Authority (Pakistan); Palestine IT Association of Companies (Palestine); Isis International – Manila, Ugnayan ng Kababaihan sa Pulitika / Philippine Women's Network in Politics and Governance (Philippines); Citizen's Alliance for Consumer Protection of Korea, Korean Civil Society Network for WSIS (Republic of Korea); Youth Challenge (Singapore); Association for Progressive Communications (India and Philippines), CITYNET - Regional Network of Local Authorities for the Management of Human Settlements (India. Mongolia, and Philippines), Taking IT Global (India and Philippines) (ITU 2003b).

As the preparatory meetings and consultations towards the second WSIS conference advanced during the next year, the Asian civil society organizations attempted to engage more directly with the global Internet governance processes on one hand, and the national Internet and ICT policy situations on the other. Writing about their encounters at and before the second Preparatory Committee meeting of the Tunis conference, held in Geneva during February 17-25, 2005, Anita Gurumurthy and Parminder Jeet Singh made several early observations that have continued to resonate with the experiences of Asian civil society organizations throughout the decade (Gurumurthy & Singh 2005). Firstly, they indicated that the government agencies present in the dialogues tend to take diverging positions in international events and domestic contexts. Secondly, there was a marked absence of formal and informal discussions between the governmental and the civil society representatives of the same country present at the meeting. The government agencies were clearly disinterested in involving civil society organizations in the process. Thirdly, the civil society actors present in the meeting were mostly from the ICT for Development sector, and the organizations working in more 'traditional' sectors – such as education, health, governance reform, etc. – remained absent from the conversations. This is especially problematic in the case of such developing countries where there does not exist strategic linkages between civil society organizaions focusing on topics of technologized developmental interventions, and those involved in more 'traditional' development practices. Rekha Jain, in a separate report on the Indian experience of participating in the WSIS process, re-iterates some of these points (Jain 2006). She notes that '[w]hile the Secretary, [Department of Telecommunications, Government of India] was involved in (PrepCom-1) drafting the initial processes for involvement of NGOs, at the national level, this mechanism was not translated in to a process for involving the civil society or media' (Ibid.: 14).

The frequent lack of interest of national governments, especially in the Asian countries, to engage with civil society organizations on matters of policies and projects in Internet governance and ICTs for development (Souter 2007), further encouraged these organization to utilise the global discussion space opened up by the WSIS process to drive the agendas of democratisation of Internet governance processes, and protection and advancement of human rights and social justice. The second WSIS conference held in Tunis, during November 16-18, 2005, however, did not end in a positive note for the civil society organizations as a whole. The sentiment is aptly captured in the title of the Civil Society Statement issued after the Tunis Conference: 'Much more could have been achieved' (WSIS Civil Society Plenary 2005). Apart from producing this very important critical response to the WSIS process, within a month of its conclusions, the civil society organization contributed effectively in one of the more longer-term impacts of the process – the establishment of the Internet Governance Forums (IGFs). Immediately after the publication of the Report of the Working Group on Internet Governance (Desai et al) in June 2005, the Center for Global Communications (GLOCOM), Japan, acting on behalf of the Civil Society Internet Governance Caucus, came forward with public support for 'the establishment of a new forum to address the broad agenda of Internet governance issues, provided it is truly global, inclusive, and multi-stakeholder in composition allowing all stakeholders from all sectors to participate as equal peers' (WSIS Civil Society Internet Governance Caucus 2005: 3).

Asian Civil Society Organizations at the IGFs

In 2006, the WSIS Civil Society Internet Governance Caucus was reformed and established as a permanent 'forum for discussion, advocacy, action, and for representation of civil society contributions in Internet governance processes' (Civil Society Internet Government Caucus 2006). Representatives from Asian civil society organizations have consistently played critical roles in the functionings of this Caucus. Youn Jung Park of the Department of Technology and Society, SUNY Korea, co-founded and co-coordined the original Caucus in 2003. Adam Peake of the Center for Global Communications (GLOCOM), International University of Japan, was co-coordinator of the original Caucus from 2003 to 2006. Parminder Jeet Sing of IT for Change, India, was elected as one of the co-cordinators of the newly reformed Caucus in 2006, with the term ending in 2008. Izumi Aizu of the Institute for HyperNetwork Society and the Institute for InfoSocinomics, Tama University, Japan served as the co-coordinator of the Caucus during 2010-2012.

The first Internet Governance Forum organized in Athens, October 30 – November 2, 2006, saw participation from a very few Asian civil society organizations, mostly from Bangladesh and Japan (IGF 2006). The second Internet Governance Forum in Rio de Janeiro, November 12-15, 2007 had a wider representation from Asian civil society organizations: Bangladesh NGOs Network for Radio and Communication, BFES - Bangladesh Friendship Education Society, VOICE – Voices for Interactive Choice and Empowerment (Bangladesh); China Association for Science and Technology, Internet Society of China (China); University of Hong Kong (Hong Kong); Alternative Law Forum (via Association for Progressive Communications - Women's Networking Support Programme), Indian Institute of Technology in Delhi, IT for Change (India); GLOCOM, Kumon Center, Tama University (Japan); Sustainable Development Networking Programme (Jordan); Kuwait Information Technology Society (Kuwait); Assocation of Computer Engineers – Nepal, Rural Area Development Programme, Nepal Rural Information Technology Development Society (Nepal); Bytesforall – APC / Pakistan, Pakistan Christian Peace Foundation (Pakistan); Foundation for Media Alternatives, Philippine Resources for Sustainable Development Inc. (Philippines); and LIRNEasia (Sri Lanka). At the Open IGF Consultations in Geneva, on February 26 2008, the Internet Governance Caucus made two significant submissions: 1) that, although structuring the IGF sessions in Athens and Rio de Janeiro around the large themes of access, openness, diversity, and security have been useful to open up the multi-stakeholder dialogues, it is necessary to begin focused discussions of specific public policy issues to take the IGF process forward (Civil Society Internet Governance Caucus 2008a), and 2) that the Multi-Stakeholder Advisory Group (MAG), which drives the IGF process and events, should be made more proactive and transparent, and expanded in size so as to better include the different stakeholder groups who may self-identify their representatives for the MAG (Civil Society Internet Governance Caucus 2008b).

On one hand, the IGF Hyderabad, December 3-6, 2008, experienced a decline in the percentage of participants from civil society organizations and a rather modest increase in the percentage of participants from Asian countries (see: 6.1.5. Annexe – Tables), especially since this was the first major international Internet governance summit held in an Asian country. On the other hand, the Civil Society Internet Governance Caucus succeeded to bring forth the term 'enhanced cooperation,' as mentioned in the Tunis Agenda, to be addressed and discussed in one of the main sessions of the Forum (IGF 2008). The next IGF held in Sharm El Sheikh, November 15-18, 2009, saw further decline of participation from both the representatives of civil society organizations, and the attendees from Asian countries (see: 6.1.5. Annexe – Tables). In this context, Youn Jung Park made the following statement in the Stock Taking session of the summit:

As a cofounder of WSIS Civil Society Internet Governance Caucus in 2003, I would like to remind you ... [that] Internet Governance Forum was created as a compromise between those who supported the status quo Internet governance institution under one nation's status provision, and those who requested for more balanced roles for governments under international supervision of the Internet. While IGF has achieved a great success of diluting of such political tension between those who have different views of how to institutionalize Internet governance, ironically Internet governance forum became a forum without governance... [We] have to admit [that] IGF failed to deliver another mandate of the U.N. WSIS: Continuing discussion of how to design Internet governance institutions... The current IGF continues to function as knowledge transfer of ICANN's values to other stakeholders, while those who want to discuss and negotiate on how to design Internet governance institutions should have another platform for that specific U.N. WSIS mandate. (IGF 2009)

The first Asia Pacific Regional Internet Governance Forum (APrIGF) was held in Hong Kong on June 14-16, 2010. The organising committee included three civil society / acadmic organizations – Center for Global Communications (GLOCOM), Internet Society Hong Kong, and National University of Singapore – and three indpendent experts – Kuo-Wei Wu (Taiwan), Norbert Klein (Cambodia), and Zahid Jamil (Pakistan). Though the Forum had dominant presence from government and private sector participants, several representatives from Asian civil society / academic organizations spoke at the sessions: Ang Peng Hwa (Singapore Internet Research Centre, Nanyang Technological University), Charles Mok (Internet Society Hong Kong), Christine Loh (Civic Exchange), Chong Chan Yau (Hong Kong Blind Union), Clarence Tsang (Christian Action), Ilya Eric Lee (Taiwan E-Learning and Digital Archives Program, and Research Center for Information Technology Innovation), Izumi Aizu (Institute for HyperNetwork Society, and Institute for InfoSocinomics, Kumon Center, Tama University), Oliver “Blogie” Robillo (Mindanao Bloggers Community), Parminder Jeet Singh (IT for Change), Priscilla Lui (Against Child Abuse in Hong Kong), Tan Tin Wee (Centre for Internet Research, National University of Singapore), and Yap Swee Seng (Asian Forum for Human Rights and Development). As Ang Peng Hwa noted at the beginning of the summit, its key objective was to provide a formal space for various stakeholders from the Asia-Pacific region to discuss and provide inputs to the IGF process (APrIGF 2010). The regional forum was successful in enabling newer civil society entrants from the Asia-Pacific region to familiarize themselves with the IGF process, and to contribute to it. Oliver “Blogie” Robillo, represented and submit recommendations from Southeast Asian civil society organizations at IGF Vilnius, September 14-17, 2010, which was the first time he took part in the summit series. He emphasised the following topics: 1) openness and freedom of expression are the basis of democracy, and state-driven censorship of Internet in the region is an immediate threat to such global rights, 2) coordinated international efforts need to address and resolve not only global digital divides, but also the divides at regional, national, and sub-nationals scales, 3) the right to privacy is an integral part of cybersecurity, as well as a necessary condition for exercising human rights, 4) global Internet governance efforts must ensure that national governments do not control and restrict abilities of citizens to express through digital means, and it should be aligned with the universal human rights agenda, and 5) even after 5 years of the IGF process, a wider participation of civil society organizations, especially from the Asia-Pacific regions, remains an unachieved goal, which can only be achived if specific resources are allocated and processes are implemented (IGF 2010).

Internet Censorship and Civil Society Responses

Throughout the decade of 2000-2010, censorship of Internet and restriction of digital expression remained a crucial Internet rights concern across the world, and especially the Asian countries. One of the earliest global reports on the matter was brought out by the Reporters without Borders. In 2006, it published a list of countries marked as 'Internet Enemies' that featured 16 countries, out of which 11 were from Asia: China, Iran, Maldives, Myanmar (then, Burma), Nepal, North Korea, Saudi Arabia, Syria, Turkmenistan, Uzbekistan, and Vietnam (Reporters without Borders 2006). The list was updated in 2007, and three of these countries – Libya, Maldives, and Nepal – were taken off (Ibid.). The unique contradictions of the Asian region were sharply foregrounded in the 2006-07 report on Internet censorship by OpenNet Initiative, which noted:

Some of the most and least connected countries in the world are located in Asia: Japan, South Korea, and Singapore all have Internet penetration rates of over 65 percent, while Afghanistan, Myanmar, and Nepal remain three of thirty countries with less than 1 percent of its citizens online. Among the countries in the world with the most restricted access, North Korea allows only a small community of elites and foreigners online. Most users must rely on Chinese service providers for connectivity, while the limited number North Korean–sponsored Web sites are hosted abroad... [T]hough India’s Internet community is the fifth largest in the world, users amounted to only about 4 percent of the country’s population in 2005. Afghanistan, Myanmar, and Nepal are among the world’s least-developed countries. Despite the constraints on resources and serious developmental and political challenges, however, citizens are showing steadily increasing demand for Internet services such as Voice-over Internet Protocol (VoIP), blogging, and chat. (Wang 2007)

The report further described the strategy used by various Asian governments of 'delegation of policing and monitoring responsibilities to ISPs, content providers, private corporations, and users themselves' (Ibid.) These mechanisms enforce self-surveillance and self-censorship in the face of threats of loss of commercial license, denial of services, and even criminal liability. Defamation suits and related civil and criminal liability have also been used by several Asian governments to silence influential critics and protesters. Direct technical filtering of Internet traffic (especially inwards traffic) and blocking of URLS via government directives sent to Internet Service Providers (ISPs) have also been common practice in key Asian countries (Ibid.). Expectedly, such experiences of oppression led to widespread campaigns and communications by the Asian civil society organizations, as can be sensed from the above mentioned submission by Oliver “Blogie” Robillo at IGF Vilnius.

Among the Asian countries, the comprehensive technologies of censorship developed and deployed by China has been studied most extensively. The Golden Shield Project was initiated by the Ministry of Public Security of China in 1998 to undertake blanket blocking of incoming Internet traffic based on specific URLs and terms. Evidences of the project getting operationalised became available in 2003 (Garden Networks for Freedom of Information 2004). Censorship of Internet in China, however, has not only been dependent on such sophisticated systems. In 2003, it was made mandatory for all residents of Lhasa, Tibet, to use a specific combination and password to access Internet, which was directly linked to their names and address. An Internet ID Card was issued by the government to implement this (International Campaign for Tibet. 2004). Tibet Action Institute has been a key civil society organization at the forefront of cyber-offensive of the Chinese government. A recent documentary by the Institute, titled 'Tibet: Frontline of the New Cyberwar,' has narrated how it has worked closely with the Citizen Lab, Munk School of Global Affairs, University of Toronto, to identify, trace, and resist the malware- and other cyber-attacks experienced by the civil society actors and websites in favor of independence of Tibet (Tibet Action Institute 2015). Not only activists supporting the Tibetan cause, digital security training emerged as an important aspect of the life of civil society organizations during the decade. Asian organizations like Bytes for All (Pakistan) and Myanmar ICT for Development Organization (Mynamar), as well as international organizations like Front Line Defenders and Citizen Lab have educated and supported civil society activities much beyond the Internet governance sphere with tools and techniques for effectively using digital channels of communications, and defending themselves for cyber-threats.

Combination of traditional forms of civil society mobilizations and digital techniques have often been used resist attempts by Asian governments to control the online communication space. Huma Yusuf has extensively studied the emergence of hybrid media strategies, using both old media channels like newspapers and new media channels like blogs and video sharing platforms, among citizen journalists and civil society activists in Pakistan as the government took harsh steps towards control of both traditional and online media during 2007-2008 (Yusuf 2009). She has carefully traced how possibilities of new forms of information and media sharing enabled by Internet were initially identified and implemented by citizen journalists and student activists, which was quickly learned and re-deployed by more formal organisation, such as print and electronic news companies, and civil society organizations like those involved in election monitoring (Ibid.). Malaysia also experienced fast-accelerating face-off between the government and the civil society during 2007-2010, as the former started intervening directly into censoring blogs and newspaper websites. On one hand, the government took legal actions against critical bloggers, either directly or indirectly, and on the other it instructed ISPs to block 'offensive content.' It also borrowed the 'Singapore-model' to mandate registration of bloggers with government authorities, if they are identifed as writing on socio-political topics. The civil society actors responded to these oppressive steps by setting up a new blog dedicated to coverage of the defamation cases (filed against prominent bloggers), and publicly sharing instructions for circumvention of the blocks imposed by ISPs. The National Alliance of Bloggers was soon formed, which organised the “Blogs and Digital Democracy” forum on October 3, 2007 (Thien 2011: 46-47). Similarly, Bloggers Against Censorship campaign took shape in India in 2006 as the government first directed ISPs to block specific blogs hosted on Blogspot, TypePad, and Yahoo! Geocities, and then went for complete blocking of Yahoo! Geocities as the ISPs failed to block specific sub-domains of the platform (Bloggers Collective Group 2006). Learning from this experience, the following year Indian government decided to work directly with Orkut to take down 'defamatory content' about a politician (The Economic Times 2007). This is common for other Asian governments too, as they have continued to develop more legally binding and technically sophisticated measures to monitor and control online expression.

In the 'Internet Enemies Report 2012,' Reporters without Borders listed 12 countries as 'enemies of the Internet,' out of which 10 were from Asia – Bahrain, China, Iran, Myanmar, North Korea, Saudi Arabia, Syria, Turkmenistan, Uzbekistan, and Vietnam – and it named 14 countries that are conducting surveillance on its citizens, out of which 7 were from Asia – India, Kazakhstan, Malaysia, South Korea, Sri Lanka, Thailand, and United Arab Emirates (Reporters without Borders 2012). At the APrIGF held in Tokyo, July 18-20, 2012, a group of delegates from civil society organizations working in the South-East Asian region issued a joint statement with a clear call for global action against the shrinking space for freedom of (digital) expression in the region (Thai Netizen Network et al 2012). They specifically noted the following national acts as examples of the legislative mechanisms being used by different Asian governments to criminalize online speech and/or to harass public dissenters:

Burma – The 2004 Electronic Transactions Act
Cambodia – The 2012 Draft Cyber-Law, the 1995 Press Law, and the 2010 Penal Code
Malaysia – The 2012 Amendment to the Evidence Act and the 2011 Computing Professionals Bill
Indonesia – The 2008 Law on Information and Electronic Transaction and the 2008 Law on Pornography
The Philippines – The 2012 Data Privacy Act
Thailand – The 2007 Computer Crimes Act, the Article 112 of the Penal Code, and the 2004 Special Case Investigation Act
Vietnam – The 1999 Penal Code, the 2004 Publishing Law, the 2000 State Secrets Protection Ordinance, and the 2012 Draft Decree on Internet Management. (Ibid.)

The statement was co-signed by Thai Netizen Network, Thai Media Policy Centre, The Institute for Policy Research and Advocacy (ELSAM), Southeast Asian Press Alliance (SEAPA), Southeast Asian Centre for e-Media (SEACeM), Victorius (Ndaru) Eps, Community Legal Education Center (CLEC), Sovathana (Nana) Neang, Asian Forum for Human Rights and Development (FORUM-ASIA), and was endorsed by ICT Watch (Indonesian ICT Partnership Association).

Annexe – Tables

Table 1: Participation from Asian Countries and of representatives from Asian civil society organisations in IGFs, 2006-2010

Event	Participants from Asian Countries	Participants from Civil Society Organizations
IGF Athens 2006	11%	29%
IGF Rio de Janeiro 2007	13%	32%
IGF Hyderabad 2008	56% from India, and 15% from other Asian countries	25%
IGF Sharm El Sheikh 2009	17%	19%
IGF Vilnius 2010	Not Available	Not Available

Source: Reports available on Internet Governance Forum website (http://igf.wgig.org/cms).

Table 2: Internet Society Chapters in Asia

Chapter	Year of Establishment	URL
Afghanistan	In formation	Not available
Bahrain	2001	http://www.bis.org.bh/
Bangladesh	2011	http://www.isoc.org.bd/dhaka/
Hong Kong	2005	http://www.isoc.hk/
India (Bangalore)	2010	http://www.isocbangalore.org/
India (Chennai)	2007	http://www.isocindiachennai.org/
India (Delhi)	2002. Rejuvenated in 2008.	http://www.isocdelhi.in/
India (Kolkata)	2009	http://isockolkata.in/
India (Trivandrum)	2015	Not available
Indonesia	2014	http://www.isoc.or.id/
Israel	1995	http://www.isoc.org.il/
Japan	1994	http://www.isoc.jp/
Lebanon	2010	http://www.isoc.org.lb/
Malaysia	2010	http://www.isoc.my/
Nepal	2007	http://www.internetsociety.org.np/
Pakistan (Islamabad)	2013	http://www.isocibd.org.pk/
Palestine	2002	http://www.isoc.ps/
Philippines	1999. Rejuvenated in 2009.	https://www.facebook.com/isoc.ph/
Qatar	2011	http://www.isoc.qa/
Republic of Korea	2014	Not available
Singapore	2011	http://isoc.sg/
Sri Lanka	2010	http://www.isoc.lk/
Taipei	1996	http://www.isoc.org.tw/
Thailand	1996	http://www.isoc-th.org/
United Arab Emirates	2007	http://www.isocuae.com/
Yemen	2013	http://isoc.ye/

Source: Details of chapters available on Internet Society website (http://www.internetsociety.org/).

Reference

Aizu, Izumi et al. 2002. Joint Statement from Asia Civil Society Forum Participants on World Summit on the Information Society (WSIS). December 13. Accessed on July 08, 2015 from http://www.wsisasia.org/wsis-acsf2002/wsis-acsfdec13f.doc.

Asia Pacific Regional Internet Governance Forum (APrIGF). 2010. APrIGF Roundtable – June 15th, 2010: Session 1 – Welcome Remarks and Introduction – Real Time Transcript. Accessed on July 08, 2015 from http://2010.rigf.asia/aprigf-roundtable-june-15th-2010-session-1/.

Bloggers Collective Group. 2006. Bloggers Against Censorship. Last updated on April 30, 2009‎. Accessed on July 08, 2015, from http://censorship.wikia.com/wiki/Bloggers_Against_Censorship.

Civil Society Internet Governance Caucus. 2006. Internet Governance Caucus Charter. October 14. Accessed on July 08, 2015, from http://igcaucus.org/old/IGC-charter_final-061014.html.

Civil Society Internet Governance Caucus. 2008a. Inputs for the Open IGF Consultation, Geneva, 26th February, 2008 – Statement II: Main Session Themes for IGF, Hyderabad. February 26. Accessed on July 08, 2015, from http://igcaucus.org/old/IGC%20-%20Main%20themes%20for%20IGF%20Hyd.pdf.

Civil Society Internet Governance Caucus. 2008b. Inputs for the Open IGF Consultation, Geneva, 26th February, 2008 – Statement III: Renewal / Restructuring of Multi-stakeholder Advisory Group. February 26. Accessed on July 08, 2015, from http://igcaucus.org/old/IGC%20-%20MAG%20Rotation.pdf.

Desai, Nitin, et al. 2005. Report of the Working Group on Internet Governance. United June. Accessed on July 08, 2015 from http://www.wgig.org/docs/WGIGREPORT.pdf.

Garden Networks for Freedom of Information. 2004. Breaking through the “Golden Shield.” Open Society Institute. November 01. Accessed on July 08, 2015 from https://www.opensocietyfoundations.org/sites/default/files/china-internet-censorship-20041101.pdf.

George, Susanna. 2002. Women and New Information and Communications Technologies: The Promise of Empowerment. Presented at The World Summit on the Information Society: An Asian Response Meeting, November 22-24. Accessed on July 08, 2015 from http://www.wsisasia.org/materials/susanna.doc/.

Gurumurthy, Anita, & Parminder Jeet Singh. 2005. WSIS PrepCom 2: A South Asian Perspective. Association for Progressive Communications. April 01. Accessed on July 08, 2015, from https://www.apc.org/en/news/hr/world/wsis-prepcom-2-south-asian-perspective.

Internet Governance Forum (IGF). 2006. Athens 2006 – List of Participants. Accessed on July 08, 2015, from http://www.intgovforum.org/PLP.html.

Internet Governance Forum (IGF). 2008. Arrangements for Internet Governance, Global and National/Regional. IGF Hyderabad, India. December 5. Accessed on July 08, 2015, from https://web.archive.org/web/20130621205004/http://www.intgovforum.org/cms/hyderabad_prog/AfIGGN.html [Original URL: http://www.intgovforum.org/cms/hyderabad_prog/AfIGGN.html].

Internet Governance Forum (IGF). 2009. Taking Stock and Looking Forward – On the Desirability of the Continuation of the Forum, Part II. IGF Sharm El Sheikh, Egypt. November 18. Accessed on July 08, 2015, from http://www.intgovforum.org/cms/2009/sharm_el_Sheikh/Transcripts/Sharm%20El%20Sheikh%2018%20November%202009%20Stock%20Taking%20II.txt.

Internet Governance Forum (IGF). 2010. Taking Stock of Internet Governance and the Way Forward. IGF Vilnius, Lithuania. September 17. Accessed on July 08, 2015, from http://igf.wgig.org/cms/component/content/article/102-transcripts2010/687-taking-stock.

International Campaign for Tibet. 2004. Chinese Authorities Institute Internet ID Card System in Tibet for Online Surveillance. April 30. Accessed on July 08, 2015, from http://www.savetibet.org/chinese-authorities-institute-internet-id-card-system-in-tibet-for-online-surveillance/.

International Telecommunication Union (ITU). 2003a. PrepCom-2 / 17-28 February 2003 – Final List of Participants. February 28. Accessed on July 08, 2015, from http://www.itu.int/wsis/participation/prepcom2/prepcom2-cl.pdf.

International Telecommunication Union (ITU). 2003b. Geneva Phase of the WSIS: List of Participants. Accessed on July 08, 2015, from http://www.itu.int/wsis/docs/geneva/summit_participants.pdf.

Jain, Rekha. 2006. Participation of Developing Countries in the World Summit on the Information Society (WSIS) Process: India Case Study. Association for Progressive Communications. March. Accessed on July 08, 2015 from http://rights.apc.org/documents/wsis_india.pdf.

Reporters without Borders. 2006. List of the 13 Internet Enemies. Last updated on August 28, 2007. Accessed on July 08, 2015 from http://en.rsf.org/list-of-the-13-internet-enemies-07-11-2006,19603.

Reporters without Borders. 2012. Internet Enemies Report 2012. Accessed on July 08, 2015 from http://en.rsf.org/IMG/pdf/rapport-internet2012_ang.pdf.

Souter, David. 2007. WSIS and Civil Society. In: Whose Summit? Whose Information Society? Developing Countries and Civil Society at the World Summit on the Information Society. With additional research by Abiodun Jagun. Association for Progressive Communications. Pp. 72-89. Accessed on July 08, 2015 from http://rights.apc.org/documents/whose_summit_EN.pdf.

Thai Netizen Network et al. 2012. Southeast Asian Civil Society Groups Highlight Increasing Rights Violations Online, Call for Improvements to Internet Governance Processes in the Region. Statement of Civil Society Delegates from Southeast Asia to 2012 Asia-Pacific Regional Internet Governance Forum (APrIGF). July 31. Accessed on July 08, 2015 from https://freedomhouse.org/sites/default/files/AprIGF-Joint%20Statement-FINAL.pdf.

The Economic Times. 2007. Orkut's Tell-All Pact with Cops. May 01. Accessed on July 08, 2015 from http://articles.economictimes.indiatimes.com/2007-05-01/news/28459689_1_orkut-ip-addresses-google-spokesperson.

The World Summit on the Information Society: An Asian Response. 2002. Final Document. Accessed on July 08, 2015 from http://www.wsisasia.org/materials/finalversion.doc.

Thien, Vee Vian. 2011. The Struggle for Digital Freedom of Speech: The Malaysian Sociopolitical Blogosphere’s Experience. In: Ronald Deibert et al. (eds.) Access Contested. OpenNet Initiative. Pp. 43-63. Accessed on July 08, 2015 from http://access.opennet.net/wp-content/uploads/2011/12/accesscontested-chapter-03.pdf.

Tibet Action Institute. 2015. Tibet: Frontline of the New Cyberwar. YouTube. January 27. Accessed on July 08, 2015 from https://www.youtube.com/watch?v=yE3AQqbGVkk.

UNSAJ et al. 2003. Civil Society Observations and Response to the Tokyo Declaration. Asia-Pacific Regional Conference on the World Summit on the Information Society. January 15. Accessed on July 08, 2015 from http://www.wsisasia.org/wsis-tokyo/tokyo-statement.html.

Wang, Stephanie. 2007. Internet Filtering in Asia in 2006-2007. OpenNet Initiative. Accessed on July 08, 2015, from https://opennet.net/studies/asia2007.

WSIS Civil Society Internet Governance Caucus. 2005. Initial Reactions to the WGIG Report. Contribution from GLOCOM on behalf of the WSIS Civil Society Internet Governance Caucus. July 19. Accessed on July 08, 2015, from www.itu.int/wsis/%20docs2/pc3/contributions/co23.doc.

WSIS Civil Society Plenary. 2003. “Shaping Information Societies for Human Needs” – Civil Society Declaration to the World Summit on the Information Society. December 8. Accessed on July 08, 2015, from http://www.itu.int/wsis/docs/geneva/civil-society-declaration.pdf.

WSIS Civil Society Plenary. 2005. “Much more could have been achieved” – Civil Society Statement on the World Summit on the Information Society. December 18. Accessed on July 08, 2015, from https://www.itu.int/wsis/docs2/tunis/contributions/co13.pdf.

WSIS Civil Society Subcommittee on Content and Themes. 2003a. “Seven Musts”: Priority Principles Proposed by Civil Society. February 25. Accessed on July 08, 2015, from http://www.movimientos.org/es/foro_comunicacion/show_text.php3%3Fkey%3D1484.

WSIS Civil Society Subcommittee on Content and Themes. 2003b. Final Report on Prepcom-2 Activities of the Civil Society on Content and Themes. March 27. Accessed on July 08, 2015, from http://www.itu.int/wsis/docs/pcip/misc/cs_sct.pdf.

WSIS Executive Secretariat. 2003. Report of the Asia-Pacific Regional Conference for WSIS (Tokyo, 13-15 January 2003). WSIS. Accessed on July 08, 2015, from http://www.itu.int/dms_pub/itu-s/md/03/wsispc2/doc/S03-WSISPC2-DOC-0006!!PDF-E.pdf.

Yusuf, Huma. 2009. Old and New Media: Converging during the Pakistan Emergency (March 2007 - February 2008). MIT Centre for Civic Media. January 12. Accessed on July 08, 2015, from https://civic.mit.edu/blog/humayusuf/old-and-new-media-converging-during-the-pakistan-emergency-march-2007-february-2008.

For more details visit https://cis-india.org/raw/civil-society-organisations-and-internet-governance-in-asia-open-review

Security: Privacy, Transparency and Technology

sunil — 2015-09-15T10:53:52Z

The Centre for Internet and Society (CIS) has been involved in privacy and data protection research for the last five years. It has participated as a member of the Justice A.P. Shah Committee, which has influenced the draft Privacy Bill being authored by the Department of Personnel and Training. It has organised 11 multistakeholder roundtables across India over the last two years to discuss a shadow Privacy Bill drafted by CIS with the participation of privacy commissioners and data protection authorities from Europe and Canada.

The article was co-authored by Sunil Abraham, Elonnai Hickok and Tarun Krishnakumar. It was published by Observer Research Foundation, Digital Debates 2015: CyFy Journal Volume 2.

Our centre’s work on privacy was considered incomplete by some stakeholders because of a lack of focus in the area of cyber security and therefore we have initiated research on it from this year onwards. In this article, we have undertaken a preliminary examination of the theoretical relationships between the national security imperative and privacy, transparency and technology.

Security and Privacy

Daniel J. Solove has identified the tension between security and privacy as a false dichotomy: "Security and privacy often clash, but there need not be a zero-sum tradeoff." [1] Further unpacking this false dichotomy, Bruce Schneier says, "There is no security without privacy. And liberty requires both security and privacy." [2] Effectively, it could be said that privacy is a precondition for security, just as security is a precondition for privacy. A secure information system cannot be designed without guaranteeing the privacy of its authentication factors, and it is not possible to guarantee privacy of authentication factors without having confidence in the security of the system. Often policymakers talk about a balance between the privacy and security imperatives—in other words a zero-sum game. Balancing these imperatives is a foolhardy approach, as it simultaneously undermines both imperatives. Balancing privacy and security should instead be framed as an optimisation problem. Indeed, during a time when oversight mechanisms have failed even in so-called democratic states, the regulatory power of technology [3] should be seen as an increasingly key ingredient to the solution of that optimisation problem.

Data retention is required in most jurisdictions for law enforcement, intelligence and military purposes. Here are three examples of how security and privacy can be optimised when it comes to Internet Service Provider (ISP) or telecom operator logs:

Data Retention: We propose that the office of the Privacy Commissioner generate a cryptographic key pair for each internet user and give one key to the ISP / telecom operator. This key would be used to encrypt logs, thereby preventing unauthorised access. Once there is executive or judicial authorisation, the Privacy Commissioner could hand over the second key to the authorised agency. There could even be an emergency procedure and the keys could be automatically collected by concerned agencies from the Privacy Commissioner. This will need to be accompanied by a policy that criminalises the possession of unencrypted logs by ISP and telecom operators.
Privacy-Protective Surveillance: Ann Cavoukian and Khaled El Emam [4] have proposed combining intelligent agents, homomorphic encryption and probabilistic graphical models to provide “a positive-sum, ‘win–win’ alternative to current counter-terrorism surveillance systems.” They propose limiting collection of data to “significant” transactions or events that could be associated with terrorist-related activities, limiting analysis to wholly encrypted data, which then does not just result in “discovering more patterns and relationships without an understanding of their context” but rather “intelligent information—information selectively gathered and placed into an appropriate context to produce actual knowledge.” Since fully homomorphic encryption may be unfeasible in real-world systems, they have proposed use of partially homomorphic encryption. But experts such as Prof. John Mallery from MIT are also working on solutions based on fully homomorphic encryption.
Fishing Expedition Design: Madan Oberoi, Pramod Jagtap, Anupam Joshi, Tim Finin and Lalana Kagal have proposed a standard [5] that could be adopted by authorised agencies, telecom operators and ISPs. Instead of giving authorised agencies complete access to logs, they propose a format for database queries, which could be sent to the telecom operator or ISP by authorised agencies. The telecom operator or ISP would then process the query, and anonymise/obfuscate the result-set in an automated fashion based on applicable privacypolicies/regulation. Authorised agencies would then hone in on a subset of the result-set that they would like with personal identifiers intact; this smaller result set would then be shared with the authorised agencies.

An optimisation approach to resolving the false dichotomy between privacy and security will not allow for a total surveillance regime as pursued by the US administration. Total surveillance brings with it the ‘honey pot’ problem: If all the meta-data and payload data of citizens is being harvested and stored, then the data store will become a single point of failure and will become another target for attack. The next Snowden may not have honourable intentions and might decamp with this ‘honey pot’ itself, which would have disastrous consequences.

If total surveillance will completely undermine the national security imperative, what then should be the optimal level of surveillance in a population? The answer depends upon the existing security situation. If this is represented on a graph with security on the y-axis and the proportion of the population under surveillance on the x-axis, the benefits of surveillance could be represented by an inverted hockey-stick curve. To begin with, there would already be some degree of security. As a small subset of the population is brought under surveillance, security would increase till an optimum level is reached, after which, enhancing the number of people under surveillance would not result in any security pay-off. Instead, unnecessary surveillance would diminish security as it would introduce all sorts of new vulnerabilities. Depending on the existing security situation, the head of the hockey-stick curve might be bigger or smaller. To use a gastronomic analogy, optimal surveillance is like salt in cooking—necessary in small quantities but counter-productive even if slightly in excess.

In India the designers of surveillance projects have fortunately rejected the total surveillance paradigm. For example, the objective of the National Intelligence Grid (NATGRID) is to streamline and automate targeted surveillance; it is introducing technological safeguards that will allow express combinations of result-sets from 22 databases to be made available to 12 authorised agencies. This is not to say that the design of the NATGRID cannot be improved.

Security and Transparency

There are two views on security and transparency: One, security via obscurity as advocated by vendors of proprietary software, and two, security via transparency as advocated by free/open source software (FOSS) advocates and entrepreneurs. Over the last two decades, public and industry opinion has swung towards security via transparency. This is based on the Linus rule that “given enough eyeballs, all bugs are shallow.” But does this mean that transparency is a necessary and sufficient condition? Unfortunately not, and therefore it is not necessarily true that FOSS and open standards will be more secure than proprietary software and proprietary standards.

Optimal surveillance is like salt in cooking—necessary in small quantities but counter-productive even if slightly in excess.

The recent detection of the Heartbleed [6] security bug in Open SSL, [7] causing situations where more data can be read than should be allowed, and Snowden’s revelations about the compromise of some open cryptographic standards (which depend on elliptic curves), developed by the US National Institute of Standards and Technology, are stark examples. [8]

At the same time, however, open standards and FOSS are crucial to maintaining the balance of power in information societies, as civil society and the general public are able to resist the powers of authoritarian governments and rogue corporations using cryptographic technology. These technologies allow for anonymous speech, pseudonymous speech, private communication, online anonymity and circumvention of surveillance and censorship. For the media, these technologies enable anonymity of sources and the protection of whistle-blowers—all phenomena that are critical to the functioning of a robust and open democratic society. But these very same technologies are also required by states and by the private sector for a variety of purposes—national security, e-commerce, e-banking, protection of all forms of intellectual property, and services that depend on confidentiality, such as legal or medical services.

In order words, all governments, with the exception of the US government, have common cause with civil society, media and the general public when it comes to increasing the security of open standards and FOSS. Unfortunately, this can be quite an expensive task because the re-securing of open cryptographic standards depends on mathematicians. Of late, mathematical research outputs that can be militarised are no longer available in the public domain because the biggest employers of mathematicians worldwide today are the US military and intelligence agencies. If other governments invest a few billion dollars through mechanisms like Knowledge Ecology International’s proposed World Trade Organization agreement on the supply of knowledge as a public good, we would be able to internationalise participation in standard-setting organisations and provide market incentives for greater scrutiny of cryptographic standards and patching of vulnerabilities of FOSS. This would go a long way in addressing the trust deficit that exists on the internet today.

Security and Technology

A techno-utopian understanding of security assumes that more technology, more recent technology and more complex technology will necessarily lead to better security outcomes.

This is because the security discourse is dominated by vendors with sales targets who do not present a balanced or accurate picture of the technologies that they are selling. This has resulted in state agencies and the general public having an exaggerated understanding of the capabilities of surveillance technologies that is more aligned with Hollywood movies than everyday reality.

More Technology

Increasing the number of x-ray machines or full-body scanners at airports by a factor of ten or hundred will make the airport less secure unless human oversight is similarly increased. Even with increased human oversight, all that has been accomplished is an increase in the potential locations that can be compromised. The process of hardening a server usually involves stopping non-essential services and removing non-essential software. This reduces the software that should be subject to audit, continuously monitored for vulnerabilities and patched as soon as possible. Audits, ongoing monitoring and patching all cost time and money and therefore, for governments with limited budgets, any additional unnecessary technology should be seen as a drain on the security budget. Like with the airport example, even when it comes to a single server on the internet, it is clear that, from a security perspective, more technology without a proper functionality and security justification is counter-productive. To reiterate, throwing increasingly more technology at a problem does not make things more secure; rather, it results in a proliferation of vulnerabilities.

Latest Technology

Reports that a number of state security agencies are contemplating returning to typewriters for sensitive communications in the wake of Snowden’s revelations makes it clear that some older technologies are harder to compromise in comparison to modern technology. [9] Between iris- and fingerprint-based biometric authentication, logically, it would be easier for a criminal to harvest images of irises or authentication factors in bulk fashion using a high resolution camera fitted with a zoom lens in a public location, in comparison to mass lifting of fingerprints.

Complex Technology

Fifteen years ago, Bruce Schneier said, "The worst enemy of security is complexity. This has been true since the beginning of computers, and it’s likely to be true for the foreseeable future." [10] This is because complexity increases fragility; every feature is also a potential source of vulnerabilities and failures. The simpler Indian electronic machines used until the 2014 elections are far more secure than the Diebold voting machines used in the 2004 US presidential elections. Similarly when it comes to authentication, a pin number is harder to beat without user-conscious cooperation in comparison to iris- or fingerprint-based biometric authentication.

In the following section of the paper we have identified five threat scenarios [11] relevant to India and identified solutions based on our theoretical framing above.

Threat Scenarios and Possible Solutions

Hacking the NIC Certifying Authority
One of the critical functions served by the National Informatics Centre (NIC) is as a Certifying Authority (CA). [12] In this capacity, the NIC issues digital certificates that authenticate web services and allow for the secure exchange of information online. [13] Operating systems and browsers maintain lists of trusted CA root certificates as a means of easily verifying authentic certificates. India’s Controller of Certifying Authority’s certificates issued are included in the Microsoft Root list and recognised by the majority of programmes running on Windows, including Internet Explorer and Chrome. [14] In 2014, the NIC CA’s infrastructure was compromised, and digital certificates were issued in NIC’s name without its knowledge. [15] Reports indicate that NIC did not "have an appropriate monitoring and tracking system in place to detect such intrusions immediately." [16] The implication is that websites could masquerade as another domain using the fake certificates. Personal data of users can be intercepted or accessed by third parties by the masquerading website. The breach also rendered web servers and websites of government bodies vulnerable to attack, and end users were no longer sure that data on these websites was accurate and had not been tampered with. [17] The NIC CA was forced to revoke all 250,000 SSL Server Certificates issued until that date [18] and is no longer issuing digital certificates for the time being. [19]Public key pinning is a means through which websites can specify which certifying authorities have issued certificates for that site. Public key pinning can prevent man-in-the-middle attacks due to fake digital certificates. [20] Certificate Transparency allows anyone to check whether a certificate has been properly issued, seeing as certifying authorities must publicly publish information about the digital certificates that they have issued. Though this approach does not prevent fake digital certificates from being issued, it can allow for quick detection of misuse. [21]

‘Logic Bomb’ against Airports
Passenger operations in New Delhi’s Indira Gandhi International Airport depend on a centralised operating system known as the Common User Passenger Processing System (CUPPS). The system integrates numerous critical functions such as the arrival and departure times of flights, and manages the reservation system and check-in schedules. [22] In 2011, a logic bomb attack was remotely launched against the system to introduce malicious code into the CUPPS software. The attack disabled the CUPPS operating system, forcing a number of check-in counters to shut down completely, while others reverted to manual check-in, resulting in over 50 delayed flights. Investigations revealed that the attack was launched by three disgruntled employees who had assisted in the installation of the CUPPS system at the New Delhi Airport. [23] Although in this case the impact of the attack was limited to flight delay, experts speculate that the attack was meant to take down the entire system. The disruption and damage resulting from the shutdown of an entire airport would be extensive.

Adoption of open hardware and FOSS is one strategy to avoid and mitigate the risk of such vulnerabilities. The use of devices that embrace the concept of open hardware and software specifications must be encouraged, as this helps the FOSS community to be vigilant in detecting and reporting design deviations and investigate into probable vulnerabilities.

Attack on Critical Infrastructure
The Nuclear Power Corporation of India encounters and prevents numerous cyber attacks every day. [24] The best known example of a successful nuclear plant hack is the Stuxnet worm that thwarted the operation of an Iranian nuclear enrichment complex and set back the country’s nuclear programme. [25]

The worm had the ability to spread over the network and would activate when a specific configuration of systems was encountered [26] and connected to one or more Siemens programmable logic controllers. [27] The worm was suspected to have been initially introduced through an infected USB drive into one of the controller computers by an insider, thus crossing the air gap. [28] The worm used information that it gathered to take control of normal industrial processes (to discreetly speed up centrifuges, in the present case), leaving the operators of the plant unaware that they were being attacked. This incident demonstrates how an attack vector introduced into the general internet can be used to target specific system configurations. When the target of a successful attack is a sector as critical and secured as a nuclear complex, the implications for a country’s security and infrastructure are potentially grave.

Security audits and other transparency measures to identify vulnerabilities are critical in sensitive sectors. Incentive schemes such as prizes, contracts and grants may be evolved for the private sector and academia to identify vulnerabilities in the infrastructure of critical resources to enable/promote security auditing of infrastructure.

Micro Level: Chip Attacks
Semiconductor devices are ubiquitous in electronic devices. The US, Japan, Taiwan, Singapore, Korea and China are the primary countries hosting manufacturing hubs of these devices. India currently does not produce semiconductors, and depends on imported chips. This dependence on foreign semiconductor technology can result in the import and use of compromised or fraudulent chips by critical sectors in India. For example, hardware Trojans, which may be used to access personal information and content on a device, may be inserted into the chip. Such breaches/transgressions can render equipment in critical sectors vulnerable to attack and threaten national security. [29]

Indigenous production of critical technologies and the development of manpower and infrastructure to support these activities are needed. The Government of India has taken a number of steps towards this. For example, in 2013, the Government of India approved the building of two Semiconductor Wafer Fabrication (FAB) manufacturing facilities [30] and as of January 2014, India was seeking to establish its first semiconductor characterisation lab in Bangalore. [31]

Macro Level: Telecom and Network Switches

The possibility of foreign equipment containing vulnerabilities and backdoors that are built into its software and hardware gives rise to concerns that India’s telecom and network infrastructure is vulnerable to being hacked and accessed by foreign governments (or non-state actors) through the use of spyware and malware that exploit such vulnerabilities. In 2013, some firms, including ZTE and Huawei, were barred by the Indian government from participating in a bid to supply technology for the development of its National Optic Network project due to security concerns. [32] Similar concerns have resulted in the Indian government holding back the conferment of ‘domestic manufacturer’ status on both these firms. [33]

Following reports that Chinese firms were responsible for transnational cyber attacks designed to steal confidential data from overseas targets, there have been moves to establish laboratories to test imported telecom equipment in India. [34] Despite these steps, in a February 2014 incident the state-owned telecommunication company Bharat Sanchar Nigam Ltd’s network was hacked, allegedly by Huawei. [35]

Security practitioners and policymakers need to avoid the zero-sum framing prevalent in popular discourse regarding security VIS-A-VIS privacy, transparency and technology.

A successful hack of the telecom infrastructure could result in massive disruption in internet and telecommunications services. Large-scale surveillance and espionage by foreign actors would also become possible, placing, among others, both governmental secrets and individuals personal information at risk.

While India cannot afford to impose a general ban on the import of foreign telecommunications equipment, a number of steps can be taken to address the risk of inbuilt security vulnerabilities. Common International Criteria for security audits could be evolved by states to ensure compliance of products with international norms and practices. While India has already established common criteria evaluation centres, [36] the government monopoly over the testing function has resulted in only three products being tested so far. A Code Escrow Regime could be set up where manufacturers would be asked to deposit source code with the Government of India for security audits and verification. The source code could be compared with the shipped software to detect inbuilt vulnerabilities.

Conclusion

Cyber security cannot be enhanced without a proper understanding of the relationship between security and other national imperatives such as privacy, transparency and technology. This paper has provided an initial sketch of those relationships, but sustained theoretical and empirical research is required in India so that security practitioners and policymakers avoid the zero-sum framing prevalent in popular discourse and take on the hard task of solving the optimisation problem by shifting policy, market and technological levers simultaneously. These solutions must then be applied in multiple contexts or scenarios to determine how they should be customised to provide maximum security bang for the buck.

[1]. Daniel J. Solove, Chapter 1 in Nothing to Hide: The False Tradeoff between Privacy and Security (Yale University Press: 2011), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1827982.

[2]. Bruce Schneier, “What our Top Spy doesn’t get: Security and Privacy aren’t Opposites,” Wired, January 24, 2008, http://archive.wired.com/politics/security commentary/security matters/2008/01/securitymatters_0124 and Bruce Schneier, “Security vs. Privacy,” Schneier on Security, January 29, 2008, https://www.schneier.com/blog/archives/2008/01/security_vs_pri.html.

[3]. There are four sources of power in internet governance: Market power exerted by private sector organisations; regulatory power exerted by states; technical power exerted by anyone who has access to certain categories of technology, such as cryptography; and finally, the power of public pressure sporadically mobilised by civil society. A technically sound encryption standard, if employed by an ordinary citizen, cannot be compromised using the power of the market or the regulatory power of states or public pressure by civil society. In that sense, technology can be used to regulate state and market behaviour.

[4]. Ann Cavoukian and Khaled El Emam, “Introducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism,” Information & Privacy Commisioner, September 2013, Ontario, Canada, http://www.privacybydesign.ca/content/uploads/2013/12/pps.pdf.

[5]. Madan Oberoi, Pramod Jagtap, Anupam Joshi, Tim Finin and Lalana Kagal, “Information Integration and Analysis: A Semantic Approach to Privacy”(presented at the third IEEE International Conference on Information Privacy, Security, Risk and Trust, Boston, USA, October 2011), ebiquity.umbc.edu/_file_directory_/papers/578.pdf.

[6]. Bruce Byfield, “Does Heartbleed disprove ‘Open Source is Safer’?,” Datamation, April 14, 2014, http://www.datamation.com/open-source/does-heartbleed-disprove-open-source-is-safer-1.html.

[7]. “Cybersecurity Program should be more transparent, protect privacy,” Centre for Democracy and Technology Insights, March 20, 2009, https://cdt.org/insight/cybersecurity-program-should-be-more-transparent-protect-privacy/#1.

[8]. “Cracked Credibility,” The Economist, September 14, 2013, http://www.economist.com/news/international/21586296-be-safe-internet-needs-reliable-encryption-standards-software-and.

[9]. Miriam Elder, “Russian guard service reverts to typewriters after NSA leaks,” The Guardian, July 11, 2013, www.theguardian.com/world/2013/jul/11/russia-reverts-paper-nsa-leaks and Philip Oltermann, “Germany ‘may revert to typewriters’ to counter hi-tech espionage,” The Guardian, July 15, 2014, www.theguardian.com/world/2014/jul/15/germany-typewriters-espionage-nsa-spying-surveillance.

[10]. Bruce Schneier, “A Plea for Simplicity,” Schneier on Security, November 19, 1999, https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html.

[11]. With inputs from Pranesh Prakash of the Centre for Internet and Society and Sharathchandra Ramakrishnan of Srishti School of Art, Technology and Design.

[12]. “Frequently Asked Questions,” Controller of Certifying Authorities, Department of Electronics and Information Technology, Government of India, http://cca.gov.in/cca/index.php?q=faq-page#n41.

[13]. National Informatics Centre Homepage, Government of India, http://www.nic.in/node/41.

[14]. Adam Langley, “Maintaining Digital Certificate Security,” Google Security Blog, July 8, 2014, http://googleonlinesecurity.blogspot.in/2014/07/maintaining-digital-certificate-security.html.

[15]. This is similar to the kind of attack carried out against DigiNotar, a Dutch certificate authority. See: http://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1246&context=jss.

[16]. R. Ramachandran, “Digital Disaster,” Frontline, August 22, 2014, http://www.frontline.in/the-nation/digital-disaster/article6275366.ece.

[17]. Ibid.

[18]. “NIC’s digital certification unit hacked,” Deccan Herald, July 16, 2014, http://www.deccanherald.com/content/420148/archives.php.

[19]. National Informatics Centre Certifying Authority Homepage, Government of India, http://nicca.nic.in//.

[20]. Mozilla Wiki, “Public Key Pinning,” https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning.

[21]. “Certificate Transparency - The quick detection of fraudulent digital certificates,” Ascertia, August 11, 2014, http://www.ascertiaIndira.com/blogs/pki/2014/08/11/certificate-transparency-the-quick-detection-of-fraudulent-digital-certificates.

[22]. “Indira Gandhi International Airport (DEL/VIDP) Terminal 3, India,” Airport Technology.com, http://www.airport-technology.com/projects/indira-gandhi-international-airport-terminal -3/.

[23]. “How techies used logic bomb to cripple Delhi Airport,” Rediff, November 21, 2011, http://www.rediff.com/news/report/how-techies-used-logic-bomb-to-cripple-delhi-airport/20111121 htm.

[24]. Manu Kaushik and Pierre Mario Fitter, “Beware of the bugs,” Business Today, February 17, 2013, http://businesstoday.intoday.in/story/india-cyber-security-at-risk/1/191786.html.

[25]. “Stuxnet ‘hit’ Iran nuclear plants,” BBC, November 22, 2010, http://www.bbc.com/news/technology-11809827.

[26]. In this case, systems using Microsoft Windows and running Siemens Step7 software were targeted.

[27]. Jonathan Fildes, “Stuxnet worm ‘targeted high-value Iranian assets’,” BBC, September 23, 2010, http://www.bbc.com/news/technology-11388018.

[28]. Farhad Manjoo, “Don’t Stick it in: The dangers of USB drives,” Slate, October 5, 2010, http://www.slate.com/articles/technology/technology/2010/10/dont_stick_it_in.html.

[29]. Ibid.

[30]. “IBM invests in new $5bn chip fab in India, so is chip sale off?,” ElectronicsWeekly, February 14, 2014, http://www.electronicsweekly.com/news/business/ibm-invests-new-5bn-chip-fab-india-chip-sale-2014-02/.

[31]. NT Balanarayan, “Cabinet Approves Creation of Two Semiconductor Fabrication Units,” Medianama, February 17, 2014, http://articles.economictimes.indiatimes.com/2014-02-04/news/47004737_1_indian-electronics-special-incentive-package-scheme-semiconductor-association.

[32]. Jamie Yap, “India bars foreign vendors from national broadband initiative,” ZD Net, January 21, 2013, http://www.zdnet.com/in/india-bars-foreign-vendors-from-national-broadband-initiative-7000010055/.

[33]. Kevin Kwang, “India holds back domestic-maker status for Huawei, ZTE,” ZD Net, February 6, 2013, http://www.zdnet.com/in/india-holds-back-domestic-maker-status-for-huawei-zte-70 00010887/. Also see “Huawei, ZTE await domestic-maker tag,” The Hindu, February 5, 2013, http://www.thehindu.com/business/companies/huawei-zte-await-domesticmaker-tag/article4382888.ece.

[34]. Ellyne Phneah, “Huawei, ZTE under probe by Indian government,” ZD Net, May 10, 2013, http://www.zdnet.com/in/huawei-zte-under-probe-by-indian-government-7000015185/.

[35]. Devidutta Tripathy, “India investigates report of Huawei hacking state carrier network,” Reuters, February 6, 2014, http://www.reuters.com/article/2014/02/06/us-india-huawei-hacking-idUSBREA150QK20140206.

[36]. “Products Certified,” Common Criteria Portal of India, http://www.commoncriteria-india.gov.in/Pages/ProductsCertified.aspx.

For more details visit https://cis-india.org/internet-governance/blog/security-privacy-transparency-and-technology

A Review of the Policy Debate around Big Data and Internet of Things

elonnai — 2015-08-17T08:36:18Z

This blog post seeks to review and understand how regulators and experts across jurisdictions are reacting to Big Data and Internet of Things (IoT) from a policy perspective.

Defining and Connecting Big Data and Internet of Things

The Internet of Things is a term that refers to networked objects and systems that can connect to the internet and can transmit and receive data. Characteristics of IoT include the gathering of information through sensors, the automation of functions, and analysis of collected data.[1] For IoT devices, because of the velocity at which data is generated, the volume of data that is generated, and the variety of data generated by different sources [2] - IoT devices can be understood as generating Big Data and/or relying on Big Data analytics. In this way IoT devices and Big Data are intrinsically interconnected.

General Implications of Big Data and Internet of Things

Big Data paradigms are being adopted across countries, governments, and business sectors because of the potential insights and change that it can bring. From improving an organizations business model, facilitating urban development, allowing for targeted and individualized services, and enabling the prediction of certain events or actions - the application of Big Data has been recognized as having the potential to bring about dramatic and large scale changes.

At the same time, experts have identified risks to the individual that can be associated with the generation, analysis, and use of Big Data. In May 2014, the White House of the United States completed a ninety day study of how big data will change everyday life. The Report highlights the potential of Big Data as well as identifying a number of concerns associated with Big Data. For example: the selling of personal data, identification or re-identification of individuals, profiling of individuals, creation and exacerbation of information asymmetries, unfair, discriminating, biased, and incorrect decisions based on Big Data analytics, and lack of or misinformed user consent.[3] Errors in Big Data analytics that experts have identified include statistical fallacies, human bias, translation errors, and data errors.[4] Experts have also discussed fundamental changes that Big Data can bring about. For example, Danah Boyd and Kate Crawford in the article "Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon" propose that Big Data can change the definition of knowledge and shape the reality it measures.[5] Similarly, a BSC/Oxford Internet Institute conference report titled " The Societal Impact of the Internet of Things" points out that often users of Big Data assume that information and conclusions based on digital data is reliable and in turn replace other forms of information with digital data.[6]

Concerns that have been voiced by the Article 29 Working Party and others specifically about IoT devices have included insufficient security features built into devices such as encryption, the reliance of the devices on wireless communications, data loss from infection by malware or hacking, unauthorized access and use of personal data, function creep resulting from multiple IoT devices being used together, and unlawful surveillance.[7]

Regulation of Big Data and Internet of Things

The regulation of Big Data and IoT is currently being debated in contexts such as the US and the EU. Academics, civil society, and regulators are exploring questions around the adequacy of present regulation and overseeing frameworks to address changes brought about Big Data, and if not - what forms of or changes in regulation are needed? For example, Kate Crawford and Jason Shultz in the article "Big Data and Due Process: Towards a Framework to Redress Predictive Privacy Harms"stress the importance of bringing in 'data due process rights' i.e ensuring fairness in the analytics of Big Data and how personal information is used.[8] While Solon Barocas and Andrew Selbst in the article "Big Data's Disparate Impact" explore if present anti-discrimination legislation and jurisprudence in the US is adequate to protect against discrimination arising from Big Data practices - specifically data mining.[9]

The Impact of Big Data and IoT on Data Protection Principles

In the context of data protection, various government bodies, including the Article 29 Data Protection Working Party set up under the Directive 95/46/EC of the European Parliament, the Council of Europe, the European Commission, and the Federal Trade Commission, as well as experts and academics in the field, have called out at least ten different data protection principles and concepts that Big Data impacts:

Collection Limitation: As a result of the generation of Big Data as enabled by networked devices, increased capabilities to analyze Big Data, and the prevalent use of networked systems - the principle of collection limitation is changing.[10]
Consent: As a result of the use of data from a wide variety of sources and the re-use of data which is inherent in Big Data practices - notions of informed consent (initial and secondary) are changing.[11]
Data Minimization: As a result of Big Data practices inherently utilizing all data possible - the principle of data minimization is changing/obsolete.[12]
Notice: As a result of Big Data practices relying on vast amounts of data from numerous sources and the re-use of that data - the principle of notice is changing.[13]
Purpose Limitation: As a result of Big Data practices re-using data for multiple purposes - the principle of purpose limitation is changing/obsolete.[14]
Necessity: As a result of Big Data practices re-using data, the new use or re-analysis of data may not be pertinent to the purpose that was initially specified- thus the principle of necessity is changing.[15]
Access and Correction: As a result of Big Data being generated (and sometimes published) at scale and in real time - the principle of user access and correction is changing.[16]
Opt In and Opt Out Choices: Particularly in the context of smart cities and IoT which collect data on a real time basis, often without the knowledge of the individual, and for the provision of a service - it may not be easy or possible for individuals to opt in or out of the collection of their data.[17]
PI: As a result of Big Data analytics using and analyzing a wide variety of data, new or unexpected forms of personal data may be generated - thus challenging and evolving beyond traditional or specified definitions of personal information.[18]
Data Controller: In the context of IoT, given the multitude of actors that can collect, use and process data generated by networked devices, the traditional understanding of what and who is a data controller is changing.[19]

Possible Technical and Policy Solutions

In a Report titled "Internet of Things: Privacy & Security in a Connected World" by the Federal Trade Commission in the United States it was noted that though IoT changes the application and understanding of certain privacy principles, it does not necessarily make them obsolete.[20] Indeed many possible solutions that have been suggested to address the challenges posed by IoT and Big Data are technical interventions at the device level rather than fundamental policy changes. For example it has been proposed that IoT devices can be programmed to:

Automatically delete data after a specified period of time [21] (addressing concerns of data retention)
Ensure that personal data is not fed into centralized databases on an automatic basis [22] (addressing concerns of transfer and sharing without consent, function creep, and data breach)
Offer consumers combined choices for consent rather than requiring a one time blanket consent at the time of initiating a service or taking fresh consent for every change that takes place while a consumer is using a service. [23] (addressing concerns of informed and meaningful consent)
Categorize and tag data with accepted uses and programme automated processes to flag when data is misused. [24] (addressing concerns of misuse of data)
Apply 'sticky policies' - policies that are attached to data and define appropriate uses of the data as it 'changes hands' [25] (addressing concerns of user control of data)
Allow for features to only be turned on with consent from the user [26] (addressing concerns of informed consent and collection without the consent or knowledge of the user)
Automatically convert raw personal data to aggregated data [27] (addressing concerns of misuse of personal data and function creep)
Offer users the option to delete or turn off sensors [28] (addressing concerns of user choice, control, and consent)

Such solutions place the designers and manufacturers of IoT devices in a critical role. Yet some, such as Kate Crawford and Jason Shultz are not entirely optimistic about the possibility of effective technological solutions - noting in the context of automated decision making that it is difficult to build in privacy protections as it is unclear when an algorithm will predict personal information about an individual.[29]

Experts have also suggested that more emphasis should be placed on the principles and practices of:

Transparency,
Access and correction,
Use/misuse
Breach notification
Remedy
Ability to withdraw consent

Others have recommended that certain privacy principles need to be adapted to the Big Data/IoT context. For example, the Article 29 Working Party has clarified that in the context of IoT, consent mechanisms need to include the types of data collected, the frequency of data collection, as well as conditions for data collection.[30] While the Federal Trade Commission has warned that adopting a pure "use" based model has its limitations as it requires a clear (and potentially changing) definition of what use is acceptable and what use is not acceptable, and it does not address concerns around the collection of sensitive personal information.[31] In addition to the above, the European Commission has stressed that the right of deletion, the right to be forgotten, and data portability also need to be foundations of IoT systems and devices.[32]

Possible Regulatory Frameworks

To the question - are current regulatory frameworks adequate and is additional legislation needed, the FTC has recommended that though a specific IoT legislation may not be necessary, a horizontal privacy legislation would be useful as sectoral legislation does not always account for the use, sharing, and reuse of data across sectors. The FTC also highlighted the usefulness of privacy impact assessments and self regulatory steps to ensure privacy.[33] The European Commission on the other hand has concluded that to ensure enforcement of any standard or protocol - hard legal instruments are necessary.[34] As mentioned earlier, Kate Crawford and Jason Shultz have argued that privacy regulation needs to move away from principles on collection, specific use, disclosure, notice etc. and focus on elements of due process around the use of Big Data - as they say "procedural data due process". Such due process should be based on values instead of defined procedures and should include at the minimum notice, hearing before an independent arbitrator, and the right to review. Crawford and Shultz more broadly note that there are conceptual differences between privacy law and big data that pose as serious challenges i.e privacy law is based on causality while big data is a tool of correlation. This difference raises questions about how effective regulation that identifies certain types of information and then seeks to control the use, collection, and disclosure of such information will be in the context of Big Data – something that is varied and dynamic. According to Crawford and Shultz many regulatory frameworks will struggle with this difference – including the FTC's Fair Information Privacy Principles and the EU regulation including the EU's right to be forgotten.[35] The European Data Protection Supervisor on the other hand looks at Big Data as spanning the policy areas of data protection, competition, and consumer protection – particularly in the context of 'free' services. The Supervisor argues that these three areas need to come together to develop ways in which the challenges of Big Data can be addressed. For example, remedy could take the form of data portability – ensuring users the ability to move their data to other service providers empowering individuals and promoting competitive market structures or adopting a 'compare and forget' approach to data retention of customer data. The Supervisor also stresses the need to promote and treat privacy as a competitive advantage, thus placing importance on consumer choice, consent, and transparency.[36] The European Data Protection reform has been under discussion and it is predicted to be enacted by the end of 2015. The reform will apply across European States and all companies operating in Europe. The reform proposes heavier penalties for data breaches, seeks to provide users with more control of their data.[37] Additionally, Europe is considering bringing digital platforms under the Network and Information Security Directive – thus treating companies like Google and Facebook as well as cloud providers and service providers as a critical sector. Such a move would require companies to adopt stronger security practices and report breaches to authorities.[38]

Conclusion

A review of the different opinions and reactions from experts and policy makers demonstrates the ways in which Big Data and IoT are changing traditional forms of protection that governments and societies have developed to protect personal data as it increases in value and importance. While some policy makers believe that big data needs strong legislative regulation and others believe that softer forms of regulation such as self or co-regulation are more appropriate, what is clear is that Big Data is either creating a regulatory dilemma– with policy makers searching for ways to control the unpredictable nature of big data through policy and technology through the merging of policy areas, the honing of existing policy mechanisms, or the broadening of existing policy mechanisms - while others are ignoring the change that Big Data brings with it and are forging ahead with its use.

Answering the 'how do we regulate Big Data” question requires re-conceptualization of data ownership and realities. Governments need to first recognize the criticality of their data and the data of their citizens/residents, as well as the contribution to a country's economy and security that this data plays. With the technologies available now, and in the pipeline, data can be used or misused in ways that will have vast repercussions for individuals, society, and a nation. All data, but especially data directly or indirectly related to citizens and residents of a country, needs to be looked upon as owned by the citizens and the nation. In this way, data should be seen as a part of critical national infrastructure of a nation, and accorded the security, protections, and legal backing thereof to prevent the misuse of the resource by the private or public sectors, local or foreign governments. This could allow for local data warehousing and bring physical and access security of data warehouses on par with other critical national infrastructure. Recognizing data as a critical resource answers in part the concern that experts have raised – that Big Data practices make it impossible for data to be categorized as personal and thus afforded specified forms of protection due to the unpredictable nature of big data. Instead – all data is now recognized as critical.

In addition to being able to generate personal data from anonymized or non-identifiable data, big data also challenges traditional divisions of public vs. private data. Indeed Big Data analytics can take many public data points and derive a private conclusion. The use of Big Data analytics on public data also raises questions of consent. For example, though a license plate is public information – should a company be allowed to harvest license plate numbers, combine this with location, and sell this information to different interested actors? This is currently happening in the United States.[39] Lastly, Big Data raises questions of ownership. A solution to the uncertainty of public vs. private data and associated consent and ownership could be the creation a National Data Archive with such data. The archive could function with representation from the government, public and private companies, and civil society on the board. In such a framework, for example, companies like Airtel would provide mobile services, but the CDRs and customer data collected by the company would belong to the National Data Archive and be available to Airtel and all other companies within a certain scope for use. This 'open data' approach could enable innovation through the use of data but within the ambit of national security and concerns of citizens – a framework that could instill trust in consumers and citizens. Only when backed with strong security requirements, enforcement mechanisms and a proactive, responsive and responsible framework can governments begin to think about ways in which Big Data can be harnessed.

[1] BCS - The Chartered Institute for IT. (2013). The Societal Impact of the Internet of Things. Retrieved May 17, 2015, from http://www.bcs.org/upload/pdf/societal-impact-report-feb13.pdf

[2] Sicular, S. (2013, March 27). Gartner’s Big Data Definition Consists of Three Parts, Not to Be Confused with Three “V”s. Retrieved May 20, 2015, from http://www.forbes.com/sites/gartnergroup/2013/03/27/gartners-big-data-definition-consists-of-three-parts-not-to-be-confused-with-three-vs/

[3] Executive Office of the President. “Big Data: Seizing Opportunities, Preserving Values”. May 2014. Available at: https://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_5.1.14_final_print.pdf. Accessed: July 2^nd 2015.

[4] Moses, B., Lyria, & Chan, J. (2014). Using Big Data for Legal and Law Enforcement Decisions: Testing the New Tools (SSRN Scholarly Paper No. ID 2513564). Rochester, NY: Social Science Research Network. Retrieved from http://papers.ssrn.com/abstract=2513564

[5] Danah Boyd, Kate Crawford. CRITICAL QUESTIONS FOR BIG DATA. Information, Communication & Society Vol. 15, Iss. 5, 2012. Available at: http://www.tandfonline.com/doi/full/10.1080/1369118X.2012.678878. Accessed: July 2^nd 2015.

[6] The Chartered Institute for IT, Oxford Internet Institute, University of Oxford. “The Societal Impact of the Internet of Things” February 2013. Available at: http://www.bcs.org/upload/pdf/societal-impact-report-feb13.pdf. Accessed: July 2^nd 2015.

[7] ARTICLE 29 Data Protection Working Party. (2014). Opinion 8/2014 on the on Recent Developments on the Internet of Things. European Commission. Retrieved May 20, 2015, from http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf

[8] Crawford, K., & Schultz, J. (2013). Big Data and Due Process: Toward a Framework to Redress Predictive Privacy Harms (SSRN Scholarly Paper No. ID 2325784). Rochester, NY: Social Science Research Network. Retrieved from http://papers.ssrn.com/abstract=2325784

[9] Barocas, S., & Selbst, A. D. (2015). Big Data’s Disparate Impact (SSRN Scholarly Paper No. ID 2477899). Rochester, NY: Social Science Research Network. Retrieved from http://papers.ssrn.com/abstract=2477899

[10] Barocas, S., & Selbst, A. D. (2015). Big Data’s Disparate Impact (SSRN Scholarly Paper No. ID 2477899). Rochester, NY: Social Science Research Network. Retrieved from http://papers.ssrn.com/abstract=2477899

[11] Article 29 Data Protection Working Party. “Opinion 8/2014 on the on Recent Developments on the Internet of Things”. September 16^th 2014. Available at: h ttp://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[12] Tene, O., & Polonetsky, J. (2013). Big Data for All: Privacy and User Control in the Age of Analytics. Northwestern Journal of Technology and Intellectual Property, 11(5), 239.

[13] Omer Tene and Jules Polonetsky, Big Data for All: Privacy and User Control in the Age of Analytics, 11 Nw. J. Tech. & Intell. Prop. 239 (2013).

[14] Article 29 Data Protection Working Party. “Opinion 8/2014 on the on Recent Developments on the Internet of Things”. September 16^th 2014. Available at: h ttp://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[15] Information Commissioner's Office. (2014). Big Data and Data Protection. Infomation Commissioner's Office. Retrieved May 20, 2015, from https://ico.org.uk/media/for-organisations/documents/1541/big-data-and-data-protection.pdf

[16] Article 29 Data Protection Working Party. “Opinion 8/2014 on the on Recent Developments on the Internet of Things”. September 16^th 2014. Available at: h ttp://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[17] The Chartered Institute for IT and Oxford Internet Institute, University of Oxford. “The Societal Impact of the Internet of Things”. February 14^th 2013. Available at: http://www.bcs.org/upload/pdf/societal-impact-report-feb13.pdf. Accessed: July 2^nd 2015.

[18] Kate Crawford and Jason Shultz, “Big Data and Due Process: Towards a Framework to Redress Predictive Privacy Harms”. Boston College Law Review, Volume 55, Issue 1, Article 4. January 1st 2014. Available at: http://lawdigitalcommons.bc.edu/cgi/viewcontent.cgi?article=3351&context=bclr. Accessed: July 2nd 2015.

[19] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2nd 2015.

[20] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commision. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[21] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commision. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[22] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commision. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[23] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commision. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[24] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commision. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[25] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[26] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[27] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[28] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[29] Kate Crawford and Jason Shultz, “Big Data and Due Process: Towards a Framework to Redress Predictive Privacy Harms”. Boston College Law Review, Volume 55, Issue 1, Article 4. January 1st 2014. Available at: http://lawdigitalcommons.bc.edu/cgi/viewcontent.cgi?article=3351&context=bclr. Accessed: July 2nd 2015.

[30] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[31] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commission. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[32] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[33] Federal Trade Commission. (2015). Internet of Things: Privacy & Security in a Connected World. Federal Trade Commission. Retrieved May 20, 2015, from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

[34] Article 29 Data Protection Working Party “Opinion 8/2014 on the on Recent Developments on the Internet of Things” September 16^th 2014. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf. Accessed: July 2^nd 2015.

[35] Kate Crawford and Jason Shultz, “Big Data and Due Process: Towards a Framework to Redress Predictive Privacy Harms”. Boston College Law Review, Volume 55, Issue 1, Article 4. January 1^st 2014. Available at: http://lawdigitalcommons.bc.edu/cgi/viewcontent.cgi?article=3351&context=bclr. Accessed: July 2^nd 2015.

[36] European Data Protection Supervisor. Preliminary Opinion of the European Data Protection Supervisor, Privacy and competitiveness in the age of big data: the interplay between data protection, competition law and consumer protection in the Digital Economy. March 2014. Available at: https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2014/14-03-26_competitition_law_big_data_EN.pdf

[37] SC Magazine. Harmonised EU data protection and fines by the end of the year. June 25^th 2015. Available at: http://www.scmagazineuk.com/harmonised-eu-data-protection-and-fines-by-the-end-of-the-year/article/422740/. Accessed: August 8^th 2015.

[38] Tom Jowitt, “Digital Platforms to be Included in EU Cybersecurity Law”. TechWeek Europe. August 7^th 2015. Available at: http://www.techweekeurope.co.uk/e-regulation/digital-platforms-eu-cybersecuity-law-174415

[39] Adam Tanner. Data Brokers are now Selling Your Car's Location for $10 Online. July 10^th 2013. Available at: http://www.forbes.com/sites/adamtanner/2013/07/10/data-broker-offers-new-service-showing-where-they-have-spotted-your-car/

For more details visit https://cis-india.org/internet-governance/blog/review-of-policy-debate-around-big-data-and-internet-of-things

Right to Privacy in Peril

vipul — 2015-08-13T15:32:18Z

It seems to have become quite a fad, especially amongst journalists, to use this headline and claim that the right to privacy which we consider so inherent to our being, is under attack. However, when I use this heading in this piece I am not referring to the rampant illegal surveillance being done by the government, or the widely reported recent raids on consenting (unmarried) adults who were staying in hotel rooms in Mumbai. I am talking about the fact that the Supreme Court of India has deemed it fit to refer the question of the very existence of a fundamental right to privacy to a Constitution Bench to finally decide the matter, and define the contours of such right if it does exist.

In an order dated August 11, 2015 the Supreme Court finally gave in to the arguments advanced by the Attorney General and admitted that there is some “unresolved contradiction” regarding the existence of a constitutional “right to privacy” under the Indian Constitution and requested that a Constitutional Bench of appropriate strength.

The Supreme Court was hearing a petition challenging the implementation of the Adhaar Card Scheme of the government, where one of the grounds to challenge the scheme was that it was violative of the right to privacy guaranteed to all citizens under the Constitution of India. However to counter this argument, the State (via the Attorney General) challenged the very concept that the Constitution of India guarantees a right to privacy by relying on an “unresolved contradiction” in judicial pronouncements on the issue, which so far had only been of academic interest. This “unresolved contradiction” arose because in the cases of M.P. Sharma & Others v. Satish Chandra & Others,[1] and Kharak Singh v. State of U.P. & Others,[2] (decided by Eight and Six Judges respectively) the Supreme Court has categorically denied the existence of a right to privacy under the Indian Constitution.

However somehow the later case of Gobind v. State of M.P. and another,[3] (which was decided by a two Judge Bench of the Supreme Court) relied upon the opinion given by the minority of two judges in Kharak Singh to hold that a right to privacy does exist and is guaranteed as a fundamental right under the Constitution of India.[4] Thereafter a large number of cases have held the right to privacy to be a fundamental right, the most important of which are R. Rajagopal & Another v. State of Tamil Nadu & Others,[5] (popularly known as Auto Shanker’s case) and People’s Union for Civil Liberties (PUCL) v. Union of India & Another.[6] However, as was noticed by the Supreme Court in its August 11 order, all these judgments were decided by two or three Judges only.

The petitioners on the other hand made a number of arguments to counter those made by the Attorney General to the effect that the fundamental right to privacy is well established under Indian law and that there is no need to refer the matter to a Constitutional Bench. These arguments are:

(i) The observations made in M.P. Sharma regarding the absence of right to privacy are not part of the ratio decidendi of that case and, therefore, do not bind the subsequent smaller Benches such as R. Rajagopal and PUCL.

(ii) Even in Kharak Singh it was held that the right of a person not to be disturbed at his residence by the State is recognized to be a part of a fundamental right guaranteed under Article 21. It was argued that this is nothing but an aspect of privacy. The observation in para 20 of the majority judgment (quoted in footnote 2 above) at best can be construed only to mean that there is no fundamental right of privacy against the State’s authority to keep surveillance on the activities of a person. However, they argued that such a conclusion cannot be good law any more in view of the express declaration made by a seven-Judge bench decision of this Court in Maneka Gandhi v. Union of India & Another.[7]

(iii) Both M.P. Sharma (supra) and Kharak Singh (supra) were decided on an interpretation of the Constitution based on the principles expounded in A.K. Gopalan v. State of Madras,[8] which have themselves been declared wrong by a larger Bench in Rustom Cavasjee Cooper v. Union of India.[9]

Other than the points above, it was also argued that world over in all the countries where Anglo-Saxon jurisprudence is followed, ‘privacy’ is recognized as an important aspect of the liberty of human beings. The petitioners also submitted that it was too late in the day for the Union of India to argue that the Constitution of India does not recognize privacy as an aspect of the liberty under Article 21 of the Constitution of India.

However these arguments of the petitioners were not enough to convince the Supreme Court that there is no doubt regarding the existence and contours of the right to privacy in India. The Court, swayed by the arguments presented by the Attorney General, admitted that questions of far reaching importance for the Constitution were at issue and needed to be decided by a Constitutional Bench.

Giving some insight into its reasoning to refer this issue to a Constitutional Bench, the Court did seem to suggest that its decision to refer the matter to a larger bench was more an exercise in judicial propriety than an action driven by some genuine contradiction in the law. The Court said that if the observations in M.P. Sharma (supra) and Kharak Singh (supra) were accepted as the law of the land, the fundamental rights guaranteed under the Constitution of India would get “denuded of vigour and vitality”. However the Court felt that institutional integrity and judicial discipline require that smaller benches of the Court follow the decisions of larger benches, unless they have very good reasons for not doing so, and since in this case it appears that the same was not done therefore the Court referred the matter to a larger bench to scrutinize the ratio of M.P. Sharma (supra) and Kharak Singh (supra) and decide the judicial correctness of subsequent two judge and three judge bench decisions which have asserted or referred to the right to privacy.

[1] AIR 1954 SC 300. In para 18 of the Judgment it was held: “A power of search and seizure is in any system of jurisprudence an overriding power of the State for the protection of social security and that power is necessarily regulated by law. When the Constitution makers have thought fit not to subject such regulation to constitutional limitations by recognition of a fundamental right to privacy, analogous to the American Fourth Amendment, we have no justification to import it, into a totally different fundamental right, by some process of strained construction.”

[2] AIR 1963 SC 1295. In para 20 of the judgment it was held: “… Nor do we consider that Art. 21 has any relevance in the context as was sought to be suggested by learned counsel for the petitioner. As already pointed out, the right of privacy is not a guaranteed right under our Constitutionand therefore the attempt to ascertain the movement of an individual which is merely a manner in which privacy is invaded is not an infringement of a fundamental right guaranteed by Part III.”

[3] (1975) 2 SCC 148.

[4] It is interesting to note that while the decisions in both Kharak Singh and Gobind were given in the context of similar facts (challenging the power of the police to make frequent domiciliary visits both during the day and night at the house of the petitioner) while the majority in Kharak Singh specifically denied the existence of a fundamental right to privacy, however they held the conduct of the police to be violative of the right to personal liberty guaranteed under Article 21, since the Regulations under which the police actions were undertaken were themselves held invalid. On the other hand, while Gobind held that a fundamental right to privacy does exist in Indian law, it may be interfered with by the State through procedure established by law and therefore upheld the actions of the police since they were acting under validly issued Regulations.

[5] (1994) 6 SCC 632.

[6] (1997) 1 SCC 301.

[7] (1978) 1 SCC 248.

[8] AIR 1950 SC 27.

[9] (1970) 1 SCC 248.

For more details visit https://cis-india.org/internet-governance/blog/right-to-privacy-in-peril

Net Neutrality: India is a Keybattle Ground

praskrishna — 2015-09-20T07:08:42Z

Hardnews talks to Sunil Abraham, the executive director of the Centre for Internet and Society (CIS), about the future of the Internet in India.

The article by Abeer Kapoor was published in Hardnews on August 10, 2015.

There are competing definitions of net neutrality. What do you think an Indian definition of net neutrality should be?
It should be driven by an empirical understanding of the harms and benefits for Indian consumers. Any regulation should be based on evidence of harm. Forbearance should be the first option for any regulator. The second option is mandating transparency. The third option, as (Managing Director of the World Dialogue on Regulation for Network Economies Programme) William Melody says, should be raising competition before we consider other more intrusive regulatory measures such as price regulation, mandatory registration and licensing, etc. Telling network administrators how to run their networks should be the very last option we consider. Ideally, the Competition Commission of India should have started an investigation into the competition harms emerging from network neutrality violations. There are other harms emerging from network neutrality violations, such as free speech harms, diversity harms, innovation harms and privacy harms. These residual elements should have been the focus of the TRAI (Telecom Regulatory Authority of India) consultation paper process, the DoT (Department of Telecommunications) panel process and the consultations of the parliamentary standing committee.

There are certain rights that are essential, like privacy. How do you think the right to privacy will play into the definition of Indian net neutrality?
Deep packet inspection – which is a method that is used to manage Internet traffic and walled garden access via mobile applications – causes significant privacy harms and gives rise to a range of security vulnerabilities. These cannot be directly addressed in network neutrality policy. On privacy and security, it is not clear that the Indian situation is different from the global trend, so it is unlikely that we will have an India-specific privacy language in our network neutrality policy.

Privacy harms caused by network neutrality violations have to be addressed by enacting the privacy bill into law. The Department of Personnel and Training (DoPT) has been working on this Bill for the last five or six years. The latest draft has implemented the recommendations of the Justice AP Shah Committee. The last leak of the privacy Bill revealed that the DoPT has included the nine principles identified by the Shah Committee Report on Privacy. We hope that the government will introduce this Bill at the earliest. Section 43A of the IT Act may also need to be amended to address all the nine privacy principles.

The report drafted by DoT on net neutrality is ambiguous and almost reluctant to take a stand. What are the key points of this report?
The DoT panel report does take a stand. It clearly identifies network neutrality as a policy goal. Unfortunately, the panel did not provide its own definition of network neutrality, but instead quoted a definition submitted by civil society activists who testified before it without explicitly adopting it. The panel report examines zero rating and legitimate traffic management in quite a bit of detail and does prescribe some regulatory decision trees to the policymakers. When it comes to specialised services and walled gardens there could have been more detailed and specific recommendations. The biggest disappointment in the report is the call for licensing of those OTT (Over the Top) service providers that provide equivalent services to those provided by telcos. While the need to address regulatory arbitrage from the perspective of privacy and surveillance law may be virtuous, it may not be technically feasible to do so, especially if there is end-to-end encryption. Also, regulatory arbitrage could be addressed by reducing regulations for telcos rather than increasing them for OTT providers.

Do you think licensing and regulation of OTT services such as Google and WhatsApp are a necessity?
It is a myth that they exist in a regulatory vacuum. Many regulations do apply to them and a few of them do comply with Indian authorities on issues like speech regulation, legal interception and also data access. With competition law and taxation there is very little compliance. The trouble is not that there are regulatory vacuums, but rather that these services operate from foreign jurisdictions. Without offices, servers and human resources within the Indian jurisdiction it is very difficult for the courts to implement their orders, and for law enforcement to ensure compliance with Indian laws. This jurisdictional challenge affects most developing countries and not just India, and can only be solved by harmonising procedural and substantive law across jurisdictions, through the spread of soft norms, development of self-regulatory mechanisms using the multi-stakeholder models and through the creation of international law through various multilateral and pluri-lateral bodies.

The report reduces the neutrality debate to ‘access.’ Do you think this approach is reductive?
Access is very important in the Indian context so I don’t see how that is reductive. Many observers believe that the next round in the war for network neutrality will happen in the global South. India is a key battleground – what happens here will have global impact and implications. Network neutrality policies need to consider free speech, privacy, competition, diversity and innovation goals of the markets they seek to regulate. If we are not being doctrinaire about network neutrality we could adopt what (Professor of Internet & Media Law at the University of Sussex) Chris Marsden calls forward-looking “positive net neutrality” wherein “higher QoS (Quality of Service) for higher prices should be offered on fair, reasonable and non-discriminatory [FRAND] terms to all comers”. FRAND, according to Prof. Marsden, is well understood by the telcos and ISPs (Internet Service Providers) as it is the basis of common carriage. This understanding of network neutrality allows for technical and business model innovation by ISPs and telcos without the associated harms. There are zero-rating services being launched by Mozilla, Jaana, Mavin and others that are attempting to do this. I do not believe that they violate network neutrality principles, unlike Airtel Zero or Internet.org.

While this report attempts to arrive at a middle ground between the TSPs and the OTTs, how is this going to reflect in the government’s ‘Digital India’ programme?
We know we have a policy solution when all stakeholders are equally unhappy. But we also need an elegant solution that is easy to implement. Scholars like (Associate Professor of Computer Science at Columbia University) Vishal Mishra have a theoretical solution based on the Shapley Value, that assumes a multi-sided market model, but this may not work in real life. Professor V. Sridhar of the International Institute of Information Technology, Bengaluru (IIITB) has a very elegant idea of setting a ceiling and floor for price and speed and also for insisting on a minimum QoS of the whole of the Internet. These ideas I have not heard in the American and European debate around network neutrality. I remain hopeful that the Indian middle ground will be qualitatively different, given that the structure and constraints of the Indian telecom sector are very different from that in developed countries. Ensuring network neutrality is essential to the success of Digital India. Unfortunately, the Digital India plans that we have heard so far don’t make this explicitly clear.

The Internet was never meant to be monetised. Do you think that private players are eating into a public good that is absolutely necessary for development?
I have never heard that statement before. The Internet, after its early history, has been completely built using private capital. The public Internet has always been monetised. Collectively, the individual entrepreneurs and enterprises that build and run the components of the Internet have created a common public good – which is the globally interconnected network. But the motivation for private capital behind maintaining and building their corner or component of this network has also been profit maximisation.

What has contributed to the growing need to regulate and administer the Internet?
Technical advancements and business model innovations have resulted in both benefits and harms and therefore there could be a rationale for regulation. But more regulation per se is not a virtue and does not serve the interest of citizens and consumers. Expanding the regulatory scope of government infinitely will only result in failure, given the limited capacity and resources of the State. Therefore, whenever the State enters a new area of regulation it should ideally stop regulating in another area. In other words, there is no clear case that the regulation of the Internet is needed to keep growing exponentially – as evolving technologies may require specific regulation – if the resultant harms cannot be addressed using existing law. In most cases, traditional law is sufficient to deal with crimes and offences online.

This story is from the print issue of Hardnews: August 2015

For more details visit https://cis-india.org/internet-governance/news/hardnewsmedia-august-10-2015-abeer-kapoor-net-neutrality-india-is-a-keybattle-ground

CIS submission to the UNGA WSIS+10 Review

jyoti — 2015-08-09T16:24:04Z

The Centre for Internet & Society (CIS) submitted its comments to the non-paper on the UNGA Overall Review of the Implementation of the WSIS outcomes, evaluating the progress made and challenges ahead.

To what extent has progress been made on the vision of the peoplecentred, inclusive and development oriented Information Society in the ten years since the WSIS?
The World Summit on the Information Society (WSIS) in 2003 and 2005 played an important role in encapsulating the potential of knowledge and information and communication technologies (ICT) to contribute to economic and social development. Over the past ten years, most countries have sought to foster the use of information and knowledge by creating enabling environment for innovation and through efforts to increase access. There have been interventions to develop ICT for development both at an international and national level through private sector investment, bilateral treaties and national strategies.

However, much of the progress made in the past ten years in terms of getting people connected and reaping the benefits of ICT has not been sufficiently peoplecentred, nor have they been sufficiently inclusive.

These developments have not been sufficiently peoplecentred, since governments across the world have been using the Internet as a monumental surveillance tool, invading people’s privacy without legitimate justifications, in an arbitrary manner without due care for reasonableness, proportionality, or democratic accountability. These developments have not been sufficiently peoplecentred, since the largest and most profitable Internet businesses — businesses that have more users than most nationstates have citizens, yet have one-sided terms of service — have eschewed core principles like open standards and interoperability that helped create the Internet and the World Wide Web, and instead promote silos.

We still reside in a world where development has been very lopsided, and ICTs have contributed to reducing some of these gulfs, while exacerbating others. For instance, persons with visual impairment are largely yet to reap the benefits of the Information Society due to a lack of attention paid to universal, while sighted persons have benefited far more; the ability of persons who don’t speak a language like English to contribute to global Internet governance discussions is severely limited; the spread of academic knowledge largely remains behind prohibitive paywalls.

As ICTs have grown both in sophistication and reach, much work remains to achieve the peoplecentred, inclusive and developmentoriented information society envisaged in WSIS. While the diffusion of ICTs has created new opportunities for development, even today less than half the world has access to broadband (with only eleven per cent of the world’s population having access to fixed broadband). See International Telecommunication Union, ICT Facts and Figures: The World in 2015.

Ninety per cent of people connected come from the industrialized countries — North America (thirty per cent), Europe (thirty per cent) and the AsiaPacific (thirty per cent). Four billion people from developing countries remain offline, representing two-thirds of the population residing in developing countries. Of the nine hundred and forty million people residing in Least Developed Countries (LDCs), only eighty-nine million use the Internet and only seven per cent of households have Internet access, compared with the world average of forty-six per cent. See International Telecommunication Union, ICT Facts and Figures: The World in 2015. This digital divide is first and foremost a question of access to basic infrastructure (like electricity).

Furthermore, there is a problem of affordability, all the more acute since in the South in comparison with countries of the North due to the high costs related to access to the connection. Further, linguistic, educational, cultural and content related barriers are also contributing to this digital divide. Growth of restrictive regimes around intellectual property, vision of the equal and connected society. Security of critical infrastructure with in light of ever growing vulnerabilities, the loss of trust following revelations around mass surveillance and a lack of consensus on how to tackle these concerns are proving to be a challenge to the vision of a connected information society. The WSIS+10 overall review is timely and a much needed intervention in assessing the progress made and planning for the challenges ahead.

There were two bodies as major outcomes of the WSIS process: the Internet Governance Forum and the Digital Solidarity Fund, with both of these largely failing to achieve their intended goals. The Internet Governance Forum, which is meant to be a leading example of “multi-stakeholder governance” is also a leading example of what the Multi-stakeholder Advisory Group (MAG) noted in 2010 as “‘black box’ approach”, with the entire process around the nomination and selection of the MAG being opaque. Indeed, when CIS requested the IGF Secretariat to share information on the nominators, we were told that this information will not be made private. Five years since the MAG lamented its own blackbox nature, things have scarcely improved. Further, analysis of MAG membership since 2006 shows that 26 persons have served for 6 years or more, with the majority of them being from government, industry, or the technical community. Unsurprisingly, 36 per cent of the MAG membership has come from the WEOG group, highlighting both deficiencies in the nomination/selection
process as well as the need for capacity building in this most important area. The Digital Solidarity Fund failed for a variety of reason, which we have analysed in a separate document annexed to this response.

What are the challenges to the implementation of WSIS outcomes?

Some of the key areas that need attention going forward and need to be addressed include:

Access to Infrastructure

Developing policies aimed at promoting innovation and increasing affordable access to hardware and software, and curbing the ill effects of the currentlyexcessive patent and copyright regimes.

Focussing global energies on solutions to lastmile access to the Internet in a manner that is not decoupled from developmental ground realities.
This would include policies on spectrum sharing, freeing up underutilized spectrum, and increasing unlicensed spectrum.
This would also include governmental policies on increasing competition among Internet providers at the last mile as well as at the backbone (both nationally and internationally), as well as commitments for investments in basic infrastructure such as an openaccess national fibreoptic backbone where the private sector investment is not sufficient.
Developing policies that encourage local Internet and communications infrastructure in the form of Internet exchange points, data centres, community broadcasting.

Access to Knowledges

As the Washington Declaration on IP and the Public Interest5 points out, the enclosure of the public domain and knowledge commons through expansive “intellectual property” laws and policies has only gotten worse with digital technologies, leading to an unjust allocation of information goods, and continuing royalty outflows from the global South to a handful of developing countries. This is not sustainable, and urgent action is needed to achieve more democratic IP laws, and prevent developments such as extra judicial enforcement mechanisms such as digital restrictions management systems from being incorporated within Web standards.
Aggressive development of policies and adoption of best practices to ensure that persons with disabilities are not treated as secondgrade citizens, but are able to fully and equally participate in and benefit from the Information Society.
Despite the rise of video content on the Internet, much of that has been in parts of the world with already high literacy, and language and illiteracy continue to pose barriers to full usage of the Internet.
While the Tunis Agenda highlighted the need to address communities marginalized in Information Society discourse, including youth, older persons, women, indigenous peoples, people with disabilities, and remote and rural communities, but not much progress has been seen on this front.

Rights, Trust, and Governance

Ensuring effective and sustainable participation especially from developing countries and marginalised communities. Developing governance mechanisms that are accountable, transparent and provide checks against both unaccountable commercial interests as well as governments.
Building citizen trust through legitimate, accountable and transparent governance mechanisms.
Ensuring cooperation between states as security is influenced by global foreign policy, and is of principal importance to citizens and consumers, and an enabler of other rights.
As the Manila Principles on Intermediary Liability show, uninformed intermediary liability policies, blunt and heavy handed regulatory measures, failing to meet the principles of necessity and proportionality, and a lack of consistency across these policies has resulted in censorship and other human rights abuses by governments and private parties, limiting individuals’ rights to free expression and creating an environment of uncertainty that also impedes innovation online. In developing, adopting, and reviewing legislation, policies and practices that govern the liability of intermediaries, interoperable and harmonized regimes that can promote innovation while respecting users’ rights in line with the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights and the United Nations Guiding Principles on Business and Human Rights are needed and should be encouraged.
An important challenge before the Information Society is that of the rise of “quantified society”, where enormous amounts of data are generated constantly, leading to great possibilities and grave concerns regarding privacy and data protection.
Reducing tensions arising from the differences between cultural and digital nationalism including on issues such as data sovereignty, data localisation, unfair trade and the need to have open markets.
Currently, there is a lack of internationally recognized venues accessible to all stakeholders for not only discussing but also acting upon many of these issues.

What should be the priorities in seeking to achieve WSIS outcomes and progress towards the Information Society, taking into account emerging trends?
All the challenges mentioned above should be a priority in achieving WSIS outcomes and ensuring innovation to lead social and economic progress in society. Digital literacy, multilingualism and addressing privacy and user data related issues need urgent attention in the global agenda. Enabling increased citizen participation thus accounting for the diverse voices that make the Internet a unique medium should also be treated as priority. Renewing the IGF mandate and giving it teeth by adopting indicators for development and progress, periodic review and working towards tangible outcomes would be beneficial to achieving the goal of a connected information society.

What are general expectations from the WSIS + 10 High Level Meeting of the United Nations General Assembly?
We would expect the WSIS+10 High Level Meeting to endorse an outcome document that seeks to d evelop a comprehensive policy framework addressing the challenges highlighted above . It would also be beneficial, if the outcome document could identify further steps to assess development made so far, and actions for overcoming the identified challenges. Importantly, this should not only be aimed at governments, but at all stakeholders. This would be useful as a future road map for regulation and would also allow us to understand the impact of Internet on society.

What shape should the outcome document take?
The outcome document should be a resolution of the UN General Assembly, with high level policy statements and adopted agreements to work towards identified indicators. It should stress the urgency of reforms needed for ICT governance that is democratic, respectful of human rights and social justice and promotes participatory policymaking. The language should promote the use of technologies and institutional architectures of governance that ensure users’ rights over data and information and recognize the need to restrict abusive use of technologies including those used for mass surveillance. Further, the outcome document should underscore the relevance of the Universal Declaration of Human Rights, including civil, political, social, economic, and cultural rights, in the Information Society.

The outcome document should also acknowledge that certain issues such as security, ensuring transnational rights, taxation, and other such cross jurisdictional issues may need greater international cooperation and should include concrete steps on how to proceed on these issues. The outcome document should acknowledge the limited progress made through outcome-less multi-stakeholder governance processes such as the Internet Governance Forum, which favour status quoism, and seek to enable the IGF to be more bold in achieving its original goals, which are still relevant. It should be frank in its acknowledgement of the lack of consensus on issues such as “enhanced cooperation” and the “respective roles” of stakeholders in multi-stakeholder processes, as brushing these difficulties under the carpet won’t help in magically building consensus. Further, the outcome document should recognize that there are varied approaches to multi-stakeholder governance.

For more details visit https://cis-india.org/internet-governance/blog/cis-submission-to-unga-wsis-review

Mock-Calling – Ironies of Outsourcing and the Aspirations of an Individual

Sreedeep — 2015-08-06T05:00:33Z

This post by Sreedeep is part of the 'Studying Internets in India' series. He is an independent photographer and a Fellow at the Centre for Public Affairs and Critical Theory, Shiv Nadar University, Delhi. In this essay, Sreedeep explores the anxieties and ironies of the unprecedented IT/BPO boom in India through the perspective and experiences of a new entrant in the industry, a decade ago. The narrative tries to capture some of the radical hedonistic consequences of the IT-burst on our lifestyles, imagination and aspirations delineated and fraught with layers of conscious deception and prolonged probation.

best start (the advertisement)

In the darkest hours of night, they remain awake serving some other continent across the oceans.
The sparkling exterior complements the sleeplessness.

Colorful half-pagers listing job openings in dedicated sections of dailies for the ‘educated’ and ‘experienced’ have been common in post liberalized India. When the eyes cruise through the various logos and offerings of the MNCs in these over populated pages, one gets reminded of a decade when the front, back, and inside pages of newspaper supplements overflowed with job offerings in the lowest ranks of the IT. BPO vacancies which littered the folios primarily sought to lure fresh college pass-outs ‘proficient in English’. Back then, one was yet getting familiar with names such as ‘Convergys’, ‘Daksh’, ‘Global-Vantage’, ‘EXL’, ‘Vertex’. It made one wonder why they needed so many people to ‘walk-in’ week after week, and how they made thousands of ‘on the spot offers’ with ‘revised salaries’ following ‘quick and easy interviews’ and ‘fastest selection processes’. What these selected people actually did, once they got in, was another mystery altogether.

Some of these MNCs promising nothing short of a ‘best start’ to one’s career, that too with the ‘best starting salaries for a fresher’, often came to college campuses for recruitment. They conducted large scale interviews and generously granted immediate offer-letters to final-year students, at the end of each academic year. I happily overlooked the (fine) print, the text, design, and all the other details of these BPO ads. In fact, I never bothered to figure out what the acronym meant till such time when I was in desperate need for a gadget make-over. My age old Range-Finder camera deserved to be disposed and displaced by a Digital SLR. That was the summer of 2003...

The iconic ship building of Convergys – one of the first amongst the many that stood alone fifteen years ago, surrounded by far-‐away sketches of multistoried constructions and a cyber-‐hub that was yet to be born and the eight lane highway leading to Jaipur, about to be built beside it.

say something more about yourself (the interview)

Call flow and traffic flow is fast and furious both inside and outside such centers of info-exchange and mega-data transmissions every second every day.

“You have mentioned in this form that your aim is to ‘do something different’. How would you relate that to your decision to work in a call center?” I was asked.

I had given more than couple of interviews, to get rejected on both occasions, and by then had realized what exactly they preferred to hear and the kind of profile that they wanted to hire. I was in no mood to miss my lunch and waste another day in the scorching heat traveling to one of these hotels where the interviews were conducted. I was tired of waiting for hours sipping cold water and looking at formally dressed men and women being dumped from one room to another – going through a series of eliminating rounds before reaching the interview stage, when they politely conveyed “…thank you very much, you may leave for now, we’ll get back to you…”, especially, to all those lacking a ‘neutral English accent'.

On the first occasion, I took great pleasure and interest in observing every bit of it. On the second, I was getting a hang of it. On the third, I felt like a school kid appearing for an oral examination at the mercy of the schoolmaster and was perennially requested at every step to say something (more) about oneself. But, I had no grudges. Neither the posh ambience nor the polite attitude of the employers towards hundreds of candidates walking-in everyday was comparable with the interview-scene of Ray’s ‘Pratidwandi’ [1]. The scene was acting out in reverse. Now they needed us (in bulk) more than we needed them. Any English-speaking dude eager to believe in the promises of the new-age-profession, even with less or ordinary qualifications, or with no desires to seek further qualifications, was in great demand, like never before.

On the fourth occasion, I thought that I had my answers ready.

“Well, your CV suggests something else. Why don’t you contemplate choosing a creative profession?”

The extra curricular activities’ column on my CV was getting reduced in size with each passing interview that I chose to face. Later I felt that I could have said something else instead of answering, “Madam, I am from a middle-class family, where creativity is not given much space beyond a point.”

I was reminded that I should use her first name instead of uttering ‘Madam’ repeatedly. “But, most of the creative minds come from the middle-class background”, she refuted.

“May be I don’t have much of confidence in my creative abilities.”

The conversation continued for quite long. I did not fall short of sentences to cover up this process of conscious deception. She was busy evaluating my English and was possibly overlooking the content of my answers while making points on a piece of paper as she kept asking questions regarding hobbies, movies, etc. I was asked to listen to men talking in American accent and was instructed to choose between options that summarized the probable conclusion of their conversation. Then I was asked me to wait outside.

The interview with the Senior Process Manager from Pune was supposedly the last round, I was told. A charming voice from across the table made me feel as if he had been waiting to hear from me since the time we met long ago, “So, how is life?”

“Great Sir”.

“Great? You don’t get to hear that too often. Okay, please say something about your self.”

There seemed to be no end to this essential inquiry about ‘the self’ at any stage! I started with my name and ended with my ambition, which was to make a career in a call center.

He must have found it useless to discuss the work profile with me. Truly, I had no idea about what I was supposed to do on the deck. But, I did not miss any chance to convey how keen I was to learn and deliver. This was followed by a discussion on salary, which was short, because as a fresher, I was in no position to bargain.

While passing the offer letter, the HR lady formally made a point to emphasize the formal dress code in the office. Looking back, I presume it was my appearance that prompted her to state the code. With the hair almost touching the shoulders, and a face not shaven for more than a month, the loose fit denims incapable of keeping the shirt tucked, I must have made a sufficient impression to instigate concern in her mind, although unknowingly. Jaswindar (the man who thought smoking bidi in the lawns of the corporate cathedral is quite cool) replied, “I don’t have any formal wear. Does the company pay any advance for buying some?”

Cyber Hub @ midnight – the nerve centre of several corporates.

what if they find out (the first day)

Even sky is not the limit. The exchange of information and its pace defies border – political or physical.

A cold current ran through the spine of several candidates, especially the first timers, with every signature they put on the bottom left of each page of the agreement of the terms and conditions that required them to be graduates. Obviously, quite a few of them were not graduates. What if they found out that they were not? But they did not. I guess, they never cared to verify the certificates enclosed in the pink file. Nor did they care to figure out what happened to those tax-forms, provident fund forms, insurance forms signed and submitted by the 124 employees joining job on the 9th of June. Lengthy spells of instructions related to form-filling on the first day were forgotten, as most of them were happily distracted or disinterested. The crowd was busy checking out each other – the vending machine and its options, the fancy phone and its features – also enquiring or narrating previous call center experiences, the hassle in missing or getting the first pick-up for the day...

While these strangers were desperate to know or let the others know ‘something more about themselves’, the junior officials instructing us ‘where to tick’, ‘what to remember’, ‘how to write’, ‘when to stop’ were not in a position to exhibit how irritated they were with the tough task of managing so many recruits. Things got even worse with the daylong induction lectures on training, transport, finance, assets, ‘our motifs’ and ‘your expectations’, ‘your contribution’ and ‘our expectations’. Thankfully, there was good lunch, free internet access (quite unthinkable in those days of expensive cyber cafes) and AC cabs to follow. I fancied my relief from the heat and hostel food for the next few weeks of my paid holiday without any sense of remorse.

The Convergys building (now taken over by Vedanta) on a full moon night. The plush lawns used to be a breeding ground for generating dust haze. The compound is highly protected/exclusive zone. Epitome of global connectivity ensures complete disconnection with the local surroundings.

my camera vs their camera (getting trained)

The ever-expanding city with all its imposed notions of urbanity on an area essentially rural leaves no scope for the evolution of the public space. On the contrary, any space outside the strict confines of these gated nations/notions invite threats of the highest order or at least it is perceived to be so.

What if they find out? No, they didn’t.

For the next one and a half months, we loitered around in the mornings, nights, evenings, and graveyard shifts of the classrooms and cafés (though not in every corner as mobility was highly restricted and under severe surveillance), at times enjoying and at times sleeping through the training sessions, impatiently waiting for the salary to get transferred to the Citi Bank account which they had opened for us to be swiped-out the moment the money arrived. Their surveillant eyes were not technologically advanced enough to guess the respective reasons to take up the job casually and remain appointed before absconding. A host of young fellas kept counting the number of day remaining:

While the trainer with 3 kids in 7 years (now needing one more) with a ‘do it or I’ll make you do it’ attitude reminded us that prostitution is oldest customer care service, and the role of a customer care executive is one of the most prestigious ones and definitely not deplorable just because we work at night (as do the docs and cops).
While listening to the trainees whose primary interests varied from stock exchange to cooking for the wife to horse breeding and extending till the ‘search for truth in Himalayas’. In a free speech session in VNA (Voice and Accent Training), fitness was synonymous with Baba Ramdev for some folks and euthanasia meant mass-killing. And what about capital-punishment? “Would have known if I attended the college debates”, someone proudly said. The trainer was kind to say “Then talk about censorship”. The girl with colored hair was quick to question, “Is that an automated cruise?”
While cruising through the consonants, diphthongs, vowel sounds, and imported ‘modules’, rapid ‘mock-calls’ and learning to intonate. We bit the ‘B’s, kissed the ‘W’s and by the time we rolled the ‘R’s, reached the soft ‘T’s and faded ‘P’s, I felt that the next big revolution was here. Tongue, lip, throat, teeth tried their level best to ape the ones across the Atlantic to the norms of their phonetic culture.
While obviously not uttering the obvious that this entire system was a consequence of service being subcontracted to places where establishment and labour costs were way more cheaper.

Walls can guard the flow of trespassers but the walls can rarely be guarded against the practice of public urination. An employee relieves himself in the middle of a graveyard shift on his way back after a quick smoke during the miserly half an hour break.

keeping balance (the absconding case & the attrition list)

The building came first as isolated blocks of self-sufficient units generating its own electricity and meeting its own needs. The infrastructure external and essential to its sustenance is still in its nascent stage.

In between the lines of the Punjabi beats in the moving cab or Pearl Jam playing on the i-pod in full volume to resist the former; before and after ‘hi bro’, ‘hey dude’, ‘yo man’, ‘yap buddy’; from weekend masti to an inspirational night-out, we constantly juggled with call-center jargon and silently yapped about:

How to revolt against ‘IST’ (Indian Stretchable Time)
Why the ‘pick-up time’ hadn’t been SMSed yet
Why the fucking cab driver did not come fucking five fucking minutes earlier
How often to ‘login’ early and ‘logout’ late
Why the ‘systems were running slow’
What should be the perfect ‘call-opening’ and ‘call ending’
How to handle ‘high call flow’
How to ‘sale’ a product to the ‘disinterested customer’
How to ‘appease’ the dissatisfied ‘enquiring consumers’
How to ‘empathize’ with an ‘irate customer’
How to keep the ‘call control’ while making the customer feel empowered
How to avoid ‘escalating’ the call
How to make full use of the two ‘fifteen minutes breaks’ and one ‘half hour break’
Why not to say – “I am sorry to hear that” – to a recently divorced customer
Whom to give the extra food coupons
What to do to in order to know when your calls are being monitored
How to reduce the ‘AHT’ (Average Handling Time)
How to increase the ‘C.Sac’ (Customer Satisfaction) scores
Why not to take two ‘consecutive weekend-offs’
What to write in the ‘feed-back forms’
Which friend should be referred to get compensated for the ‘referral’ before leaving the job
What else could be done to maximize ‘P4P’ (Pay for Performance)

Soon after swiping the card and clearing the balance, many of us became what they called, ‘an absconding case’ and added our names to the ‘attrition list’. The ‘cost-effective-labour’ (not ‘cheap labor’), stopped coming to office just before ‘hitting the (production) floor’ without bothering to formally say a bye, and without multiplying the hundreds of dollars that their clients had invested in our training and maintenance. Some of us had to get back to our colleges, which had re-opened. The others either complained about the team-leader or the work pressure till the time they got a call from some other call-center across the road offering a slight increment, but the same work. Others changed jobs as they habitually did twice or thrice a year to acquire a new ambience and acquaintances only to get bored yet again. One chap was smart enough to hold two offices simultaneously. The rest either perished without a trace or sat on the same chair hoping to climb the ‘vertical ladder’ by pleasing the bosses and putting more working hours while executing the ‘communicative tools’ and ‘navigation skills’ that they remembered from the training days. They were the ones the industry hoped to retain. They were also the ones too particular about their performance. Habitual consumption and consistent conflicts between the personal mornings/mourning and the professional nights took a consistent toll.

The city sleeps. Metros come to halt. Signs of human existence disappear. But thousands of people continue with the calls in each floor of these buildings answering queries and collecting unpaid amounts catering to a different time zone altogether.

Different floors and different corners of the same floor cater to different clients across the globe.

after-call wrap-up (remains of the flirtatious feed-back)

I-cards hung like nameplates around the neck all the time along with codes that were generated from the distant land. Punching these plastic cards ensured automated entry, strictly confined to those floors where we had some business. Forgetting to carry them required prolonged human intervention to convince the security that we did deserve to get in. Losing it lead to penalty. Hiding/absconding beneath one of the many call center note-pads I found the Separation Clause 4b: “upon separation from the company, you will be required to immediately return to the company, all assets and property including documents, files, book, papers and memos in your possession.”

The termination clause 6.b.i. of one of the appointment letters stated - “During the probation period you are liable to be discharged from the company’s service at any time without any notice and without assigning any reason”. But I guess the employees left the company more often without any notice or assigning any reasons. The company, most often, had no answers for this unwanted discharge to its owners across the oceans. IT abroad/onboard was not advanced enough to predict/prevent people who made the industry look like a make-shift arrangement; a probation that would rarely lead to permanence.

A common sight of fleet of cabs (a service which is outsourced to external vendors) outside the building waiting for scheduled drops and pick-ups.

is there anything else that I can do to help you/me

As the piling debris suggest infrastructural work perennially in progress.

Between the cafeteria cleaned once every hour and the adjacent murky road side dhaba; between the latest cars in the parking lot and the rickshaws waiting for those who couldn’t yet afford to pay the car-installment; between the fiber-glass windows and the jhopris (visible once the curtains were lifted) – new heights were achieved and new targets were set that were globally connected, locally disconnected.

In a site, which is otherwise devoid of consistent water supply, electricity and public transport (running it servers on generators 24X7), the vertical-limits of the translucent fiber glass and false roofs prepare the suburbs. The soothing cubicles confirm to the global standards of ‘how a city ought to look’ from a distance.

Just like the enormous demands of the IT industry, which has created its support sectors (catering, security, transport, house-keeping etc) to stray around the BPOs trying to extract their share of profit, I moved around its orbit as well for some time. Why and how there is a bit of BPO in most my creative endeavors and in the purchase of digital devices between 2003-2008 doesn’t require any further explanation.

I got better and better with my mock-calls.

Surrounded by the debris of development and standing tall with its emphatic presence, such an imposing architecture seems like a myth that constantly challenges the harsh realities that envelop it. The pillared peak is so representative of its desire to remain connected with the ‘distant-impossible’ 24x7.

Endnote

[1] The protagonist in the film violently revolted against the lack of basic amenities in the interview-space and against the idea of calling so many people for just a couple of vacancies, when people were expected to be selected not on the basis of merit, anyway.

The post, including the text and the photographs, is published under Creative Commons Attribution 4.0 International license, and copyright is retained by the author.

For more details visit https://cis-india.org/raw/blog_mock-calling

Policy Paper on Surveillance in India

vipul — 2015-08-03T15:27:41Z

This policy brief analyses the different laws regulating surveillance at the State and Central level in India and calls out ways in which the provisions are unharmonized. The brief then provides recommendations for the harmonization of surveillance law in India.

Introduction

The current legal framework for surveillance in India is a legacy of the colonial era laws that had been drafted by the British. Surveillance activities by the police are an everyday phenomenon and are included as part of their duties in the various police manuals of the different states. It will become clear from an analysis of the laws and regulations below, that whilst the police manuals cover the aspect of physical surveillance in some detail, they do not discuss the issue of interception of telephone or internet traffic. These issues are dealt with separately under the Telecom Act and the Information Technology Act and the Rules made thereunder, which are applicable to all security agencies and not just the police. Since the Indian laws deal with different aspects of surveillance under different legislations, the regulations dealing with this issue do not have any uniform standards. This paper therefore argues that the need of the hour is to have a single legislation which deals with all aspects of surveillance and interception in one place so that there is uniformity in the laws and practices of surveillance in the entire country.

Legal Regime

India does not have one integrated policy on surveillance and law enforcement and security agencies have to rely upon a number of different sectoral legislations to carry out their surveillance activities. These include:

1. Police Surveillance under Police Acts and Model Police Manual

Article 246(3) of the Constitution of India, read with Entry 2, List II, of the VIIth Schedule, empowers the States to legislate in matters relating to the police. This means that the police force is under the control of the state government rather than the Central government. Consequently, States have their own Police Acts to govern the conduct of the police force. Under the authority of these individual State Police Acts, rules are formulated for day-to-day running of the police. These rules are generally found in the Police Manuals of the individual states. Since a discussion of the Police Manual of each State with its small deviations is beyond the scope of this study, we will discuss the Model Police Manual issued by the Bureau of Police Research and Development.

As per the Model Police Manual, “surveillance and checking of bad characters” is considered to be one of the duties of the police force mentioned in the “Inventory of Police Duties, Functions and Jobs”.[1] Surveillance is also one of the main methods utilized by the police for preventing law and order situations and crimes.[2] As per the Manual the nature and degree of surveillance depends on the circumstances and persons on whom surveillance is mounted and it is only in very rare cases and on rare occasions that round the clock surveillance becomes necessary for a few days or weeks.[3]

Surveillance of History Sheeted Persons: Beat Police Officers should be fully conversant with the movements or changes of residence of all persons for whom history sheets of any category are maintained. They are required to promptly report the exact information to the Station House Officer (SHO), who make entries in the relevant registers. The SHO on the basis of this information reports, by the quickest means, to the SHO in whose jurisdiction the concerned person/persons are going to reside or pass through. When a history-sheeted person is likely to travel by the Railway, intimation of his movements should also be given to the nearest Railway Police Station.[4] It must be noted that the term “history sheet” or “history sheeter” is not defined either in the Indian Penal Code, 1860, most of the State Police Acts or the Model Police Manual, but it is generally understood and defined in the Oxford English Dictionary as persons with a criminal record.

Surveillance of “Bad Characters”: Keeping tabs on and getting information regarding “bad characters” is part of the duties of a beat constable. In the case of a “bad character” who is known to have gone to another State, the SHO of the station in the other state is informed using the quickest means possible followed by sending of a BC Roll 'A' directly to the SHO.[5] When a “bad character” absents himself or goes out of view, whether wanted in a case or not, the information is required to be disseminated to the police stations having jurisdiction over the places likely to be visited by him and also to the neighbouring stations, whether within the State or outside. If such person is traced and intimation is received of his arrest or otherwise, arrangements to get a complete and true picture of his activities are required to be made and the concerned record updated.[6]

The Police Manual clarifies the term “bad characters” to mean “offenders, criminals, or members of organised crime gangs or syndicates or those who foment or incite caste, communal violence, for which history sheets are maintained and require surveillance.”[7] A fascinating glimpse into the history of persons who were considered to be “bad characters” is contained in the article by Surjan Das & Basudeb Chattopadhyay in EPW[8] wherein they bring out the fact that in colonial times a number of the stereotypes propagated by the British crept into their police work as well. It appears that one did not have to be convicted to be a bad character, but people with a dark complexion, strong built, broad chins, deep-set eyes, broad forehead, short hair, scanty or goatee beard, marks on face, moustache, blunt nose, white teeth and monkey-face would normally fit the description of “bad characters”.

Surveillance of Suspicious Strangers: When a stranger of suspicious conduct or demeanour is found within the limits of a police station, the SHO is required to forward a BC Roll to the Police Station in whose jurisdiction the stranger claims to have resided. The receipt of such a roll is required to be immediately acknowledged and replied. If the suspicious stranger states that he resides in another State, a BC Roll is sent directly to the SHO of the station in the other State.[9] The manual however, does not define who a “suspicious stranger” is and how to identify one.

Release of Foreign Prisoners: Before a foreign prisoner (whose finger prints are taken for record) is released the Superintendent of Police of the district where the case was registered is required to send a report to the Director, I.B. through the Criminal Investigation Department informing the route and conveyance by which such person is likely to leave the country.[10]

Shadowing of convicts and dangerous persons: The Police Manual contains the following rules for shadowing the convicts on their release from jails:

(a) Dangerous convicts who are not likely to return to their native places are required to be shadowed. The fact, when a convict is to be shadowed is entered in the DCRB in the FP register and communicated to the Superintendent of Jails.

(b) The Police Officer deputed for shadowing an ex-convict is required to enter the fact in the notebook. The Police Officers area furnished with a challan indicating the particulars of the ex-convict marked for shadowing. This form is returned by the SHO of the area where the ex-convict takes up his residence or passes out of view to the DCRB / OCRS where the jail is situated, where it is put on record for further reference and action if any. Even though the subjects being shadowed are kept in view, no restraint is to put upon their movements on any account.[11]

Apart from the provisions discussed above, there are also provisions in the Police Manual regarding surveillance of convicts who have been released on medical grounds as well as surveillance of ex-convicts who are required to report their movements to the police as per the provisions of section 356 of the Code of Criminal Procedure.[12]

As noted above, the various police manuals are issued under the State Police Acts and they govern the police force of the specific states. The fact that each state has its own individual police manual itself leads to non-uniformity regarding standards and practices of surveillance. But it is not only the legislations at the State levels which lead to this problem, even legislation at the Central level, which are applicable to the country as a whole also have differing standards regarding different aspects of surveillance. In order to explore this further, we shall now discuss the central legislations dealing with surveillance.

2. The Indian Telegraph Act, 1885

Section 5 of the Indian Telegraph Act, 1885, empowers the Central Government and State Governments of India to order the interception of messages in two circumstances: (1) in the occurrence of any public emergency or in the interest of public safety, and (2) if it is considered necessary or expedient to do so in the interest of:[13]

the sovereignty and integrity of India; or
the security of the State; or
friendly relations with foreign states; or
public order; or
for preventing incitement to the commission of an offence.

The Supreme Court of India has specified the terms 'public emergency' and 'public safety', based on the following[14]:

"Public emergency would mean the prevailing of a sudden condition or state of affairs affecting the people at large calling for immediate action. The expression 'public safety' means the state or condition of freedom from danger or risk for the people at large. When either of these two conditions are not in existence, the Central Government or a State Government or the authorised officer cannot resort to telephone tapping even though there is satisfaction that it is necessary or expedient so to do in the interests of it sovereignty and integrity of India etc. In other words, even if the Central Government is satisfied that it is necessary or expedient so to do in the interest of the sovereignty and integrity of India or the security of the State or friendly relations with sovereign States or in public order or for preventing incitement to the commission of an offence, it cannot intercept the message, or resort to telephone tapping unless a public emergency has occurred or the interest of public safety or the existence of the interest of public safety requires. Neither the occurrence of public emergency nor the interest of public safety are secretive conditions or situations. Either of the situations would be apparent to a reasonable person."

In 2007, Rule 419A was added to the Indian Telegraph Rules, 1951 framed under the Indian Telegraph Act which provided that orders on the interception of communications should only be issued by the Secretary in the Ministry of Home Affairs. However, it provided that in unavoidable circumstances an order could also be issued by an officer, not below the rank of a Joint Secretary to the Government of India, who has been authorised by the Union Home Secretary or the State Home Secretary.[15]

According to Rule 419A, the interception of any message or class of messages is to be carried out with the prior approval of the Head or the second senior most officer of the authorised security agency at the Central Level and at the State Level with the approval of officers authorised in this behalf not below the rank of Inspector General of Police, in the belowmentioned emergent cases:

in remote areas, where obtaining of prior directions for interception of messages or class of messages is not feasible; or
for operational reasons, where obtaining of prior directions for interception of message or class of messages is not feasible;

however, the concerned competent authority is required to be informed of such interceptions by the approving authority within three working days and such interceptions are to be confirmed by the competent authority within a period of seven working days. If the confirmation from the competent authority is not received within the stipulated seven days, such interception should cease and the same message or class of messages should not be intercepted thereafter without the prior approval of the Union Home Secretary or the State Home Secretary.[16]

Rule 419A also tries to incorporate certain safeguards to curb the risk of unrestricted surveillance by the law enforcement authorities which include the following:

Any order for interception issued by the competent authority should contain reasons for such direction and a copy of such an order should be forwarded to the Review Committee within a period of seven working days;[17]
Directions for interception should be issued only when it is not possible to acquire the information by any other reasonable means;[18]
The directed interception should include the interception of any message or class of messages that are sent to or from any person n or class of persons or relating to any particular subject whether such message or class of messages are received with one or more addresses, specified in the order being an address or addresses likely to be used for the transmission of communications from or to one particular person specified or described in the order or one particular set of premises specified or described in the order;[19]
The interception directions should specify the name and designation of the officer or the authority to whom the intercepted message or class of messages is to be disclosed to;[20]
The directions for interception would remain in force for sixty days, unless revoked earlier, and may be renewed but the same should not remain in force beyond a total period of one hundred and eighty days;[21]
The directions for interception should be conveyed to the designated officers of the licensee(s) in writing by an officer not below the rank of Superintendent of Police or Additional Superintendent of Police or the officer of the equivalent rank;[22]
The officer authorized to intercept any message or class of messages should maintain proper records mentioning therein, the intercepted message or class of messages, the particulars of persons whose message has been intercepted, the name and other particulars of the officer or the authority to whom the intercepted message or class of messages has been disclosed, etc.;[23]
All the requisitioning security agencies should designate one or more nodal officers not below the rank of Superintendent of Police or the officer of the equivalent rank to authenticate and send the requisitions for interception to the designated officers of the concerned service providers to be delivered by an officer not below the rank of Sub-Inspector of Police;[24]
Records pertaining to directions for interception and of intercepted messages should be destroyed by the competent authority and the authorized security and Law Enforcement Agencies every six months unless these are, or likely to be, required for functional requirements;[25]

According to Rule 419A, service providers \are required by law enforcement to intercept communications are required to comply with the following[26]:

Service providers should designate two senior executives of the company in every licensed service area/State/Union Territory as the nodal officers to receive and handle such requisitions for interception;[27]
The designated nodal officers of the service providers should issue acknowledgment letters to the concerned security and Law Enforcement Agency within two hours on receipt of intimations for interception;[28]
The system of designated nodal officers for communicating and receiving the requisitions for interceptions should also be followed in emergent cases/unavoidable cases where prior approval of the competent authority has not been obtained;[29]
The designated nodal officers of the service providers should forward every fifteen days a list of interception authorizations received by them during the preceding fortnight to the nodal officers of the security and Law Enforcement Agencies for confirmation of the authenticity of such authorizations;[30]
Service providers are required to put in place adequate and effective internal checks to ensure that unauthorized interception of messages does not take place, that extreme secrecy is maintained and that utmost care and precaution is taken with regards to the interception of messages;[31]

Service providers are held responsible for the actions of their employees. In the case of an established violation of license conditions pertaining to the maintenance of secrecy and confidentiality of information and unauthorized interception of communication, action shall be taken against service providers as per the provisions of the Indian Telegraph Act, and this shall not only include a fine, but also suspension or revocation of their license;[32]

Service providers should destroy records pertaining to directions for the interception of messages within two months of discontinuance of the interception of such messages and in doing so they should maintain extreme secrecy.[33]

Review Committee

Rule 419A of the Indian Telegraph Rules requires the establishment of a Review Committee by the Central Government and the State Government, as the case may be, for the interception of communications, as per the following conditions:[34]

(1) The Review Committee to be constituted by the Central Government shall consist of the following members, namely:

(a) Cabinet Secretary - Chairman

(b) Secretary to the Government of India in charge, Legal Affairs - Member

(2) The Review Committee to be constituted by a State Government shall consist of the following members, namely:

(a) Chief Secretary – Chairman

(b) Secretary Law/Legal Remembrancer in charge, Legal Affairs – Member

(3) The Review Committee meets at least once in two months and records its findings on whether the issued interception directions are in accordance with the provisions of sub-section (2) of Section 5 of the Indian Telegraph Act. When the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above it may set aside the directions and order for destruction of the copies of the intercepted message or class of messages;[35]

It must be noted that the Unlawful Activities (Prevention) Act, 1967, (which is currently used against most acts of urban terrorism) also allows for the interception of communications but the procedures and safeguards are supposed to be the same as under the Indian Telegraph Act and the Information Technology Act.[36]

3. Telecom Licenses

The telecom sector in India has seen immense activity in the last two decades ever since it was opened up to private competition. These last twenty years have seen a lot of turmoil and have offered a tremendous learning opportunity for the private players as well as the governmental bodies regulating the sector. Currently any entity wishing to get a telecom license is offered a UL (Unified License) which contains terms and conditions for all the services that a licensee may choose to offer. However there were a large number of other licenses before the current regime, and since the licenses have a long phase out, we have tried to cover what we believe are the four most important licenses issued to telecom operators starting with the CMTS License:

Cellular Mobile Telephony Services (CMTS) License

In terms of National Telecom Policy (NTP)-1994, the first phase of liberalization in mobile telephone service started with issue of 8 licenses for Cellular Mobile Telephony Services (CMTS) in the 4 metro cities of Delhi, Mumbai, Calcutta and Chennai to 8 private companies in November 1994. Subsequently, 34 licenses for 18 Territorial Telecom Circles were also issued to 14 private companies during 1995 to 1998. During this period a maximum of two licenses were granted for CMTS in each service area and these licensees were called 1st & 2nd cellular licensees.[37] Consequent upon announcement of guidelines for Unified Access (Basic & Cellular) Services licenses on 11.11.2003, some of the CMTS operators were permitted to migrate from CMTS License to Unified Access Service License (UASL) but currently no new CMTS and Basic service licenses are being awarded after issuing the guidelines for Unified Access Service Licence (UASL).

The important provisions regarding surveillance in the CMTS License are listed below:

Facilities for Interception: The CMTS License requires the Licensee to provide necessary facilities to the designated authorities for interception of the messages passing through its network.[38]

Monitoring of Telecom Traffic: The designated person of the Central/State Government as conveyed to the Licensor from time to time in addition to the Licensor or its nominee have the right to monitor the telecommunication traffic in every MSC or any other technically feasible point in the network set up by the licensee. The Licensee is required to make arrangement for monitoring simultaneous calls by Government security agencies. The hardware at licensee’s end and software required for monitoring of calls shall be engineered, provided/installed and maintained by the Licensee at licensee’s cost. In case the security agencies intend to locate the equipment at licensee’s premises for facilitating monitoring, the licensee is required to extend all support in this regard including space and entry of the authorised security personnel. The interface requirements as well as features and facilities as defined by the Licensor are to be implemented by the licensee for both data and speech. The Licensee is also required to ensure suitable redundancy in the complete chain of Monitoring equipment for trouble free operations of monitoring of at least 210 simultaneous calls.[39]

Monitoring Records to be maintained: Along with the monitored call following records are to be made available:

Called/calling party mobile/PSTN numbers.
Time/date and duration of interception.
Location of target subscribers. Cell ID should be provided for location of the target subscriber. However, Licensor may issue directions from time to time on the precision of location, based on technological developments and integration of Global Positioning System (GPS) which shall be binding on the LICENSEE.
Telephone numbers if any call-forwarding feature has been invoked by target subscriber.
Data records for even failed call attempts.
CDR (Call Data Record) of Roaming Subscriber.

The Licensee is required to provide the call data records of all the specified calls handled by the system at specified periodicity, as and when required by the security agencies.[40]

Protection of Privacy: It is the responsibility of the Licensee to ensure the protection of privacy of communication and ensure unathorised interception of messages does not take place.[41]

License Agreement for Provision of Internet Services (ISP License)

Internet services were launched in India on 15th August, 1995 by Videsh Sanchar Nigam Limited. In November, 1998, the Government opened up the sector for providing Internet services by private operators. The major provisions dealing with surveillance contained in the ISP License are given below:

Authorization for monitoring: Monitoring shall only be by the authorization of the Union Home Secretary or Home Secretaries of the States/Union Territories.[42]

Access to subscriber list by authorized intelligence agencies and licensor: The complete and up to date list of subscribers will be made available by the ISP on a password protected website – accessible to authorized intelligence agencies.[43] Information such as customer name, IP address, bandwidth provided, address of installation, data of installation, contact number and email of leased line customers shall be included in the website.[44] The licensor or its representatives will also have access to the Database relating to the subscribers of the ISP which is to be available at any instant.[45]

Right to monitor by the central/state government: The designated person of the central/state government or the licensor or nominee will have the right to monitor telecommunications traffic in every node or any other technically feasible point in the network. To facilitate this, the ISP must make arrangements for the monitoring of simultaneous calls by the Government or its security agencies.[46]

Right of DoT to monitor: DoT will have the ability to monitor customers who generate high traffic value and verify specified user identities on a monthly basis.[47]

Provision of mirror images: Mirror images of the remote access information should be made available online for monitoring purposes.[48] A safeguard provided for in the license is that remote access to networks is only allowed in areas approved by the DOT in consultation with the Security Agencies.[49]

Provision of information stored on dedicated transmission link: The ISP will provide the login password to DOT and authorized Government agencies on a monthly basis for access to information stored on any dedicated transmission link from ISP node to subscriber premises.[50]

Provision of subscriber identity and geographic location: The ISP must provide the traceable identity and geographic location of their subscribers, and if the subscriber is roaming – the ISP should try to find traceable identities of roaming subscribers from foreign companies.[51]

Facilities for monitoring: The ISP must provide the necessary facilities for continuous monitoring of the system as required by the licensor or its authorized representatives.[52]

Facilities for tracing: The ISP will also provide facilities for the tracing of nuisance, obnoxious or malicious calls, messages, or communications. These facilities are to be provided specifically to authorized officers of the Government of India (police, customs, excise, intelligence department) when the information is required for investigations or detection of crimes and in the interest of national security.[53]

Facilities and equipment to be specified by government: The types of interception equipment to be used will be specified by the government of India.[54] This includes the installation of necessary infrastructure in the service area with respect to Internet Telephony Services offered by the ISP including the processing, routing, directing, managing, authenticating the internet calls including the generation of Call Details Record, IP address, called numbers, date, duration, time, and charge of the internet telephony calls.[55]

Facilities for surveillance of mobile terminal activity: The ISP must also provide the government facilities to carry out surveillance of Mobile Terminal activity within a specified area whenever requested.[56]

Facilities for monitoring international gateway: As per the requirements of security agencies, every international gateway location having a capacity of 2 Mbps or more will be equipped will have a monitoring center capable of monitoring internet telephony traffic.[57]

Facilities for monitoring in the premise of the ISP: Every office must be at least 10x10 with adequate power, air conditioning, and accessible only to the monitoring agencies. One local exclusive telephone line must be provided, and a central monitoring center must be provided if the ISP has multiple nodal points.[58]

Protection of privacy: There is a responsibility on the ISP to protect the privacy of its communications transferred over its network. This includes securing the information and protecting against unauthorized interception, unauthorized disclosure, ensure the confidentiality of information, and protect against over disclosure of information- except when consent has been given.[59]

Log of users: Each ISP must maintain an up to date log of all users connected and the service that they are using (mail, telnet, http, etc). The ISPs must also log every outward login or telnet through their computers. These logs as well as copies of all the packets must be made available in real time to the Telecom Authority.[60]

Log of internet leased line customers: A record of each internet leased line customer should be kept along with details of connectivity, and reasons for taking the link should be kept and made readily available for inspection.[61]

Log of remote access activities: The ISP will also maintain a complete audit trail of the remote access activities that pertain to the network for at least six months. This information must be available on request for any agency authorized by the licensor.[62]

Monitoring requirements: The ISP must make arrangements for the monitoring of the telecommunication traffic in every MSC exchange or any other technically feasible point, of at least 210 calls simultaneously.[63]

Records to be made available:

CDRS: When required by security agencies, the ISP must make available records of i) called/calling party mobile/PSTN numbers ii) time/date and duration of calls iii) location of target subscribers and from time to time precise location iv) telephone numbers – and if any call forwarding feature has been evoked – records thereof v) data records for failed call attempts vi) CDR of roaming subscriber.[64]
Bulk connections: On a monthly basis, and from time to time, information with respect to bulk connections shall be forwarded to DoT, the licensor, and security agencies.[65]
Record of calls beyond specified threshold: Calls should be checked, analyzed, and a record maintained of all outgoing calls made by customers both during the day and night that exceed a set threshold of minutes. A list of suspected subscribers should be created by the ISP and should be informed to DoT and any officer authorized by the licensor at any point of time.[66]
Record of subscribers with calling line identification restrictions: Furthermore, a list of calling line identification restriction subscribers with their complete address and details should be created on a password protected website that is available to authorized government agencies.[67]

Unified Access Services (UAS) License

Unified Access Services operators provide services of collection, carriage, transmission and delivery of voice and/or non-voice messages within their area of operation, over the Licensee’s network by deploying circuit and/or packet switched equipment. They may also provide Voice Mail, Audiotex services, Video Conferencing, Videotex, E-Mail, Closed User Group (CUG) as Value Added Services over its network to the subscribers falling within its service area on a non-discriminatory basis.

The terms of providing the services are regulated under the Unified Access Service License (UASL) which also contains provisions regarding surveillance/interception. These provisions are regularly used by the state agencies to intercept telephonic and data traffic of subscribers. The relevant terms of the UASL dealing with surveillance and interception are discussed below:

Confidentiality of Information: The Licensee cannot employ bulk encryption equipment in its network. Any encryption equipment connected to the Licensee’s network for specific requirements has to have prior evaluation and approval of the Licensor or officer specially designated for the purpose. However, any encryption equipment connected to the Licensee’s network for specific requirements has to have prior evaluation and approval of the Licensor or officer specially designated for the purpose. However, the Licensee has the responsibility to ensure protection of privacy of communication and to ensure that unauthorised interception of messages does not take place.[68] The Licensee shall take necessary steps to ensure that the Licensee and any person(s) acting on its behalf observe confidentiality of customer information.[69]

Responsibility of the Licensee: The Licensee has to take all necessary steps to safeguard the privacy and confidentiality of any information about a third party and its business to whom it provides the service and from whom it has acquired such information by virtue of the service provided and shall use its best endeavors to secure that :

No person acting on behalf of the Licensee or the Licensee divulges or uses any such information except as may be necessary in the course of providing such service to the third party; and
No such person seeks such information other than is necessary for the purpose of providing service to the third party.[70]

Provision of monitoring facilities: Requisite monitoring facilities /equipment for each type of system used, shall be provided by the service provider at its own cost for monitoring as and when required by the licensor.[71] The license also requires the Licensee to provide necessary facilities to the designated authorities for interception of the messages passing through its network.[72] The licensor in this case is the President of India, as the head of the State, therefore all references to the term licensor can be assumed to be to the government of India (which usually acts through the department of telecom (DOT). For monitoring traffic, the licensee company has to provide access of their network and other facilities as well as to books of accounts to the security agencies.[73]

Monitoring by Designated Person: The designated person of the Central/ State Government as conveyed to the Licensor from time to time in addition to the Licensor or its nominee has the right to monitor the telecommunication traffic in every MSC/Exchange/MGC/MG or any other technically feasible point in the network set up by the Licensee. The Licensee is required to make arrangement for monitoring simultaneous calls by Government security agencies. The hardware at Licensee’s end and software required for monitoring of calls shall be engineered, provided/installed and maintained by the Licensee at Licensee’s cost. However, the respective Government instrumentality bears the cost of user end hardware and leased line circuits from the MSC/ Exchange/MGC/MG to the monitoring centres to be located as per their choice in their premises or in the premises of the Licensee. In case the security agencies intend to locate the equipment at Licensee’s premises for facilitating monitoring, the Licensee should extend all support in this regard including space and entry of the authorized security personnel. The Licensee is required to implement the interface requirements as well as features and facilities as defined by the Licensor for both data and speech. The Licensee is to ensure suitable redundancy in the complete chain of Monitoring equipment for trouble free operations of monitoring of at least 210 simultaneous calls for seven security agencies.[74]

Monitoring Records to be maintained: Along with the monitored call following records are to be made available:

Called/calling party mobile/PSTN numbers.
Time/date and duration of interception.
Location of target subscribers. Cell ID should be provided for location of the target subscriber. However, Licensor may issue directions from time to time on the precision of location, based on technological developments and integration of Global Positioning System (GPS) which shall be binding on the LICENSEE.
Telephone numbers if any call-forwarding feature has been invoked by target subscriber.
Data records for even failed call attempts.
CDR (Call Data Record) of Roaming Subscriber.

The Licensee is required to provide the call data records of all the specified calls handled by the system at specified periodicity, as and when required by the security agencies.[75]

List of Subscribers: The complete list of subscribers shall be made available by the Licensee on their website (having password controlled access), so that authorized Intelligence Agencies are able to obtain the subscriber list at any time, as per their convenience with the help of the password.[76] The Licensor or its representative(s) have an access to the Database relating to the subscribers of the Licensee. The Licensee shall also update the list of his subscribers and make available the same to the Licensor at regular intervals. The Licensee shall make available, at any prescribed instant, to the Licensor or its authorized representative details of the subscribers using the service.[77] The Licensee must provide traceable identity of their subscribers,[78] and should be able to provide the geographical location (BTS location) of any subscriber at a given point of time, upon request by the Licensor or any other agency authorized by it.[79]

CDRs for Large Number of Outgoing Calls: The call detail records for outgoing calls made by subscribers making large number of outgoing calls day and night and to the various telephone numbers should be analyzed. Normally, no incoming call is observed in such cases. This can be done by running special programs for this purpose.[80] Although this provision itself does not say that it is limited to bulk subscribers (subscribers with more than 10 lines), it is contained as a sub-clause of section 41.19 which talks about specific measures for bulk subscribers, therefore it is possible that this provision is limited only to bulk subscribers and not to all subscribers.

No Remote Access to Suppliers: Suppliers/manufacturers and affiliate(s) are not allowed any remote access to the be enabled to access Lawful Interception System(LIS), Lawful Interception Monitoring(LIM), Call contents of the traffic and any such sensitive sector/data, which the licensor may notify from time to time, under any circumstances.[81] The Licensee is also not allowed to use remote access facility for monitoring of content.[82] Further, suitable technical device is required to be made available at Indian end to the designated security agency/licensor in which a mirror image of the remote access information is available on line for monitoring purposes.[83]

Monitoring as per the Rules under Telegraph Act: In order to maintain the privacy of voice and data, monitoring shall be in accordance with rules in this regard under Indian Telegraph Act, 1885.[84] It interesting to note that the monitoring under the UASL license is required to be as per the Rules prescribed under the Telegraph Act, but no mention is made of the Rules under the Information Technology Act.

Monitoring from Centralised Location: The Licensee has to ensure that necessary provision (hardware/ software) is available in its equipment for doing lawful interception and monitoring from a centralized location.[85]

Unified License (UL)

The National Telecom Policy - 2012 recognized the fact that the evolution from analog to digital technology has facilitated the conversion of voice, data and video to the digital form which are increasingly being rendered through single networks bringing about a convergence in networks, services and devices. It was therefore felt imperative to move towards convergence between various services, networks, platforms, technologies and overcome the incumbent segregation of licensing, registration and regulatory mechanisms in these areas. It was for this reason that the Government of India decided to move to the Unified License regime under which service providers could opt for all or any one or more of a number of different services.[86]

Provision of interception facilities by Licensee: The UL requires that the requisite monitoring/ interception facilities /equipment for each type of service, should be provided by the Licensee at its own cost for monitoring as per the requirement specified by the Licensor from time to time.[87] The Licensee is required to provide necessary facilities to the designated authorities of Central/State Government as conveyed by the Licensor from time to time for interception of the messages passing through its network, as per the provisions of the Indian Telegraph Act.[88]

Bulk encryption and unauthorized interception: The UL prohibits the Licensee from employing bulk encryption equipment in its network. Licensor or officers specially designated for the purpose are allowed to evaluate any encryption equipment connected to the Licensee’s network. However, it is the responsibility of the Licensee to ensure protection of privacy of communication and to ensure that unauthorized interception of messages does not take place.[89] The use of encryption by the subscriber shall be governed by the Government Policy/rules made under the Information Technology Act, 2000.[90]

Safeguarding of Privacy and Confidentiality: The Licensee shall take necessary steps to ensure that the Licensee and any person(s) acting on its behalf observe confidentiality of customer information.[91] Subject to terms and conditions of the license, the Licensee is required to take all necessary steps to safeguard the privacy and confidentiality of any information about a third party and its business to whom it provides services and from whom it has acquired such information by virtue of the service provided and shall use its best endeavors to secure that: a) No person acting on behalf of the Licensee or the Licensee divulges or uses any such information except as may be necessary in the course of providing such service; and b) No such person seeks such information other than is necessary for the purpose of providing service to the third party.

Provided the above para does not apply where: a) The information relates to a specific party and that party has consented in writing to such information being divulged or used, and such information is divulged or used in accordance with the terms of that consent; or b) The information is already open to the public and otherwise known.[92]

No Remote Access to Suppliers: Suppliers/manufacturers and affiliate(s) are not allowed any remote access to the be enabled to access Lawful Interception System(LIS), Lawful Interception Monitoring(LIM), Call contents of the traffic and any such sensitive sector/data, which the licensor may notify from time to time, under any circumstances.[93] The Licensee is also not allowed to use remote access facility for monitoring of content.[94] Further, suitable technical device is required to be made available at Indian end to the designated security agency/licensor in which a mirror image of the remote access information is available on line for monitoring purposes.[95]

Monitoring as per the Rules under Telegraph Act: In order to maintain the privacy of voice and data, monitoring shall be in accordance with rules in this regard under Indian Telegraph Act, 1885.[96] Just as in the UASL, the monitoring under the UL license is required to be as per the Rules prescribed under the Telegraph Act, but no mention is made of the Rules under the Information Technology Act.

Terms specific to various services

Since the UL License intends to cover all services under a single license, in addition to the general terms and conditions for interception, it also has terms for each specific service. We shall now discuss the terms for interception specific to each service offered under the Unified License.

Access Service: The designated person of the Central/ State Government, in addition to the Licensor or its nominee, shall have the right to monitor the telecommunication traffic in every MSC/ Exchange/ MGC/ MG/ Routers or any other technically feasible point in the network set up by the Licensee. The Licensee is required to make arrangement for monitoring simultaneous calls by Government security agencies. For establishing connectivity to Centralized Monitoring System, the Licensee at its own cost shall provide appropriately dimensioned hardware and bandwidth/dark fibre upto a designated point as required by Licensor from time to time. In case the security agencies intend to locate the equipment at Licensee’s premises for facilitating monitoring, the Licensee should extend all support in this regard including space and entry of the authorized security personnel.

The Interface requirements as well as features and facilities as defined by the Licensor should be implemented by the Licensee for both data and speech. The Licensee should ensure suitable redundancy in the complete chain of Lawful Interception and Monitoring equipment for trouble free operations of monitoring of at least 480 simultaneous calls as per requirement with at least 30 simultaneous calls for each of the designated security/ law enforcement agencies. Each MSC of the Licensee in the service area shall have the capacity for provisioning of at least 3000 numbers for monitoring. Presently there are ten (10) designated security/ law enforcement agencies. The above capacity provisions and no. of designated security/ law enforcement agencies may be amended by the Licensor separately by issuing instructions at any time.

Along with the monitored call following records are to be made available:

Called/calling party mobile/PSTN numbers.
Time/date and duration of interception.
Location of target subscribers. Cell ID should be provided for location of the target subscriber. However, Licensor may issue directions from time to time on the precision of location, based on technological developments and integration of Global Positioning System (GPS) which shall be binding on the LICENSEE.
Telephone numbers if any call-forwarding feature has been invoked by target subscriber.
Data records for even failed call attempts.
CDR (Call Data Record) of Roaming Subscriber.

The Licensee is required to provide the call data records of all the specified calls handled by the system at specified periodicity, as and when required by the security agencies.[97]

The call detail records for outgoing calls made by those subscribers making large number of outgoing calls day and night to the various telephone numbers with normally no incoming calls, is required to be analyzed by the Licensee. The service provider is required to run special programme, devise appropriate fraud management and prevention programme and fix threshold levels of average per day usage in minutes of the telephone connection; all telephone connections crossing the threshold of usage are required to be checked for bona fide use. A record of check must be maintained which may be verified by Licensor any time. The list/details of suspected subscribers should be informed to the respective TERM Cell of DoT and any other officer authorized by Licensor from time to time.[98]

The Licensee shall provide location details of mobile customers as per the accuracy and time frame mentioned in the Unified License. It shall be a part of CDR in the form of longitude and latitude, besides the co-ordinate of the BTS, which is already one of the mandated fields of CDR. To start with, these details will be provided for specified mobile numbers. However, within a period of 3 years from effective date of the Unified License, location details shall be part of CDR for all mobile calls.[99]

Internet Service: The Licensee is required to maintain CDR/IPDR for Internet including Internet Telephony Service for a minimum period of one year. The Licensee is also required to maintain log-in/log-out details of all subscribers for services provided such as internet access, e-mail, Internet Telephony, IPTV etc. These logs are to be maintained for a minimum period of one year. For the purpose of interception and monitoring of traffic, the copies of all the packets originating from / terminating into the Customer Premises Equipment (CPE) shall be made available to the Licensor/Security Agencies. Further, the list of Internet Lease Line (ILL) customers is to be placed on a password protected website in the format prescribed in the Unified License.[100]

Lawful Interception and Monitoring (LIM) systems of requisite capacities are to be set up by the Licensees for Internet traffic including Internet telephony traffic through their Internet gateways and /or Internet nodes at their own cost, as per the requirement of the security agencies/Licensor prescribed from time to time. The cost of maintenance of the monitoring equipment and infrastructure at the monitoring centre located at the premises of the licensee shall be borne by the Licensee. In case the Licensee obtains Access spectrum for providing Internet Service / Broadband Wireless Access using the Access Spectrum, the Licensee shall install the required Lawful Interception and Monitoring systems of requisite capacities prior to commencement of service. The Licensee, while providing downstream Internet bandwidth to an Internet Service provider is also required to ensure that all the traffic of downstream ISP passing through the Licensee’s network can be monitored in the network of the Licensee. However, for nodes of Licensee having upstream bandwidth from multiple service providers, the Licensee may be mandated to install LIM/LIS at these nodes, as per the requirement of security agencies. In such cases, upstream service providers may not be required to monitor this bandwidth.[101]

In case the Licensee has multiple nodes/points of presence and has capability to monitor the traffic in all the Routers/switches from a central location, the Licensor may accept to monitor the traffic from the said central monitoring location, provided that the Licensee is able to demonstrate to the Licensor/Security Agencies that all routers / switches are accessible from the central monitoring location. Moreover, the Licensee would have to inform the Licensor of every change that takes place in their topology /configuration, and ensure that such change does not make any routers/switches inaccessible from the central monitoring location. Further, Office space of 10 feet x 10 feet with adequate and uninterrupted power supply and air-conditioning which is physically secured and accessible only to the monitoring agencies shall be provided by the Licensee at each Internet Gateway location at its cost.[102]

National Long Distance (NLD) Service: The requisite monitoring facilities are required to be provided by the Licensee as per requirement of Licensor. The details of leased circuit provided by the Licensee is to be provided monthly to security agencies & DDG (TERM) of the Licensed Service Area where the licensee has its registered office.[103]

International Long Distance (ILD) Service: Office space of 20’x20’ with adequate and uninterrupted power supply and air-conditioning which is physically secured and accessible only to the personnel authorized by the Licensor is required to be provided by the Licensee at each Gateway location free of cost.[104] The cost of monitoring equipment is to be borne by the Licensee. The installation of the monitoring equipment at the ILD Gateway Station is to be done by the Licensee. After installation of the monitoring equipment, the Licensee shall get the same inspected by monitoring /security agencies. The permission to operate/commission the gateway will be given only after this.[105]

The designated person of the Central/ State Government, in addition to the Licensor or its nominee, has the right to monitor the telecommunication traffic in every ILD Gateway / Routers or any other technically feasible point in the network set up by the Licensee. The Licensee is required to make arrangement for monitoring simultaneous calls by Government security agencies. For establishing connectivity to Centralized Monitoring System, the Licensee, at its own cost, is required to provide appropriately dimensioned hardware and bandwidth/dark fibre upto a designated point as required by Licensor from time to time. In case the security agencies intend to locate the equipment at Licensee’s premises for facilitating monitoring, the Licensee should extend all support in this regard including Space and Entry of the authorized security personnel. The Interface requirements as well as features and facilities as defined by the Licensor should be implemented by the Licensee for both data and speech. The Licensee should ensure suitable redundancy in the complete chain of Monitoring equipment for trouble free operations of monitoring of at least 480 simultaneous calls as per requirement with at least 30 simultaneous calls for each of the designated security/ law enforcement agencies. Each ILD Gateway of the Licensee shall have the capacity for provisioning of at least 5000 numbers for monitoring. Presently there are ten (10) designated security/ law enforcement agencies. The above capacity provisions and number of designated security/ law enforcement agencies may be amended by the Licensor separately by issuing instructions at any time.[106]

The Licensee is required to provide the call data records of all the specified calls handled by the system at specified periodicity, as and when required by the security agencies in the format prescribed from time to time.[107]

Global Mobile Personal Communication by Satellite (GMPCS) Service: The designated Authority of the Central/State Government shall have the right to monitor the telecommunication traffic in every Gateway set up in India. The Licensee shall make arrangement for monitoring of calls as specified in the Unified License.[108]

The hardware/software required for monitoring of calls shall be engineered, provided/installed and maintained by the Licensee at the ICC (Intercept Control Centre) to be established at the GMPCS Gateway(s) as also in the premises of security agencies at Licensee’s cost. The Interface requirements as well as features and facilities shall be worked out and implemented by the Licensee for both data and speech. The Licensee should ensure suitable redundancy in the complete chain of Monitoring equipment for trouble free operations. The Licensee shall provide suitable training to the designated representatives of the Licensor regarding operation and maintenance of Monitoring equipment (ICC & MC). Interception of target subscribers using messaging services should also be provided even if retrieval is carried out using PSTN links. For establishing connectivity to Centralized Monitoring System, the Licensee at its own cost shall provide appropriately dimensioned hardware and bandwidth/dark fibre upto a designated point as required by Licensor from time to time.[109] The License also has specific obligations to extend monitored calls to designated security agencies as provided in the UL.[110] Further, the Licensee is required to provide the call data records of all the calls handled by the system at specified periodicity, if and as and when required by the security agencies.[111] It is the responsibility of the service provider for Global Mobile Personal Communication by Satellite (GMPCS) to provide facility to carry out surveillance of User Terminal activity.[112]

The Licensee has to make available adequate monitoring facility at the GMPCS Gateway in India to monitor all traffic (traffic originating/terminating in India) passing through the applicable system. For this purpose, the Licensee shall set up at his cost, the requisite interfaces, as well as features and facilities for monitoring of calls by designated agencies as directed by the Licensor from time to time. In addition to the Target Intercept List (TIL), it should also be possible to carry out specific geographic location based interception, if so desired by the designated security agencies. Monitoring of calls should not be perceptible to mobile users either during direct monitoring or when call has been grounded for monitoring. The Licensee shall not prefer any charges for grounding a call for monitoring purposes. The intercepted data is to be pushed to designated Security Agencies’ server on fire and forget basis. No records shall be maintained by the Licensee regarding monitoring activities and air-time used beyond prescribed time limit.

The Licensee has to ensure that any User Terminal (UT) registered in the gateway of another country shall re-register with Indian Gateway when operating from Indian Territory. Any UT registered outside India, when attempting to make/receive calls from within India, without due authority, shall be automatically denied service by the system and occurrence of such attempts along with information about UT identity as well as location shall be reported to the designated authority immediately.

The Licensee is required to have provision to scan operation of subscribers specified by security/ law enforcement agencies through certain sensitive areas within the Indian territory and shall provide their identity and positional location (latitude and longitude) to Licensor on as and when required basis.

Public Mobile Radio Trunking Service (PMRTS): Suitable monitoring equipment prescribed by the Licensor for each type of System used has to be provided by the Licensee at his own cost for monitoring, as and when required.[113]

Very Small Aperture Terminal (VSAT) Closed User Group (CUG) Service: Requisite monitoring facilities/ equipment for each type of system used have to be provided by the Licensee at its own cost for monitoring as and when required by the Licensor.[114] The Licensee shall provide at its own cost technical facilities for accessing any port of the switching equipment at the HUB for interception of the messages by the designated authorities at a location to be determined by the Licensor.[115]

Surveillance of MSS-R Service: The Licensee has to provide at its own cost technical facilities for accessing any port of the switching equipment at the HUB for interception of the messages by the designated authorities at a location as and when required.[116] It is the responsibility of the service provider of INSAT- Mobile Satellite System Reporting (MSS-R) service to provide facility to carry out surveillance of User Terminal activity within a specified area.[117]

Resale of International Private Leased Circuit (IPLC) Service: The Licensee has to take IPLC from the licensed ILDOs. The interception and monitoring of Resellers circuits will take place at the Gateway of the ILDO from whom the IPLC has been taken by the Licensee. The provisioning for Lawful Interception & Monitoring of the Resellers’ IPLC shall be done by the ILD Operator and the concerned ILDO shall be responsible for Lawful Interception and Monitoring of the traffic passing through the IPLC. The Resellers shall extend all cooperation in respect of interception and monitoring of its IPLC and shall be responsible for the interception results. The Licensee shall be responsible to interact, correspond and liaise with the licensor and security agencies with regard to security monitoring of the traffic. The Licensee shall, before providing an IPLC to the customer, get the details of services/equipment to be connected on both ends of IPLC, including type of terminals, data rate, actual use of circuit, protocols/interface to be used etc. The Resellers shall permit only such type of service/protocol on the IPLC for which the concerned ILDO has capability of interception and monitoring. The Licensee has to pass on any direct request placed by security agencies on him for interception of the traffic on their IPLC to the concerned ILDOs within two hours for necessary actions.[118]

4. The Information Technology Act, 2000

The Information Technology Act, 2000, was amended in a major way in 2008 and is the primary legislation which regulates the interception, monitoring, decryption and collection of traffic information of digital communications in India.

More specifically, section 69 of the Information Technology Act empowers the central Government and the state governments to issue directions for the monitoring, interception or decryption of any information transmitted, received or stored through a computer resource. Section 69 of the Information Technology Act, 2000 expands the grounds upon which interception can take place as compared to the Indian Telegraph Act, 1885. As such, the interception of communications under Section 69 is carried out in the interest of[119]:

The sovereignty or integrity of India

Defence of India

Security of the State
Friendly relations with foreign States
Public order
Preventing incitement to the commission of any cognizable offense relating to the above
For the investigation of any offense

While the grounds for interception are similar to the Indian Telegraph Act (except for the condition of prevention of incitement of only cognizable offences and the addition of investigation of any offence) the Information Technology Act does not have the overarching condition that interception can only occur in the case of public emergency or in the interest of public safety.

Additionally, section 69 of the Act mandates that any person or intermediary who fails to assist the specified agency with the interception, monitoring, decryption or provision of information stored in a computer resource shall be punished with imprisonment for a term which may extend to seven years and shall be liable for a fine.[120]

Section 69B of the Information Technology Act empowers the Central Government to authorise the monitoring and collection of information and traffic data generated, transmitted, received or stored through any computer resource for the purpose of cyber security. According to this section, any intermediary who intentionally or knowingly fails to provide technical assistance to the authorised agency which is required to monitor and collection information and traffic data shall be punished with an imprisonment which may extend to three years and will also be liable to a fine.[121]

The main difference between Section 69 and Section 69B is that the first requires the interception, monitoring and decryption of all information generated, transmitted, received or stored through a computer resource when it is deemed “necessary or expedient” to do so, whereas Section 69B specifically provides a mechanism for all metadata of all communications through a computer resource for the purpose of combating threats to “cyber security”. Directions under Section 69 can be issued by the Secretary to the Ministry of Home Affairs, whereas directions under Section 69B can only be issued by the Secretary of the Department of Information Technology under the Union Ministry of Communications and Information Technology.

Overlap with the Telegraph Act

Thus while the Telegraph Act only allows for interception of messages or class of messages transmitted by a telegraph, the Information Technology Act enables interception of any information being transmitted or stored in a computer resource. Since a “computer resource” is defined to include a communication device (such as cellphones and PDAs) there is a overlap between the provisions of the Information Technology Act and the Telegraph Act concerning the provisions of interception of information sent through mobile phones. This is further complicated by the fact that the UAS License specifically states that it is governed by the provisions of the Indian Telegraph Act, the Indian Wireless Telegraphy Act and the Telecom Regulatory Authority of India Act, but does not mention the Information Technology Act.[122] This does not mean that the Licensees under the Telecom Licenses are not bound by any other laws of India (including the Information Technology Act) but it is just an invitation to unnecessary complexities and confusions with regard to a very serious issue such as interception. This situation has thankfully been remedied by the Unified License (UL) which, although issued under section of 4 of the Telegraph Act, also references the Information Technology Act thus providing essential clarity with respect to the applicability of the Information Technology Act to the License Agreement.

Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009

The interception of internet communications is mainly covered by the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009under the Information Technology Act (the “IT Interception Rules”). In particular, the rules framed under Section 69 and 69B include safeguards stipulating to who may issue directions of interception and monitoring, how such directions are to be executed, the duration they remain in operation, to whom data may be disclosed, confidentiality obligations of intermediaries, periodic oversight of interception directions by a Review Committee under the Indian Telegraph Act, the retention of records of interception by intermediaries and to the mandatory destruction of information in appropriate cases.

According to the IT Interception Rules, only the competent authority can issue an order for the interception, monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under sub-section (2) of section 69 of the Information Technology Act.[123] At the State and Union Territory level, the State Secretaries respectively in charge of the Home Departments are designated as “competent authorities” to issue interception directions.[124]In unavoidable circumstances the Joint Secretary to the Government of India, when so authorised by the Competent Authority, may issue an order. Interception may also be carried out with the prior approval of the Head or the second senior most officer of the authorised security agency at the Central Level and at the State Level with the approval of officers authorised in this behalf not below the rank of Inspector General of Police, in the belowmentioned emergent cases:

(1) in remote areas, where obtaining of prior directions for interception or monitoring or decryption of information is not feasible; or

(2) for operational reasons, where obtaining of prior directions for interception or monitoring or decryption of any information generation, transmitted, received or stored in any computer resource is not feasible,

however, in the above circumstances the officer would have to inform the competent authority in writing within three working days about the emergency and of the interception, monitoring or decryption and obtain the approval of the competent authority within a period of seven working days. If the approval of the competent authority is not obtained within the said period of seven working days, such interception or monitoring or decryption shall cease and the information shall not be intercepted or monitored or decrypted thereafter without the prior approval of the competent authority.[125] If a state wishes to intercept information that is beyond its jurisdiction, it must request permission to issue the direction from the Secretary in the Ministry of Home Affairs.[126]

In order to avoid the risk of unauthorised interception, the IT Interception Rules provide for the following safeguards:

If authorised by the competent authority, any agency of the government may intercept, monitor, or decrypt information transmitted, received, or stored in any computer resource only for the purposes specified in section 69(1) of the IT Act.[127]
The IT Interception Rules further provide that the competent authority may give any decryption direction to the decryption key holder.[128]
The officer issuing an order for interception is required to issue requests in writing to designated nodal officers of the service provider.[129]
Any direction issued by the competent authority must contain the reasons for direction, and must be forwarded to the review committee seven days after being issued.[130]
In the case of issuing or approving an interception order, in arriving at its decision the competent authority must consider all alternate means of acquiring the information.[131]
The order must relate to information sent or likely to be sent from one or more particular computer resources to another (or many) computer resources.[132]
The reasons for ordering interceptions must be recorded in writing, and must specify the name and designation of the officer to whom the information obtained is to be disclosed, and also specify the uses to which the information is to be put.[133]
The directions for interception will remain in force for a period of 60 days, unless renewed. If the orders are renewed they cannot be in force for longer than 180 days.[134]
Authorized agencies are prohibited from using or disclosing contents of intercepted communications for any purpose other than investigation, but they are permitted to share the contents with other security agencies for the purpose of investigation or in judicial proceedings. Furthermore, security agencies at the union territory and state level will share any information obtained by following interception orders with any security agency at the centre.[135]
All records, including electronic records pertaining to interception are to be destroyed by the government agency “every six months, except in cases where such information is required or likely to be required for functional purposes”.[136]
The contents of intercepted, monitored, or decrypted information will not be used or disclosed by any agency, competent authority, or nodal officer for any purpose other than its intended purpose.[137]
The agency authorised by the Secretary of Home Affairs is required to appoint a nodal officer (not below the rank of superintendent of police or equivalent) to authenticate and send directions to service providers or decryption key holders.[138]

The IT Interception Rules also place the following obligations on the service providers:

In addition, all records pertaining to directions for interception and monitoring are to be destroyed by the service provider within a period of two months following discontinuance of interception or monitoring, unless they are required for any ongoing investigation or legal proceedings.[139]
Upon receiving an order for interception, service providers are required to provide all facilities, co-operation, and assistance for interception, monitoring, and decryption. This includes assisting with: the installation of the authorised agency's equipment, the maintenance, testing, or use of such equipment, the removal of such equipment, and any action required for accessing stored information under the direction.[140]
Additionally, decryption key holders are required to disclose the decryption key and provide assistance in decrypting information for authorized agencies.[141]

Every fifteen days the officers designated by the intermediaries are required to forward to the nodal officer in charge a list of interceptions orders received by them. The list must include the details such as reference and date of orders of the competent authority.[142]
The service provider is required to put in place adequate internal checks to ensure that unauthorised interception does not take place, and to ensure the extreme secrecy of intercepted information is maintained.[143]
The contents of intercepted communications are not allowed to be disclosed or used by any person other than the intended recipient.[144]
Additionally, the service provider is required to put in place internal checks to ensure that unauthorized interception of information does not take place and extreme secrecy is maintained. This includes ensuring that the interception and related information are handled only by the designated officers of the service provider.[145]

Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009

The Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009, under section 69B of the Information Technology Act, stipulate that directions for the monitoring and collection of traffic data or information can be issued by an order made by the competent authority[146] for any or all of the following purposes related to cyber security:

forecasting of imminent cyber incidents;
monitoring network application with traffic data or information on computer resource;
identification and determination of viruses or computer contaminant;
tracking cyber security breaches or cyber security incidents;
tracking computer resource breaching cyber security or spreading virus or computer contaminants;
identifying or tracking any person who has breached, or is suspected of having breached or likely to breach cyber security;
undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resources;
accessing stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force;
any other matter relating to cyber security.[147]

According to these Rules, any direction issued by the competent authority should contain reasons for such direction and a copy of such direction should be forwarded to the Review Committee within a period of seven working days.[148] Furthermore, these Rules state that the Review Committee shall meet at least once in two months and record its finding on whether the issued directions are in accordance with the provisions of sub-section (3) of section 69B of the Act. If the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issue an order for the destruction of the copies, including corresponding electronic record of the monitored or collected traffic data or information.[149]

Information Technology (Guidelines for Cyber Cafes) Rules, 2011

The Information Technology (Guidelines for Cyber Cafes) Rules, 2011, were issued under powers granted under section 87(2), read with section 79(2) of the Information Technology Act, 2000.[150] These rules require cyber cafes in India to store and maintain backup logs for each login by any user, to retain such records for a year and to ensure that the log is not tampered. Rule 7 requires the inspection of cyber cafes to determine that the information provided during registration is accurate and remains updated.

5. The Indian Post Office Act, 1898
Section 26 of the Indian Post Office Act, 1898, empowers the Central Government and the State Governments to intercept postal articles.[151] In particular, section 26 of the Indian Post Office Act, 1898, states that on the occurrence of any public emergency or in the interest of public safety or tranquility, the Central Government, State Government or any officer specially authorised by the Central or State Government may direct the interception, detention or disposal of any postal article, class or description of postal articles in the course of transmission by post. Furthermore, section 26 states that if any doubt arises regarding the existence of public emergency, public safety or tranquility then a certificate to that effect by the Central Government or a State Government would be considered as conclusive proof of such condition being satisfied.

According to this section, the Central Government and the State Governments of India can intercept postal articles if it is deemed to be in the instance of a 'public emergency' or for 'public safety or tranquility'. However, the Indian Post Office Act, 1898, does not cover electronic communications and does not mandate their interception, which is covered by the Information Technology Act, 2000 and the Indian Telegraph Act, 1885.

6. The Indian Wireless Telegraphy Act, 1933
The Indian Wireless Telegraphy Act was passed to regulate and govern the possession of wireless telegraphy equipment within the territory of India. This Act essentially provides that no person can own “wireless telegraphy apparatus”[152] except with a license provided under this Act and must use the equipment in accordance with the terms provided in the license.[153]

One of the major sources of revenue for the Indian State Broadcasting Service was revenue from the licence fee from working of wireless apparatus under the Indian Telegraph Act, 1885.The Indian State Broadcasting Service was losing revenue due to lack of legislation for prosecuting persons using unlicensed wireless apparatus as it was difficult to trace them at the first place and then prove that such instrument has been installed, worked and maintained without licence. Therefore, the current legislation was proposed, in order to prohibit possession of wireless telegraphy apparatus without licence.

Presently the Act is used to prosecute cases, related to illegal possession and transmission via satellite phones. Any person who wishes to use satellite phones for communication purposes has to get licence from the Department of Telecommunications.[154]

7. The Code of Criminal Procedure
Section 91 of the Code of Criminal Procedure regulates targeted surveillance. In particular, section 91 states that a Court in India or any officer in charge of a police station may summon a person to produce any document or any other thing that is necessary for the purposes of any investigation, inquiry, trial or other proceeding under the Code of Criminal Procedure.[155] Under section 91, law enforcement agencies in India could theoretically access stored data. Additionally, section 92 of the Code of Criminal Procedure regulates the interception of a document, parcel or thing in the possession of a postal or telegraph authority.

Further section 356(1) of the Code of Criminal Procedure provides that in certain cases the Courts have the power to direct repeat offenders convicted under certain provisions, to notify his residence and any change of, or absence from, such residence after release for a term not exceeding five years from the date of the expiration of the second sentence.

Policy Suggestions

In order to avoid the different standards being adopted for different aspects of surveillance and in different parts of the country, there should be one single policy document or surveillance and interception manual which should contain the rules and regulations regarding all kinds of surveillance. This would not only help in identifying problems in the law but may also be useful in streamlining the entire surveillance regime. However it is easier said than done and requires a mammoth effort at the legislative stage. This is because under the Constitutional scheme of India law and order is a State subject and the police machinery in every State is under the authority of the State government. Therefore it would not be possible to issue a single legislation dealing with all aspects of surveillance since the States are independent in their powers to deal with the police machinery.

Even when we look at the issue of interception, certain state legislations especially the ones dealing with organized crime and bootleggers such as the Maharashtra Control of Organized Crime Act, 1999, the Andhra Pradesh Control of Organized Crime Act, 2001, also deal with the issue of interception and contain provisions empowering the state government to intercept communications for the purpose of using it to investigate or prevent criminal activities. Further even the two central level legislations that deal with interception, viz. the Telegraph Act and the Information Technology Act, specifically empower the State governments also to intercept communications on the same grounds as the Central Government. Since interception of communications is mostly undertaken by security and law enforcement agencies, broadly for the maintenance of law and order, State governments cannot be prevented from issuing their own legislations to deal with interception.

Due to the abovementioned legal and constitutional complexities the major problem in achieving harmonization is to get both the Central and State governments on to the same page. Even if the Central government amends the Telegraph Act and the IT Act to bring them in line with each other, the State governments will still be free to do whatever they please. Therefore it seems the best approach in order to achieve harmonization may be to have a two pronged strategy, i.e. (i) issue a National Surveillance Policy covering both interception and general surveillance; and (ii) amend the central legislations i.e. the Telegraph Act and the Information Technology Act in accordance with the National Surveillance Policy. Once a National Surveillance Policy, based on scientific data and the latest theories on criminology is issued, it is hoped that State governments will themselves like to adopt the principles enshrined therein and amend their own legislations dealing with interception to fall in line with the National Surveillance Policy.

[1] Section 6(2)(b) of the Model Police Manual.

[2] Section 191 (D) of the Model Police Manual.

[3] Section 200 (D) of the Model Police Manual.

[4] Section 2011 (I) of the Model Police Manual.

[5] Section 201 (II) of the Model Police Manual.

[6] Section 201 (IV) of the Model Police Manual.

[7] Section 193 (III) of the Model Police Manual.

[8] Surjan Das & Basudeb Chattopadhyay, Rural Crime in Police Perception: A Study of Village Crime Note Books, 26(3) Economic and Political Weekly 129, 129 (1991).

[9] Section 201 (III) of the Model Police Manual.

[10] Section 201 (V) of the Model Police Manual.

[11] Section 201 (VII) of the Model Police Manual.

[12] Section 356(1) of the Criminal Procedure Code states as follows:

356. Order for notifying address of previously convicted offender.

(1) When any person, having been convicted by a Court in India of an offence punishable under section 215, section 489A, section 489B, section 489C or section 489D of the Indian Penal Code, (45 of 1860 ) or of any offence punishable under Chapter XII or Chapter XVII of that Code, with imprisonment for a term of three years or upwards, is again convicted of any offence punishable under any of those sections or Chapters with imprisonment for a term of three years or upwards by any Court other than that of a Magistrate of the second class, such Court may, if it thinks fit, at the time of passing a sentence of imprisonment on such person, also order that his residence and any change of, or absence from, such residence after release be notified as hereinafter provided for a term not exceeding five years from the date of the expiration of such sentence.

[13] The Indian Telegraph Act, 1885, http://www.ijlt.in/pdffiles/Indian-Telegraph-Act-1885.pdf

[14] Privacy International, Report: “India”, Chapter 3: “Surveillance Policies”, https://www.privacyinternational.org/reports/india/iii-surveillance-policies

[15] Rule 419A(1), Indian Telegraph Rules, 1951.

[16] Rule 419A(1), Indian Telegraph Rules, 1951.

[17] Rule 419A(2), Indian Telegraph Rules, 1951.

[18] Rule 419A(3), Indian Telegraph Rules, 1951.

[19] Rule 419A(4), Indian Telegraph Rules, 1951.

[20] Rule 419A(5), Indian Telegraph Rules, 1951.

[21] Rule 419A(6), Indian Telegraph Rules, 1951.

[22] Rule 419A(7), Indian Telegraph Rules, 1951.

[23] Rule 419A(8), Indian Telegraph Rules, 1951.

[24] Rule 419A(9), Indian Telegraph Rules, 1951.

[25] Rule 419A(18), Indian Telegraph Rules, 1951.

[26] Ibid.

[27] Rule 419A(10), Indian Telegraph Rules, 1951.

[28] Rule 419A(11), Indian Telegraph Rules, 1951.

[29] Rule 419A(12), Indian Telegraph Rules, 1951.

[30] Rule 419A(13), Indian Telegraph Rules, 1951.

[31] Rule 419A(14), Indian Telegraph Rules, 1951.

[32] Rule 419A(15), Indian Telegraph Rules, 1951.

[33] Rule 419A(19), Indian Telegraph Rules, 1951.

[34] Ibid.

[35] Ibid.

[36] Section 46 of the Unlawful Activities Prevention Act, 1967. The Unlawful Activities (Prevention) Act, 1967 has certain additional safeguards such as not allowing intercepted information to be disclosed or received in evidence unless the accused has been provided with a copy of the same atleast 10 days in advance, unless the period of 10 days is specifically waived by the judge.

[37] State owned Public Sector Undertakings (PSUs) (Mahanager Telephone Nigam Limited (MTNL) and Bharat Sanchar Nigam Limited (BSNL)) were issued licenses for provision of CMTS as third operator in various parts of the country. Further, 17 fresh licenses were issued to private companies as fourth cellular operator in September/ October, 2001, one each in 4 Metro cities and 13 Telecom Circles.

[38] Section 45.2 of the CMTS License.

[39] Section 41.09 of the CMTS License.

[40] Section 41.09 of the CMTS License.

[41] Section 44.4 of the CMTS License. Similar provision exists in section 44.11 of the CMTS License.

[42] Section 34.28 (xix) of the ISP License.

[43] Section 34.12 of the ISP License.

[44] Section 34.13 of the ISP License.

[45] Section 34.22 of the ISP License.

[46] Section 34.6 of the ISP License.

[47] Section 34.15 of the ISP License.

[48] Section 34.28 (xiv) of the ISP License.

[49] Section 34.28 (xi) of the ISP License.

[50] Section 34.14 of the ISP License.

[51] Section 34.28 (ix)&(x) of the ISP License.

[52] Section 30.1 of the ISP License.

[53] Section 33.4 of the ISP License.

[54] Section 34.4 of the ISP License.

[55] Section 34.7 of the ISP License.

[56] Section 34.9 of the ISP License.

[57] Section 34.27 (a)(i) of the ISP License.

[58] Section 34.27(a)(ii-vi) of the ISP License.

[59] Section 32.1, 32.2 (i)(ii), 32.3 of the ISP License.

[60] Section 34.8 of the ISP License.

[61] Section 34.18 of the ISP License.

[62] Section 34.28 (xv) of the ISP License.

[63] Section 41.10 of the ISP License.

[64] Section 41.10 of the ISP License.

[65] Section 41.19(i) of the ISP License.

[66] Section 41.19(ii) of the ISP License.

[67] Section 41.19(iv) of the ISP License.

[68] Section 39.1 of the UASL. Similar provision is contained in section 41.4, 41.12 of the UASL.

[69] Section 39.3 of the UASL.

[70] Section 39.2 of the UASL.

[71] Section 23.2 of the UASL. Similar provisions are contained in section 41.7 of the UASL regarding provision of monitoring equipment for monitoring in the “interest of security”.

[72] Section 42.2 of the UASL.

[73] Section 41.20(xx) of the UASL.

[74] Section 41.10 of the UASL.

[75] Section 41.10 of the UASL.

[76] Section 41.14 of the UASL.

[77] Section 41.16 of the UASL.

[78] Section 41.20(ix) of the UASL.

[79] Section 41.20(ix) of the UASL.

[80] Section 41.19(ii) of the UASL.

[81] Section 41.20(xii) of the UASL.

[82] Section 41.20(xiii) of the UASL.

[83] Section 41.20(xiv) of the UASL.

[84] Section 41.20 (xix) of the UASL.

[85] Section 41.20(xvi) of the UASL.

[86] The different services covered by the Unified License are:

a. Unified License (All Services)

b. Access Service (Service Area-wise)

c. Internet Service (Category-A with All India jurisdiction)

d. Internet Service (Category-B with jurisdiction in a Service Area)

e. Internet Service (Category-C with jurisdiction in a Secondary Switching Area)

f. National Long Distance (NLD) Service

g. International Long Distance (ILD) Service

h. Global Mobile Personal Communication by Satellite (GMPCS) Service

i. Public Mobile Radio Trunking Service (PMRTS) Service

j. Very Small Aperture Terminal (VSAT) Closed User Group (CUG) Service

k. INSAT MSS-Reporting (MSS-R) Service

l. Resale of International private Leased Circuit (IPLC) Service

Authorisation for Unified License (All Services) would however cover all services listed at para 2(ii) (b) in all service areas, 2 (ii) (c), 2(ii) (f) to 2(ii) (l) above.

[87] Chapter IV, Para 23.2 of the UL.

[88] Chapter VI, Para 40.2 of the UL.

[89] Chapter V, Para 37.1 of the UL. Similar provision is contained in Chapter VI, Para 39.4,

[90] Chapter V, Para 37.5 of the UL/

[91] Chapter V, Para 37.3 of the UL.

[92] Chapter V, Para 37.2 of the UL.

[93] Chapter VI, Para 39.23(xii) of the UL.

[94] Chapter VI, Para 39.23 (xiii) of the UL.

[95] Chapter VI, Para 39.23 (xiv) of the UL.

[96] Chapter VI, Para 39.23 (xix) of the UL.

[97] Chapter VIII, Para 8.3 of the UL.

[98] Chapter VIII, Para 8.4 of the UL.

[99] Chapter VIII, Para 8.5 of the UL.

[100] Chapter IX, Paras 7.1 to 7.3 of the UL. Further obligations have also been imposed on the Licensee to ensure that its ILL customers maintain the usage of IP addresses/Network Address Translation (NAT) syslog, in case of multiple users on the same ILL, for a minimum period of one year.

[101] Chapter IX, Paras 8.1 to 8.3 of the UL.

[102] Chapter IX, Paras 8.4 and 8.5 of the UL.

[103] Chapter X, Para 5.2 of the UL.

[104] Chapter XI, Para 6.3 of the UL.

[105] Chapter XI, Para 6.4 of the UL.

[106] Chapter XI, Para 6.6 of the UL.

[107] Chapter XI, Para 6.7 of the UL.

[108] Chapter XII, Para 7.4 of the UL.

[109] Chapter XII, Para 7.5 of the UL.

[110] Chapter XII, Para 7.6 of the UL.

[111] Chapter XII, Para 7.7 of the UL.

[112] Chapter XII, Para 7.8 of the UL.

[113] Chapter XIII, Para 7.1 of the UL.

[114] Chapter XIV, Para 8.1 of the UL.

[115] Chapter XIV, Para 8.2 of the UL.

[116] Chapter XV, Para 8.1 of the UL.

[117] Chapter XV, Para 8.5 of the UL.

[118] Chapter XVI, Paras 4.1 - 4.4 of the UL.

[119] Section 69 of the Information Technology Act, 2000.

[120] Ibid.

[121] Section 69B of the Information Technology Act, 2000.

[122] Section 32 of the ISP License.

[123] Rule 3, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[124] Rule 2(d), Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[125] Rule 3, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[126] Rule 6, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[127] Rule 4, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[128] Rule 5, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[129] Rule 13, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[130] Rule 7, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[131] Rule 8, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[132] Rule 9, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[133] Rule 10, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[134] Rule 11, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[135] Rule 25(2)&(6), Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[136] Rule 23, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[137] Rule 25, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[138] Rule 12, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[139] Rule 23(2), Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[140] Rule 19, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[141] Rule 17, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[142] Rule 18, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[143] Rule 20& 21, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[144] Rule 25, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[145] Rule 20, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[146] Rule 3(1) of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.

[147] Rule 3(2) of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.

[148] Rule 3(3) of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.

[149] Rules 7 of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.

[150] Introduction to the Information Technology (Guidelines for Cyber Cafe) Rules, 2011.

[151] The Indian Post Office Act, 1898, http://www.indiapost.gov.in/Pdf/Manuals/TheIndianPostOfficeAct1898.pdf

[152] The expression “wireless telegraphy apparatus” has been defined as “any apparatus, appliance, instrument or material used or capable of use in wireless communication, and includes any article determined by rule made under Sec. 10 to be wireless telegraphy apparatus, but does not include any such apparatus, appliance, instrument or material commonly used for other electrical purposes, unless it has been specially designed or adapted for wireless communication or forms part of some apparatus, appliance, instrument or material specially so designed or adapted, nor any article determined by rule made under Section 10 not to be wireless telegraphy apparatus;”

[153] Section 4, Wireless Telegraphy Act, 1933.

[154] Snehashish Ghosh, Indian Wireless Telegraphy Act, 1933, http://cis-india.org/telecom/resources/indian-wireless-telegraphy-act.

[155] The Code of Criminal Procedure, 1973, Section 91, http://www.icf.indianrailways.gov.in/uploads/files/CrPC.pdf

For more details visit https://cis-india.org/internet-governance/blog/policy-paper-on-surveillance-in-india

July 2015 Bulletin

praskrishna — 2015-11-21T16:23:52Z

Our newsletter for the month of July is below:

We are happy to share with you the seventh issue of the Centre for Internet and Society (CIS) newsletter (July 2015). The past editions of the newsletter can be accessed at http://cis-india.org/about/newsletters.

Highlights

NVDA team conducted a training at SIES College, Sion, Mumbai. Thirty-four delegates attended the training programme. A training workshop was held at Anne Jane Askwith Higher Secondary School for the Visually Impaired, Palayamkottai, Tirunelveli by NVDA team. Sixteen delegates participated in this. Konkani Wikipedia is the second Wikimedia project after Odia Wikisource that has gone live out of incubation. The project stayed in the incubation for nine long years and the community has gone through a long debate to have a Wikipedia of their own. Subhashish Panigrahi has blogged on this highlighting the three Konkani Wikimedians. The 30^th Session of the WIPO Standing Committee on Copyrights and Related Rights was held in Geneva from June 29 to July 3. Nehaa Chaudhari prepared a statement about the negotiations on the Proposed Treaty for Broadcasting Organisations. Sumandro Chattapadhyay wrote an article in the Hindustan Times about India’s “Digital India” initiative to develop communication infrastructure, government information systems, and general capacity to digitise public life in India. CIS published the first draft of its analysis on technology business incubators ("TBI") in India. The report prepared by Sunil Abraham, Vidushi Marda, Udbhav Tiwari and Anumeha Karnatak looks at operating procedures, success stories and lessons that can be learnt from TBIs in India. Pranesh Prakash did a brief analysis about the Department of Telecommunications Panel Report on Net Neutrality. CIS has participated in the Expert Committee for DNA Profiling constituted by the Department of Biotechnology in 2012 for the purpose of deliberating on and finalizing the draft Human DNA Profiling Bill and appreciates this opportunity. CIS has prepared a dissent note to the Expert Committee on DNA Profiling. In the last few decades, all major common law jurisdictions have decriminalised non-procreative sex – oral and anal sex (sodomy) – to allow private, consensual, and non-commercial homosexual intercourse. Bhairav Acharya brought out the developments from across the world in a blog entry. As part of its project on mapping cyber security actors in South Asia and South East Asia, CIS conducted interviews with a Tibetan security researcher and information activist and Shantanu Ghosh, Managing Director, Symantec Product Operations, India. CIS, the Observer Research Foundation, the Internet Policy Observatory, the Centre for Global Communication Studies and the Annenberg School for Communication, University of Pennsylvania had organized a conference in April in New Delhi. The findings have been condensed in a report titled “Effective research, policy formulation, and the development of regulatory frameworks in South Asia”. Pranesh Prakash in a research paper titled Regulatory Perspectives on Net Neutrality gives an overview on why India needs to put in place net neutrality regulations, and the form that those regulations must take to avoid being over-regulation. Rakshanda Deka undertook an analysis on the anti-spam laws in different jurisdictions. This analysis is a part of a larger attempt at formulating a model anti-spam law for India by analysing the existing spam laws across the world. As part of the 'Studying Internets in India' series, RAW has published blog entries on WhatsApp and the Creation of a Transnational Sociality; Users and the Internet; Effective Activism: The Internet, Social Media, and Hierarchical Activism in New Delhi; Studying the Internet Discourse in India through the Prism of Human Rights; and 'Originality,' 'Authenticity,' and 'Experimentation': Understanding Tagore’s Music on YouTube. The National Optic Fibre Network, a part of the Government's Digital India Initiative, has been in the news since the recent Expert Committee Report. Aditya Garg in a blog entry examined the accountability of the funding of the project.

Accessibility and Inclusion

Under a grant from the Hans Foundation we are doing two projects. The first project is on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India. CIS in partnership with CLPR (Centre for Law and Policy Research) compiled the National Compendium of Policies, Programmes and Schemes for Persons with Disabilities (29 states and 6 union territories). The publication has been finalised and is being printed. The draft chapters and the quarterly reports can be accessed on the project page. The second project is on developing text-to-speech software for 15 Indian languages. The progress made so far in the project can be accessed here.

NVDA and eSpeak

Monthly Updates

July 2015 Report (Suman Dogra; July 31, 2015).

Event Reports

The training programmes were held in June and the reports were published in July:

Tamil Computing with NVDA Training Workshop (Organized by NVDA team: Anne Jane Ask with Higher Secondary School for the Visually Impaired, Palayamkottai, Tirunelveli; June 3 – 7, 2015).
Training in eSpeak Marathi (Organized by NVDA team; SIES College, Sion, Mumbai; June 28, 2015).

Access to Knowledge

As part of the Access to Knowledge programme we are doing two projects. The first one (Pervasive Technologies) under a grant from the International Development Research Centre (IDRC) is for research on the complex interplay between pervasive technologies and intellectual property to support intellectual property norms that encourage the proliferation and development of such technologies as a social good. The second one (Wikipedia) under a grant from the Wikimedia Foundation is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Submission / Comment

Statement by the Centre for Internet and Society on the Broadcast Treaty at SCCR 30 (Nehaa Chaudhari; July 2, 2015).

Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

Reading Devanagari Script based sites like Konkani Wikipedia in Kannada Script (Dr. U.B. Pavanaja; July 13, 2015).
Konkani Wikipedia Goes Live After 'Nine Years' of Incubation (Subhashish Panigrahi; July 18, 2015).

Events Co-organized

Christ University Undergraduate Programme (Organized by CIS-A2K; Bangalore; July 1 - 8, 2015). Students were initiated into the Wikimedia activities with hands on sessions of typing on Wikisource. Faculty of the Christ University helped the A2K team in deciding on the texts that were to be typed. These texts will provide much needed impetus for Wikisource related activities in Indian Languages. Wikipedia Education Programme at Christ University received support from Ravishankar.A of the Tamil Wikimedia community and Sayant Mahato from Sanskrit Wikimedia community.
Aloysius College (Organized by CIS-A2K; Mangalore; July 1 – 4, 2015). Tulu and Kannada Wikipedia workshops were conducted in St. Aloysis College, Mangalore. Tulu Wikipedia is in Incubator and a small community is growing in Mangalore. Pavanaja U.B. and Rahmanuddin Shaik participated in this events.
Media Wiki Train the Trainer Program (Organized by CIS-A2K; Bangalore; June 24 – 27, 2015): A four-day long train-the-trainer program aimed at building leadership among technical contributors to Indic language Wikimedians in the areas of bugs, bots--Pywikipedia and Auto Wiki Browser, various MediaWiki tools, and translations. Ravishankar A. from Wikimedia India, MediaWiki developers Pavithra H., Yogesh Omshivaprakash H.L. and Harsh Kothari, and Tamil Wikimedian Dineshkumar Ponnusamy provided support for the event.

Participation in Events

Wikimania 2015 (Organized by Wikimedia Foundation; Mexico City; July 15 - 19, 2015): A whole day was dedicated for evaluation of strategies and activities by various major stakeholders of the Wikimedia movement. Community members who lead major activities, Wikimedia chapters, affiliate organizations and Wikimedia Foundation itself took part in the discussions. There were several group activities, exchange of ideas focused on project and community level outreach and other activities, tools and techniques, and best practices. Subhashish Panigrahi participated in this event and gave a talk on How to do Guerrilla GLAM. Subhashish Panigrahi was a panelist along with Rohini Lakshané in the session “Edit-a-thons for Bridging the Gender Gap on Wikimedia: A Panel Discussion”. An Indic Meet-up was also organized. Wikimedians from India, Bangladesh and Nepal representing various language communities, Wikimedia India, Wikimedia Bangladesh, Wikimedia Nepal, and Access to Knowledge (CIS-A2K) gathered to discuss about various challenges, cross-community collaborative projects, organizing larger events, and strategies to grow the Wikimedia movement in South Asia.
Classical Languages in the Digital Era Conference (Organized by Central Institute of Indian Languages, Mysore; July 17, 2015) Tanveer Hasan participated in this conference aimed at discussing about the future of Indian classical languages in the digital era.

Media Coverage

Not many contributors for Kannada-centric Wiki page (The Times of India, July 5, 2015)
Upload More Kannada Articles on Wikipedia (Indian Express, July 5, 2015)
Kannada Wikipedia Workshop in Mangaluru (Udayavani; July 5, 2015)
Kannada Wikipedia Workshop in Mangaluru (Prajavani; July 5, 2015)

Staff Movement

Tito Dutta, Luis Gomes and Abhinav Garule have joined the CIS-A2K team as Programme Associates from March this year. Tito is working for internal documentation and resource building, and Luis and Abhinav are implementing the Konkani and Marathi work plan respectively along with community liaison.

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and International Development Research Centre (IDRC)) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on studying the restrictions placed on freedom of expression online by the Indian government.

Free Speech and Expression

Blog Entries

Regulatory Perspectives on Net Neutrality (Pranesh Prakash; July 8, 2015). Vidushi Marda and Tarun Krishnakumar assisted Pranesh Prakash in this.
Free Speech Policy in India: Community, Custom, Censorship, and the Future of Internet Regulation (Bhairav Acharya; July 13, 2015).
Net Neutrality and the Law of Common Carriage (Bhairav Acharya; July 14, 2015).
Freedom of Expression in a Digital Age (Geetha Hariharan and Jyoti Panday; July 14, 2015). CIS, the Observer Research Foundation, the Internet Policy Observatory, the Centre for Global Communication Studies and the Annenberg School for Communication, University of Pennsylvania organized this conference on April 21, 2015 in New Delhi. Elonnai Hickok edited the report.
Clearing Misconceptions: What the DoT Panel Report on Net Neutrality Says (and Doesn't) (Pranesh Prakash; July 21, 2015).
Role of Intermediaries in Countering Online Abuse (Jyoti Panday; July 31, 2015). This got published as two blog entries in the NALSAR Law Tech Blog. Part 1 can be accessed here and Part 2 here.

Event Co-organized

A Public Discussion on Criminal Defamation in India (Organized by CIS, the Network of Women in Media, India; and Media Watch; Bangalore; July 29, 2015). The event was a public discussion about the continued criminalisation of defamation in India.

Participation in Event

Roundtable discussion on WHOIS (Organized by Department of Electronics & Information Technology (DeitY), Govt. of India; July 28, 2015; New Delhi). Sunil Abraham and Vidushi Marda participated in the discussion remotely. Aditya Garg attended in person.

Privacy

Blog Entries

Anti-Spam Laws in Different Jurisdictions: A Comparative Analysis (Rakshanda Deka; July 2, 2015).
A Dissent Note to the Expert Committee for DNA Profiling (Elonnai Hickok; July 17, 2015). Click for DNA Bill Functions, DNA List of Offences, and CIS Note on DNA Bill. A modified version was published by Citizen Matters Bangalore on July 28.
Privacy, Autonomy, and Sexual Choice: The Common Law Recognition of Homosexuality (Bhairav Acharya; July 18, 2015).
Aadhaar Number vs the Social Security Number (Elonnai Hickok; July 21, 2015).

Participation in Event

7th Best Practices Meet 2015 (Organized by Data Security Council of India; Bangalore; July 9 – 10, 2015). Sunil Abraham was a panelist in the session "Architecting Security for transformation to Digital India". Elonnai Hickok was a panelist in the session "Steering privacy in the age of extreme innovation technology & business models."

Cyber Security

Videos

Cyber Security Series Part 23 (Purba Sarkar; July 13, 2015). CIS interviews a Tibetan security researcher and information activist.
Cyber Security Series Part 24 (Purba Sarkar; July 15, 2015). CIS interviews Shantanu Ghosh, Managing Director, Symantec Product Operations, India, as part of the Cybersecurity Series.

Miscellaneous

Article

Iron out contradictions in the Digital India programme (Sumandro Chattapadhyay; Hindustan Times; July 28, 2015).

Research Paper

First draft of Technology Business Incubators: An Indian Perspective and Implementation Guidance Report (Sunil Abraham, Vidushi Marda, Udbhav Tiwari and Anumeha Karnatak; July 25, 2015).

Telecom

CIS is involved in promoting access and accessibility to telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Op-ed

The Centrality of Cash Flows (Shyam Ponappa; Business Standard; July 1, 2015 and Organizing India Blogspot; July 2, 2015).

Blog Entry

Funding of National Optic Fibre Network (NOFN) - Who's Accountable? (Aditya Garg; July 17, 2015).

Researchers at Work

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by contemporary concerns to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It is interested in producing local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Blog Entries

WhatsApp and the Creation of a Transnational Sociality (Maitrayee Deka; July 1, 2015).
Users and the Internet (Purbasha Auddy; July 10, 2015).
Effective Activism: The Internet, Social Media, and Hierarchical Activism in New Delhi (Sarah McKeever; July 16, 2015).
Studying the Internet Discourse in India through the Prism of Human Rights (Deva Prasad M.; July 22, 2015).
'Originality,' 'Authenticity,' and 'Experimentation': Understanding Tagore’s Music on YouTube) (Ipsita Sengupta; July 27, 2015).

News & Media Coverage

CIS gave its inputs to the following media coverage:

'IRCTC’s Aadhaar play can violate SC order and derail National Security' (Shubhra Rishi; CIO.IN; July 1, 2015).
The Digital Divide: pros and cons of Modi's latest big initiative (Suhas Munshi; July 2, 2015).
Corporate push to Modi’s Rs.4.5-billion digital dream (Rakesh Kumar; The Statesman; July 13, 2015).
Criminal Defamation: The Urgent Cause That has United Rahul Gandhi, Arvind Kejriwal and Subramanian Swamy (Betwa Sharma; Huffington Post; July 15, 2015).
Five Nations, One Future? (Bjorn Ludtke, Ellen Lee, Jaideep Sen, Gwendolyn Ledger, David Nicholson, and Jesko Johannsen; Voestalpine; July 18, 2015).
The scariest bill in Parliament is getting no attention – here’s what you need to know about it (Nayantara Narayanan; Scroll.in; July 24, 2015)
Regulation, misuse concerns still dog DNA profiling bill (Nikita Mehta; Livemint; July 29, 2015)

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the mediation and reconfiguration of social and cultural processes and structures by the internet and digital media technologies.

► Follow us elsewhere

CIS - Twitter: http://twitter.com/cis_india
Access to Knowledge - Twitter: https://twitter.com/CISA2K
Access to Knowledge - Facebook: https://www.facebook.com/cisa2k
Access to Knowledge - E-Mail: a2k@cis-india.org
Researchers at Work - E-Mail: raw@cis-india.org
Researchers at Work - Mailing List: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, Access to Knowledge, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/july-2015-bulletin

Studying the Internet Discourse in India through the Prism of Human Rights

Deva Prasad M — 2015-07-22T04:18:37Z

This post by Deva Prasad M is part of the 'Studying Internets in India' series. Deva Prasad is Assistant Professor at the National Law School of India University (NLSIU), Bangalore. In this essay, he analyses key public discussions around Internet related issues from the human rights angle, and explores how this angle may contribute to understanding the features of the Internet discourse in India.

Introduction

The significance of Internet as an important element and tool in day-to-day life of mankind is an established experiential fact. The intrinsic value that Internet brings to our lives has transformed the access to Internet as a necessity. Internet’s intrinsic value acts an enabling tool for information, communication and commerce to be effectively and expeditiously carried forward. It is to due to this enormous intrinsic value attached with Internet that there is an emerging trend of exploring Internet from the perspective of human rights. Moreover, Internet as a medium also helps in furtherance of human rights [1]. Social movements have attained a new lease of life with the digital activism over Internet. Arab spring is an epitome of this phenomenon.

There is an emerging positive trend of linking established norms of human rights with Internet. The Report of the Special Rapporteur on the right to freedom of opinion and expression has vividly explained the possibility and feasibility of extending and extrapolating the right of freedom of opinion and expression to Internet medium (Article 19 of the UDHR and the ICCPR) [2]. The Special Rapporteur also highlights the need to have access to Internet for effective enjoyment of right to freedom of opinion and expression in the digital sphere. The UN High Commissioner on Human Right’s report on‘The Right To Privacy In The Digital Age’ also explicitly highlights the significance of protecting the right to privacy in the internet medium in light of extensive “surveillance and the interception of digital communications and the collection of personal data” [3]. The extensive interception and blocking of the online communication is also a pertinent reason, which calls for human right protection to be extended to Internet.

The WSIS Declaration for Building of Information Society [4] and the Charter of Human Rights and Principles for the Internet [5] also have played a significant role in furthering the inter-linkage between human rights and Internet.

The Internet and human rights policy developments have gathered significant relevance in international human rights law and Internet policy fora. But it is interesting to note that the Indian government and state institutional mechanisms have not yet pro-actively accepted relevance of applying human rights norm to the Internet medium in India.

As an essay in the Studying Internet series, it is important to highlight how human rights acts as underlying factors in many socio-political issues pertaining to Internet in India. Analysis of these issues helps us to understand that, even though the Indian state turns a blind eye to the human rights element in the various socio-political issues relating to Internet, the digitally conscious Indian’s have realized their rights and even fought their own battle for exercising their rights.

In recent years, the Internet discourse in India has witnessed many socio-political concerns. This essay would be exploring the pertinent socio-political issues in Indian context and the underlying link to human rights thread. Globally, exploring Internet from the perspective of human rights brings out multitude of issues, which requires application of established human rights norms of right to privacy, freedom of expression, access. The story in India is no different. In this regard, three socio-political issues relating to Internet, which gained much attention in India roughly in last one year, are being analyzed. Interestingly, all three issues have an underlying thread of human right perspective connecting them and need pertinent deliberation from human rights perspective.

Section 66A and Freedom of Speech and Expression

The lack of freedom of expression on Internet and Section 66A of Information Technology Act, 2000 is an interesting case study. Indian government used Section 66A as a tool for extensive surveillance and had taken criminal legal action against the Internet and social media users for posting the offensive comments and posts. But Section 66A was badly drafted allowing the government to initiate criminal legal action in an arbitrary and whimsical manner. Thus such a provision could be misused by the state for curbing the freedom of expression in the Internet sphere. The rampant usage of the Indian state machinery of Section 66A had led to sharp reaction amongst the Internet and social media users in India. The vagueness in language and unconstitutionality of Section 66A were criticized by legal experts. The action of state machinery in arresting a cartoonist, a professor and two girls in Maharashtra [6] (and many others) for comments and post on social media against politicians, had made it evident the lack of respect for freedom for speech and expression on Internet by the Indian state machinery (Most of these incidents took place during the year 2012). These incidents led to wide spread protest for violation of human right to freedom of speech and expression by the digital media users. When the Public Interest Litigation [7] filed by Shreya Singhal led to the Supreme Court striking down the Section 66A on 24th March, 2015 for lack of due process being followed, it was a water shed moment for internet discourse in India. The significance of human rights (especially the freedom of speech and expression) in the Internet medium got asserted.

Net Neutrality and Internet Access Issue

The recent net neutrality debate in India has also evoked deliberation about the right of equal access to Internet and the need to maintain Internet as a democratic space. The net neutrality debate on keeping Internet a democratic space that is equally accessible to everyone has got much vogue in India. An important point that needs to be emphasized in the debate regarding net neutrality in India is the equal access question being raised. The equal access question is more a product of the lack of regulatory clarity regarding TRAI’s (Telecom Regulatory Authority of India) capacity to regulate the Over-the top (OTT) services; coupled with the lack of well stipulated right to internet access in the Indian context.

The net neutrality rides on the premise that the entire data available on the Internet should be equally accessible to everyone. No discrimination should be allowed regarding access to a particular website or any particular content on the Internet. Tim Wu, a renowned scholar in Internet and communication law has mentioned in his seminal work, Network Neutrality and Broadband Discrimination, that network neutrality signifies “an Internet that does not favor one application” [8].

In this regard, there has been a constructive dialogue between the Federal Communication Commission in United States and the various stakeholders. An interesting development was a proposition, which attempted to classify broadband internet service access as a public utility [9]. There is much relevance for such debates in the Indian context. India also needs public participation (especially strong voices from internet user’s perspective) to highlight these access concerns regarding Internet. Human right’s concerns regarding Internet should be pro-actively brought to the attention of regulatory institutions such as TRAI. There is need to balance the economic and for-profit interest of service providers with the larger public interest based on equal access.

The pressure created by public opinion through online activism upon the TRAI’s proposal to regulate the OTT services helps in understanding the power of public participation in the pertinent human rights issues relating to Internet [10]. The broader design in which the principle of human rights in the context of Internet medium would have to be asserted in India is also vividly seen in the case of protest against OTT regulation.

Right to be Forgotten in EU and Repercussions in India

The repercussions of ‘Right to be Forgotten’ judgment of European Union also had led to debate of similar rights in Indian context. The Google v. AEPD and Mario Cosjeta [11] is an interesting case decided by the Court of Justice of European Union, where the court held that based on the right to privacy and data protection, persons could ask databases (this case was against the search engine Google) on Internet medium to curtail from referring to certain aspects of their personal information [12]. This is basically referred to as ‘right to be forgotten’.

Viktor Mayor Schonberg in his book Delete: The Virtue of Forgetting in Digital Age has elaborated the problem of how the digital age coupled with the Internet has led to store, disseminate and track information in a substantially easy way and advocates for the more informational privacy rights [13]. In this judgment, the Court of Justice of European Union has furthered the information privacy rights in the European Union with the ‘right to be forgotten’.

In the Indian context, it is important to note that information privacy rights are yet to evolve to the extent that of European Union with definite privacy and data protection law. But interestingly, there was a request made to a media news website by a person attempting to enforce the right to be forgotten [14]. Even though the application of right to be forgotten is not directly applicable in the Indian context, this event throws light to the fact that Internet users in India are becoming conscious of their rights in the Internet space. The way Indian news media gave relevance to the right to be forgotten ruling also is an example of how there is an implicit recognition of the interlink between human rights and Internet that is slowly seeping into the Indian milieu.

Internet Discourse in India and Human Rights

Discussion of the three issues mentioned above points out to an important fact that human rights are not pro-actively applied to the Internet medium by the Indian state machinery. Even though the international human rights law and various Internet policy organizations are pushing the Internet and human rights agenda, the same is yet to gain momentum in India.

But at the same time, an interesting development that could be witnessed from the above discussion is the manner in which the Internet users are asserting their rights over the Internet and slowly paving the path for an enriching view towards applying the human rights perspective to Internet. In the first instance, the freedom of speech and expression was not pro-actively applied to the digital space and Internet. This has happened when Article 19 of Constitution of India has clearly provided for freedom of speech and expression. The second instance of net neutrality has thrown wide open the lack of clear policy regarding Internet access in Indian context. The public opinion has pointed out to the fact that there is a public interest demand to ensure that there is no discrimination in the case of Internet access. The third instance of looking at ‘right to be forgotten’ in Indian perspective, provides the understanding that the users of Internet are becoming conscious of their individual rights in the digital space in a more affirmative manner.

Further, the operationalization of human rights in these three instances also needs to be critically looked into. The assertion of the freedom of speech and expression in the Internet medium could be made possible effectively due to the fact that Article 19 of the Constitution of India, 1950, protects freedom of speech and expression. The vast amount of precedence existing in the field of freedom of speech and expression relating to constitutional litigation and allied jurisprudence has helped in crafting the extension of the right of freedom of expression to the digital medium of Internet. Further, using the social action tool of Public Interest Litigation, the unconstitutionality of Article 19 of the Constitution of India, 1950 could be brought before the Supreme Court.

But interestingly, the net neutrality issue, which is concerning the access to Internet in a non-discriminatory manner, is yet to be perceived in Indian context from a strong human rights perspective. Internet access as a public utility concept is yet to be evolved and articulated in concrete manner in the Indian context. Further, the Indian network neutrality discourse attempts to operationalize through the free market approach. In the free market approach the entire non-discriminatory access has to be ensured by the market competition with the necessary regulatory bodies. In this sense, the human rights angle of access to Internet will have to be ensured by effective competition in the market along with the proper oversight of regulatory bodies such as TRAI and Competition Commission of India. It is important for the regulatory bodies to have broad goals for furthering public interest by ensuring non-discriminatory access to Internet. Further, with the financial and infrastructure led limitations of government’s capability of ensuring access to Internet for all, the market-led model with sufficient regulation might be the right way forward.

Looking at the issue of the right to be forgotten, it could be easily perceived that the Indian milieu is yet to articulate privacy rights to that high standard. Even though the right to privacy is being understood in the constitutional law context through effective interpretation by the judiciary, the concept of digital privacy has not yet evolved in India. There is no collective understanding, till now, that has emerged regarding right to be forgotten in India. Even though individual attempts to assert the right was witnessed, there is much room for an evolved collective understanding in Indian context. Civil society organizations would have a crucial role to play in this regard.

There is an emerging consciousness amongst a set of Internet users in India, who values and gives importance to the Internet being a democratic space, without unwanted restriction from the government machinery or even the private entities. Hence looking at the Internet discourse of India from the perspective of human rights, there is an implicit way in which the human rights are being applied to the Internet space. The lack of a state’s pro-active approach in asserting human rights to Internet space is highlighted by the assertions being made by the Internet users in India.

Way Forward

For Internet to remain as a democratic space, there is need for pro-active application of these human rights norms and clear understanding in Internet governance. At present, the state of affairs in India regarding application of human rights to Internet is far from satisfactory.

This essay which is part of the ‘Studying Internet in India’ series, has till now done a stock taking analysis of emerging dimension of human rights and Internet in India. Lack of interest from government and state machinery to further the human rights and Internet dimension need to be seriously reconsidered. Attempting to intervene in Internet law and policy in India from the rights based approach should be an important agenda for furthering digital rights in India. For this, civil society organizations have an important role to play. Exploring the public interest could be done effectively with public participation of stakeholders. Here in, platforms such as India Internet Governance Forum could play a crucial role.

Apart from the civil society organizations, it is also pertinent for state and governmental institutional mechanism to also take a pro-active stance. For ensuring that the rights based approach to Internet has to be duly included in the Internet law and policy; and there should be institutional mechanism, which could look into areas pertaining to human rights and Internet. It is a well know fact that India lacks institutional mechanism for looking into communication and privacy issues regulation. Further, the National Human Rights Commission (NHRC) also needs to look at the relevance of human rights for Internet. Inspiration could be drawn from the pioneering work of Australian Commission of Human Rights on applying human rights norms and standards to Internet medium [15]. This essay has only flagged the need to apply the established human rights norms to Internet space. Much more issues such as access to Internet by disabled, safety of children and Internet medium are also pertinent areas.

Moreover, it is important to have digital rights of Internet users in India to be explicitly enshrined in a legal framework. Presently, a gap in law and policy framework regarding human rights and Internet is evident, as highlighted in this essay. The pertinent questions regarding access, privacy and freedom of expression are to be taken seriously by the government and state machinery for which clear and well-defined rights relating to Internet space have to be framed. For Internet and human rights to be taken seriously, it is high time that legal and institutional framework to explore these issues also are evolved.

Emphasizing the Right to Communication in India

Further, the present understanding of right to communication in India, which is perceived in narrow manner, could be re-worked with the help of a pro-active application of human rights norms to the Internet governance. The intrusion into the freedom of speech and expression especially in the telecommunication context has to be highlighted. Protection of communal harmony has been used as rationale for capping the number of the SMS messages that could be sent per day during the exodus of people of Northeastern states origin from Bangalore, Pune and other major cities in India.

This move has been criticized for being unreasonable and universality of capping the number of SMS messages [16]. Further, the telecommunication and Internet services (especially Facebook and YouTube) were blocked in Kashmir for restricting the protest [17]. The telecommunication and Internet services were blocked on the grounds of protection of national security. The reasonableness of restrictions that could be imposed on right to communication is a major concern in the above-mentioned instances. Making a blanket ban applicable in a universal manner undermines the right to communication of various genuine users of bulk messaging and social media sites.

The right to communication especially in the digital and telecommunication media needs to be emphasized. Applying human rights perspective and norms to Internet governance would help in articulating and evolving the right to communication in India. With adequate institutional oversight, the human rights norms could make the digital right to communication an effective right.

To conclude, the Internet discourse in India has already paved path for human rights norms to be applied to Internet space. The seriousness that could be attributed to those rights is evident by the assertions by the Internet users in India. But the state and government machinery in India also should explore the human rights and Internet agenda seriously.

Endnotes

[1] Frank La Rue, Report Of The Special Rapporteur On The Promotion And Protection Of The Right To Freedom Of Opinion And Expression, Available at http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf (Last accessed on 25/05/2015).

[2] Ibid, Special Rapporteur in the Report points out that the language of Article 19 of ICCPR is media neutral and is applicable to online media technological developments also. Para 20 and 21 of the Report.

[3] UN High Commissioner on Human Right, Report on ‘The Right To Privacy In The Digital Age’, Available at http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf (Last accessed on 25/05/2015).

[4] WSIS Declaration for Building of Information Society, Available at http://www.itu.int/wsis/docs/geneva/official/dop.html. (Last accessed on 25/05/2015). Article 58, WSIS Declaration reads as follows: “The use of ICTs and content creation should respect human rights and fundamental freedoms of others, including personal privacy, and the right to freedom of thought, conscience, and religion in conformity with relevant international instruments”.

[5] Charter of Human Rights and Principles for the Internet Available at http://internetrightsandprinciples.org/site/wp-content/uploads/2013/10/IRP_booklet_final1.pdf, (Last accessed on 25/05/2015).

[6] See Section 66A:Six Cases That Sparked Debate, Available at http://www.livemint.com/Politics/xnoW0mizd6RYbuBPY2WDnM/Six-cases-where-the-draconian-Section-66A-was-applied.html, (Last accessed on 25/05/2015). Also see, Facebook Trouble:10 Cases of Arrest Under Section 66A of IT Act, Available at http://www.hindustantimes.com/india-news/facebook-trouble-people-arrested-under-sec-66a-of-it-act/article1-1329883.aspx (Last accessed on 25/05/2015).

[7] Shreya Singhal v. Union of India, Available at http://indiankanoon.org/doc/110813550/ (Last accessed on 25/05/2015).

[8] Tim Wu, Network Neutrality, Broadband Discrimination, Available at https://cdt.org/files/speech/net-neutrality/2005wu.pdf (Last accessed on 25/05/2015).

[9] F.C.C. Approves Net Neutrality Rules, Classifying Broadband Internet Service as a Utility, Available at http://www.nytimes.com/2015/02/27/technology/net-neutrality-fcc-vote-internet-utility.html (Last accessed on 25/05/2015).

[10] The online campaign by www.savetheinternet.in and the AIB video have played a crucial role in gathering public support.

[11] Court of Justice of European Union, Case C-131/12.

[12] Rising like a Phoenix: The ‘Right to be Forgotten’ before the ECJ, Available at http://europeanlawblog.eu/?p=2351 (Last accessed on 25/05/2015).

[13] Viktor Mayor Schonberg, Delete: The Virtue of Forgetting in Digital Age, Princeton University Press (2009).

[14] Right to be Forgotten Poses A Legal Dilemma in India, Available at http://www.livemint.com/Industry/5jmbcpuHqO7UwX3IBsiGCM/Right-to-be-forgotten-poses-a-legal-dilemma-in-India.html, (Last accessed on 25/05/2015). Also see We received a Right to be Forgotten request from an Indian user, Available at http://www.medianama.com/2014/06/223-right-to-be-forgotten-india/ (Last accessed on 25/05/2015).

[15] Human Rights and Internet, Available at https://www.humanrights.gov.au/our-work/rights-and-freedoms/projects/human-rights-and-internet (Last accessed on 25/05/2015).

[16] Chinmayi Arun, SMS Block as Threat to Free Speech, Available at http://cis-india.org/internet-governance/www-the-hindubusinessline-op-ed-sep-1-2012-chinmayi-arun-sms-block-as-threat-to-free-speech (Last accessed on 15/07/2015).

[17] Pamposh Raina and Betwa Sharma, Telecom Services Blocked to Curb Protests in Kashmir, Available at http://india.blogs.nytimes.com/2012/09/21/telecom-services-blocked-to-curb-protests-in-kashmir/?_r=0 (Last accessed on 15/07/2015).

Author's Note: All the views expressed are my own and in no way are linked to the opinion of my employers. I thank CIS for this opportunity to explore Internet and Human Rights interface in India as part of the Studying Internet in India essay series.

Note: The post is published under Creative Commons Attribution 4.0 International license, and copyright is retained by the author.

For more details visit https://cis-india.org/raw/blog_studying-the-internet-discourse-in-india-through-the-prism-of-human-rights

Freedom of Expression in a Digital Age

Geetha Hariharan and Jyoti Panday — 2015-07-15T14:42:23Z

The Centre for Internet & Society, the Observer Research Foundation, the Internet Policy Observatory, the Centre for Global Communication Studies and the Annenberg School for Communication, University of Pennsylvania organized this conference on April 21, 2015 in New Delhi.

This report was edited by Elonnai Hickok

Effective research, policy formulation, and the development of regulatory frameworks in South Asia

Inside this Report

BACKGROUND TO THE CONFERENCE

THE ORGANIZERS

CONFERENCE PROGRAMME

WELCOME ADDRESS

SESSION 1: LEARNINGS FROM THE PAST

Vibodh Parthasarathi, Associate Professor, Centre for Culture, Media and Governance (CCMG), Jamia Millia Islamia University

Smarika Kumar, Alternative Law Forum

Bhairav Acharya, Advocate, Supreme Court and Delhi High Court & Consultant, CIS

Ambikesh Mahapatra, Professor of Chemistry, Jadavpur University

Questions & Comments

SESSION 2: CURRENT REALITIES

Cherian George, Associate Professor, Hong Kong Baptist University

Zakir Khan, Article 19, Bangladesh

Chinmayi Arun, Research Director, Centre for Communication Governance (CCG), National Law University (Delhi)

Raman Jit Singh Chima, Asia Consultant, Access Now

Questions & Comments

SESSION 3: LOOKING AHEAD

Sutirtho Patranobis, Assistant Editor, Hindustan Times

Karuna Nundy, Advocate, Supreme Court of India

Geeta Seshu, The Hoot

Pranesh Prakash, Policy Director, Centre for Internet & Society

Questions & Comments

Conclusion

Background to the Conference

As the Internet expands and provides greater access and enables critical rights such as freedom of expression and privacy, it also places censorship and surveillance capabilities in the hands of states and corporations. It is therefore crucial that there exist strong protections for the right to freedom of expression that balance state powers and citizen rights. While the Internet has thrown up its own set of challenges such as extremist/hate speech, the verbal online abuse of women, and the use of the Internet to spread rumours of violence, the regulation of cont ent is a question that is far from being settled and needs urgent attention. These are compounded by contextual challenges. What role can and should the law play? When is it justified for the government to intervene? What can be expected from intermediaries, such as social networks and Internet Service Providers (ISPs)? And what can users do to protect the right to free speech - their own and that of others?

Balancing freedom of expression with other rights is further complicated by the challenges of fast paced and changing technologies and the need for adaptable and evolving regulatory frameworks. By highlighting these challenges and questioning the application of existing frameworks we aim to contribute to further promoting and strengthening the right to freedom of expression across South Asia.

The Organizers

Centre for Internet & Society

Established in 2008, the Centre for Internet and Society (CIS) is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and intellectual property rights, and openness (including open standards and open government data). CIS also engages in scholarly research on the budding disciplines of digital natives and digital humanities. CIS has offices in Bangalore and New Delhi.

Observer Research Foundation

ORF, established in 1990, is India's premier independent public policy think tank and is engaged in developing and discussing policy alternatives on a wide range of issues of national and international significance. The fundamental objective of ORF is to influence the formulation of policies for building a strong and prosperous India in a globalised world. It hosts India's largest annual cyber conference - CyFy: the India Conference on Cyber Security and Internet Governance

The Annenberg School for Communication, The Centre for Global Communication Studies & the Internet Policy Observatory (U. Penn.)

The Annenberg School of Communication (ASC) at the University of Pennsylvania produces research that advances the understanding of public and private communications. The Center for Global Communication Studies (CGCS) is a focused academic center at ASC and a leader in international education and training in comparative media law and policy. It affords students, academics, lawyers, regulators, civil society representatives and others the opportunity to evaluate and discuss international communications issues. The Internet Policy Observatory (IPO) was started by CGCS to research the dynamic technological and political contexts in which Internet governance debates take place. The IPO serves as a platform for informing relevant communities of activists, academics, and policy makers, displaying collected data and analysis.

Conference Programme

'Freedom of Expression in a Digital Age' Effective Research, Policy Formation & the Development of Regulatory Frameworks in South Asia
April 21^st, 2015 - 11 a.m. to 6 p.m.

The Observer Research Foundation

20, Rouse Avenue Institutional Area

New Delhi - 110 002, INDIA

About the Conference

The conference will be a discussion highlighting the challenges in promoting and strengthening online freedom of expression and evaluating the application of existing regulatory frameworks in South Asia

Agenda

Learnings from the past		Current Realities		Looking ahead
11:00 - 1:00	1:00 - 2:00	2:00 - 4:00	4:00- 4:15	4:15 - 6:00
Overview of online FoEx policy and regulatory models across South Asia		Enabling FOEX in South Asia		Challenges associated with formulating regulation for online FoEx
Definitions of FoEx across South Asia		Ways in which FoEx is, or may be, curtailed online		Ways forward to bridge existing gaps between policy formation and policy implementation with respect to FOEX online
Impact of technology and markets on FoEx across South Asia		Balancing FoEx and other digital rights		Exploring emerging regulatory questions for FoEx online
Challenges to FoEx online across South Asia		The impact of jurisdiction, multi-national platforms, and domestic regulation on FoEx online		Impacting and influencing the development and implementation of Internet regulation through research
Effective research techniques and online FoEx		Role and responsibility of intermediaries in regulating online speech across South Asia		Exploration of the future role and interplay of technology and policy in enabling FOEX online

Ms. Mahima Kaul, Head (Cyber & Media Initiative), Observer Research Foundation (ORF), introduced the conference and its context and format, as well as the organisers. In three sessions, the Conference aimed to explore historical lessons, current realities and future strategies with regard to freedom of expression on the Internet in India and South Asia.

Mr. Manoj Joshi, Distinguished Fellow, ORF, provided the welcome address. Mr. Joshi highlighted the complexities and distinctions between print and electronic media, drawing on examples from history. He stated that freedom of expression is most often conceived as a positive right in the context of print media, as restrictions to the right are strictly within the bounds of the Constitution. For instance, during the riots in Punjab in the 1980s, when hate speech was prevalent, constitutionally protected restrictions were placed on the print media. When efforts were made to crack down on journalists with the introduction of the Defamation Bill in the 1980s, journalists were lucky that the Bill also included proprietors as those liable for defamation. This created solidarity between journalists and proprietors of newspapers to fight the Bill, and it was shelved.

Freedom of expression is necessary in a democratic society, Mr. Joshi stated, but it is necessary that this freedom be balanced with other rights such as privacy of individuals and the protection against hate speech. In the absence of such balance, speech becomes one-sided, leaving no recourse to those affected by violative speech.

In the digital age, however, things become complex, Mr. Joshi said. The freedom available to speech is enhanced, but so is the misuse of that freedom. The digital space has been used to foment riots, commit cybercrime, etc. Online, in India the restrictions placed on freedom of speech have become draconian. Section 66A and the incidents of arrests under it are an example of this. It is, therefore, important to consider the kind of restrictions that should be placed on free speech online. There is also the question of self-regulation by online content-creators, but this is rendered complex by the fact that no one owns the Internet. This conference, Mr. Joshi said, will help develop an understanding of what works and what frameworks we will need going forward.

Mr. Pranesh Prakash, Policy Director, Centre for Internet & Society (CIS), introduced the speakers for the first session. Mr. Vibodh Parthasarathi, Associate Professor, Centre for Culture, Media and Governance, Jamia Millia Islamia University, would first share his views and experience regarding the various ways of curtailing freedom of expression by the State, markets and civil society. Ms. Smarika Kumar of theAlternative Law Forum (ALF) would then expand on structural violations of freedom of expression. Mr. Bhairav Acharya, Advocate with the Delhi Bar and Consultant for CIS, would throw light on the development of free speech jurisprudence and policy in India from the colonial era, while Prof. Ambikesh Mahapatra, Professor of Chemistry, Jadavpur University, was to speak about his arrest and charges under Section 66A of the Information Technology Act, 2000 (am. 2008), providing insight into the way Section 66A was misused by police and the West Bengal government.

Vibodh Parthasarathi, Associate Professor, Centre for Culture, Media and Governance (CCMG), Jamia Millia Islamia University

Mr. Parthasarathi began his talk with an anecdote, narrating an incident when he received a call from a print journalist, who said "TV people can get away with anything, but we can't, and we need to do something about it." The notion of news institutions getting away with non-kosher actions is not new - and has been a perception since the 19^th century. He stressed that there have always been tensions between Freedom of Expression, access, and other rights. Curtailment happens not just by the state, but by private parties as well - market and civil society. Indeed, a large number of non-state actors are involved in curtailing FoE. Subsequently a tension between individual FoE and commercial speech freedom is emerging. This is not a new phenomenon. Jurisprudence relating to free speech makes a distinction between the persons in whom the right inheres: individuals on the one hand (including journalists and bloggers), and proprietors and commercial entities on the other.

In India, freedom of speech cases - from 1947 - relate primarily to the rights of proprietors. These cases form the legal and constitutional basis for issues of access, transmission and distribution, but are not necessarily favourable to the rights of individual journalists or newsreaders. At the individual level, the freedom to receive information is equally important, and needs to be explored further. For entities, it is crucial to consider the impact of curtailment of speech (or threats of curtailment) on entities of different sizes and kinds.

Mr. Parthasarathi further explained that online, freedom of expression depends on similar structural conditions and stressed that scholarship must study these as well. For example, intermediaries in the TV industry and online intermediaries will soon come together to provide services, but scholarship does not link them yet. The law is similarly disjointed. For instance, 'broadcasting' falls in the Union List under Schedule VII of the Constitution, and is centrally regulated. However, distribution is geographically bounded, and States regulate distribution. In order to have a cohesive broadcast regulation, he raised the point that the placement of 'broadcasting' in the Union List may need to be re-thought.

According to Mr. Parthasarathi, the underlying conceptual basis - for the interlinked scholarship and regulation of intermediaries (online and broadcast), of commercial speech and individual access to information, and censorship (State and private, direct and structural) - lies in Article 19(1)(a). He noted that there is a need to rethink the nature of this freedom. For whom do we protect freedom of speech? For individuals alone, or also for all private entities? From what are we protecting this freedom? For Mr. Parthasarathi, freedom of speech needs to be protected from the State, the market, civil society and those with entrenched political interests. Additionally, Mr. Parthasarathi raised the question of whether or not in the online context freedom of the enterprise becomes antithetical to universal access

Mr. Parthasarathi also highlighted that it is important to remember that freedom of expression is not an end in itself; it is a facilitator - the 'road'- to achieve crucial goals such as diversity of speech. But if diversity is what freedom of expression should enable, it is important to ask whether institutional exercise of freedom has led to enhanced diversity of speech. Do media freedom and media diversity go together? For Mr. Parthasarathi, media freedom and media diversity do not always go together. The most vivid example of this is the broadcast environment in India, following the deregulation of broadcast media beginning from the mid 1990s - much of which was done through executive orders on an ad hoc basis.

This led to infrastructural censorship, in addition to the ex-post curtailment of content. Increasingly the conditions on which content is produced are mediated i.e. which entities are eligible to obtain licenses, what type of capital is encouraged or discouraged, how is market dominance measured, accumulation of interests across content and carriage, or various carriage platforms? Mediating the conditions of producing speech, or infra censorship, is primarily operationalised through regulatory silences, as illustrated in the absence of any coherent or systematic anti-competitive measures.

Indian courts are champions in protecting the freedom of expression of 'outlets' - of proprietors and entities. But this has not led to diversity of speech and media. Perhaps there is a need to rethink and reformulate ideas of freedom. He pointed out that it is not enough merely to look at ex post curtailment of speech (i.e., the traditional idea of censorship). Instead the conditions in which speech is made and censored need to be explored; only then can our understanding expand. Mr Parthasarathi ended his talk by stressing that a proactive understanding of freedom of expression can highlight architectural curtailment of speech through the grant of licenses, competition and antitrust laws, media ownership and concentration across carriage and content, etc. This is essential in a digital age, where intermediaries play a crucial, growing role in facilitating freedom of speech.

Smarika Kumar, Alternative Law Forum
Beginning where Mr. Parthasarathi left off, the focus of Ms. Kumar's presentation was the curtailment of speech and the conditions under which speech is produced. At the outset, she sought from the audience a sense of the persons for whom freedom of speech is protected: for government-controlled media, the markets and commercial entities, or for civil society and citizens? Ms. Kumar aimed to derive ideas and conceptual bases to understand freedom of speech in the digital space by studying judicial interpretations of Article 19(1)(a) and its limitations. Towards this end, she highlighted some Indian cases that clarify the above issues.

Ms. Kumar began with Sakal Papers v. Union of India [AIR 1962 SC 305]. In Sakal Papers, the issue concerned the State's regulation of speech by regulation of the number of permitted pages in a newspaper. This regulation was challenged as being in violation of Article 19(1)(a) of the Constitution. The rationale for such regulation, the State argued, was that newsprint, being imported, was a scarce commodity, and therefore needed to be equitably distributed amongst different newspapers - big or small. Further, the State defended the regulation citing its necessity for ensuring equal diversity and freedom of expression amongst all newspapers. The petitioners in the case argued that such a regulation would negatively impact the newspapers' right to circulation by reducing the space for advertisements, and thus forcing the newspaper to increase selling prices. Readers of the newspaper additionally argued that such increase in prices would affect their right to access newspapers by making them less affordable, and hence such regulation was against the readers' interests. Ultimately, the Supreme Court struck down the regulation. The Constitution Bench noted that if the number of pages of a newspaper were to be limited and regulated, the space available for advertisements would reduce. Were advertisements to reduce, the cost of newspapers would increase, affecting affordability and access to information for the citizens. Ultimately, newspaper circulation would suffer; i.e., the State's regulation affected the newspapers' right of circulation which would amount to a violation of freedom of expression as the right extends to the matter of speech as well as the ability to circulate such speech.

Apart from the number of pages, the Indian government has sought to regulate newsprint in the past. In Bennett Coleman and Co. & Ors. v. Union of India [AIR 1973 SC 106], a Constitution Bench of the Supreme Court considered whether regulation of the number of pages permitted in a newspaper constituted an unreasonable restriction on freedom of expression. Towards this, the Government of India set forth a Newsprint Policy in 1972, under the terms of which the number of pages of all papers were to be limited to ten; where there were small newspapers that did not achieve the ten-page limit, a 20% increase was permitted; and finally, new newspapers could not be started by common ownership units. The Newsprint Order aimed to regulate a scarce resource (newsprint), while the Newsprint Policy sought to promote small newspapers, encourage equal diversity among newspapers and prevent monopolies. The Supreme Court upheld the Newsprint Order, stating that newsprint was indeed a scarce resource, and that the matter of import and distribution of newsprint was a matter of government policy. The Court would not interfere unless there was evidence of mala fides. However, the Court struck down the Newsprint Policy for reasons similar to Sakal Papers ; that the rights afforded to newspapers under Article 19(1)(a) - including circulation - could not be abridged for reasons of protecting against monopolies.

In his dissenting opinion, Justice Mathew stated that in conceiving freedom of expression, it is important to also consider the hearer (the reader). For Justice Mathew, Meiklejohn's view the "what is essential is not that everyone shall speak, but that everything worth saying shall be said" cannot be affected if, because of concentration of media ownership, media are not available for most speakers. In such a situation, " the hearers [cannot] be reached effectively". However, the imperative is to maximise diversity of speech. For this, we need to balance the rights of citizens against those of the press; i.e., the rights of the reader against those of the speaker.

Ms. Kumar pointed out that this was the first case to consider the right of readers to access a diversity of speech. Justice Mathew distinguished curtailment of speech by the state, and by the market - and that this is crucial in the digital age, where information is predominantly accessible through and because of intermediaries. Ms. Kumar further stressed that especially in an age where 'walled gardens' are a real possibility (in the absence of net neutrality regulation, for instance), Justice Mathew's insistence on the rights of readers and listeners to a diversity of speech is extremely important.

Ms. Kumar went on to explain that though judges in the Supreme Court recognised the rights of readers/listeners (us, the citizens) for the purposes of news and print media, a similar right is denied to us in the case of TV. In Secretary, Ministry of Broadcasting v. Cricket Association of Bengal [AIR 1995 SC 1236], the issue surrounded private operators' right to use airwaves to broadcast. The Supreme Court considered whether government agencies and Doordarshan, the government broadcaster, " have a monopoly of creating terrestrial signals and of telecasting them or refusing to telecast them", and whether Doordarshan could claim to be the single host broadcaster for all events, including those produced or organised by the company or by anybody else in the country or abroad. The Supreme Court held that the TV viewer has a right to a diversity of views and information under Article 19(1)(a), and also that the viewer must be protected against the market. The Court reasoned that " airwaves being public property, it is the duty of the state to see that airwaves are so utilised as to advance the free speech right of the citizens, which is served by ensuring plurality and diversity of views, opinions and ideas ".

If every citizen were afforded the right to use airwaves at his own choosing, "powerful economic, commercial and political interests" would dominate the media. Therefore, instead of affirming a distinct right of listeners, the Court conflated the interests of government-controlled media with those of the listeners, on the ground that government media fall under public and parliamentary scrutiny. According to Ms. Kumar this is a regressive position that formulates State interest as citizen interest. Ms. Kumar argued that in order to ensure freedom of speech there is a need to frame citizens' interests as distinct from those of the market and the government.

Bhairav Acharya, Advocate, Supreme Court and Delhi High Court & Consultant, CIS
Mr. Acharya's presentation focused on the divergence between the jurisprudence and policy surrounding freedom of expression in India. According to him, the policies of successive governments in India - from the colonial period and thereafter - have developed at odds with case-law relating to freedom of expression. Indeed, it is possible to discern from the government's actions over the last two centuries a relatively consistent narrative of governance which seeks to bend the individual's right to speech to its will. The defining characteristics of this narrative - the government's free speech policy - emerge from a study of executive and legislative decisions chiefly in relation to the press, that continue to shape policy regarding the freedom of expression on the Internet. Thus, there has been consistent tension between the individual and the community, as well as the role of the government in enforcing the expectations of the community when thwarted by law.

Today, free speech scholarship (including digital speech) fails to take into account this consistent divergence between jurisprudence and policy. Mr. Acharya pointed out that we think of digital speech issues as new, whereas there is an immense amount of insight to gain by studying the history of free speech and policy in India.

Towards this, Mr. Acharya highlighted that to understand dichotomy between modern and native law and free speech policy, it is useful to go back to the early colonial period in India, when Governor-General Warren Hastings established a system of courts in Bengal's hinterland to begin the long process of displacing traditional law to create a modern legal system. J. Duncan M. Derrett notes that the colonial expropriation of Indian law was marked by a significant tension caused by the repeatedly-stated objective of preserving some fields of native law to create a dichotomous legal structure. These efforts were assisted by orientalist jurists such as Henry Thomas Colebrook whose interpretation of the dharmasastras heralded a new stage in the evolution of Hindu law. By the mid-nineteenth century, this dual system came under strain in the face of increasing colonial pressure to rationalise the legal system to ensure more effective governance, and native protest at the perceived insensitivity of the colonial government to local customs.

Mr. Acharya explained that this myopia in Indian policy research is similar social censorship (i.e., social custom as creating limits to free speech). Law and society scholars have long studied the social censorship phenomenon, but policy research rejects this as a purely academic pursuit. But the truth is that free speech has been regulated by a dual policy of law and social custom in India since colonial times. The then-Chief Justice of the Calcutta High Court Elijah Impey required officers to respect local customs, and this extended to free speech as well. But as colonial courts did not interpret Hindu law correctly; interpretations of freedom of speech suffered as well. Mr. Acharya noted that the restrictions on freedom of speech introduced by the British continue to affect individuals in India today. Prior to British amendments, India had drawn laws from multiple sources - indeed customs and laws were tailored for communities and contexts, and not all were blessed with the consistency and precedent so familiar to common law. Since the British were unable to make sense of India's law and customs, they codified the principles of English customary law.

The Indian Penal Code (IPC) saw the codification of English criminal law (the public offences of riots, affray, unlawful assembly, etc., and private offences such as criminal intimidation). In Macaulay's initial drafts, the IPC did not contain sedition and offences of hurting religious sentiments, etc. Sections 124A ("Sedition") and 295A (" Deliberate and malicious acts intended to outrage religious feelings of any class by insulting its religion or religious beliefs") were added to the IPC in 1860, and changes were made to the Code of Criminal Procedure as well. Today, these sections are used to restrict and criminalise digital speech.

The Right to Offend :

Mr. Acharya then considered the history of the "right to offend", in light of the controversies surrounding Section 66A, IT Act. Before the insertion and strengthening of Section 295A, citizens in India had a right to offend others within the bounds of free speech. He clarified that in 1925 a pamphlet " Rangila Rasool" was published by Lahore-based Mahashe Rajpal (the name(s) of the author(s) were never revealed). The pamphlet concerned the marriages and sex life of the Prophet Mohammed, and created a public outcry. Though the publisher was acquitted of all charges and the pamphlet was upheld, the publisher was ambushed and stabbed when he walked out of jail. Under pressure from the Muslim community, the British enacted Section 295A, IPC. The government was seeking to placate and be sensitive to public feeling, entrenching the idea that the government may sacrifice free speech in the face of riots, etc. The death of India's "right to offend" begins here, said Mr. Acharya.

A prior restraint regime was created and strengthened in 1835, then in 1838, etc. At this time, the press in India was largely British. Following the growth of Indian press after the 1860s, the British made their first statutory attempt at censorship in 1867: a prior sanction was required for publication, and contravention attracted heavy penalties such as deportation and exile. Forfeiture of property, search and seizures and press-inspections were also permitted by the government under these draconian laws. Mr. Acharya noted that it is interesting that many leaders of India's national movement were jailed under the press laws.

Independence and After :

Mr. Acharya further explained that the framers of the Constitution deliberately omitted "freedom of the press" from the text of Article 19(1)(a) and that Jawaharlal Nehru did not think the press ought to be afforded such a right. This is despite a report of the Law Commission of India, which recommended that corporations be provided an Article 19 right. But why distrust the press, though citizens are granted the freedom of speech and expression under Article 19(1)(a)? In Mr. Acharya's opinion, this is evidence of the government's divergent approach towards free speech policy; and today, we experience this as a mistrust of the press, publications, and of online speech.

Mr. Acharya also explained that statutory restrictions on free speech grew at odds with judicial interpretation in the 1950s. Taking the examples ofRomesh Thapar v. the State of Madras [AIR 1950 SC 124] and Brij Bhushan v. the State of Delhi [(1950) Supp. SCR 245], Mr. Acharya showed how the judiciary interpreted Article 19 favourably. Despite the government's arguments about a public order danger, the Supreme Court refused to strike down left wing or right wing speech ( Romesh Thapar concerned a left wing publication; Brij Bhushan concerned right wing views), as "public order" was not a ground for restricting speech in the Constitution. The government reacted to the Supreme Court's judgement by enacting the First Amendment to the Constitution: Article 19(2) was amended to insert "public order" as a ground to restrict free speech. Thus, it is possible to see the divergence between free speech jurisprudence and policy in India from the time of Independence. Nehru and Sardar Vallabhbhai Patel had supported the amendment, while B.R. Ambedkar supported Romesh Thapar and Brij Bhushan. On the other hand, then-President Rajendra Prasad sought Constitutional protection for the press.

Why Study Free Speech History?

Mr. Acharya noted how the changes in free speech policy continue to affect us, including in the case of content restrictions online. In the 1950s, then-Prime Minister Nehru appointed the First Press Commission, and the newspaper National Herald was established to promote certain (left wing) developmental and social goals. Chalapati Rao was the editor of the National Herald, and a member of the First Press Commission.

At that time, the Commission rejected vertical monopolies of the press. However, today, horizontal monopolies characterize India's press. The First Press Commission also opposed 'yellow journalism' (i.e., sensational journalism and the tabloid press), but this continues today. Decades later, Prime Minister Indira Gandhi called for a "committed bureaucracy, judiciary and press", taking decisive steps to ensure the first two. For instance, Justice Mathew (one of the judges in the Bennett Coleman case) was an admirer of Indira Gandhi. As Kerala's Advocate General, he wanted the Press Registrar to have investigative powers similar to those given in colonial times; he also wanted the attacks on government personalities to be criminalized. The latter move was also supported by M.V. Gadgil, who introduced a Bill in Parliament that sought to criminalise attacks on public figures on the grounds of privacy. Mr. Acharya noted that though Indira Gandhi's moves and motives with regard to a "committed press" are unclear, the fact remains that India's regional and vernacular press was more active in criticizing the Emergency than national press.

Demonstrating the importance of understanding a contexts history - both social and legislative, following the striking down of 66A in Shreya Singhal & Ors. v. Union of India (Supreme Court, March 24, 2015), elements in the government have stated their wish to introduce and enact a new Section 66A. Mr. Acharya explained that such moves from elements in the government shows that despite the striking down of 66A, it is still possible for the repressive and mistrustful history of press policy to carry forward in India. This possibility is supported by colonial and post-Independence press history and policy that has been developed by the government. When looking at how research can impact policy, greater awareness of history and context may allow for civil society, academia, and the public at large to predict and prepare for press policy changes.

Ambikesh Mahapatra, Professor of Chemistry, Jadavpur University

Prof. Mahapatra introduced himself as a victim of the West Bengal administration and ruling party. He stated that though India's citizens have been granted the protection of fundamental rights after Independence, these rights are not fully protected; his experience with the West Bengal ruling party and its abuse of powers under the Information Technology Act, 2000 (am. 2008) ("IT Act") highlights this.

On March 23, 2012, Prof. Mahapatra had forwarded a cartoon to his friends by email. The cartoon poked fun at West Bengal Chief Minister Mamata Banerjee and her ruling party. On the night of April 12, 2012, individuals not residing in the Professor's housing colony confronted him, dragging him to the colony building and assaulting him. These individuals forced Prof. Mahapatra to write a confession about his forwarding of the cartoon and his political affiliations. Though the police arrived at the scene, they did not interfere with the hooligans. Moreover, when the leader of the hooligans brought the Professor to the police and asked that he be arrested, they did so even though they did not have an arrest warrant. At the police station, the hooligans filed a complaint against him. The Professor was asked to sign a memo mentioning the charges against him (Sections 114 and 500, Indian Penal Code, 1860 & Section 66A, IT Act). Prof. Mahapatra noted that the police complaint had been filed by an individual who was neither the receiver nor the sender of the email, but was a local committee member with the Trinamool Congress (the West Bengal ruling party).

The arrest sparked a series of indignant responses across the country. The West Bengal Human Rights Commission took suo motu cognizance of the arrest, and recommended action against the high-handedness of the police. Fifty six intellectuals appealed to the Prime Minister of India to withdraw the arrest; the former Supreme Court judge Markandey Katju was among those who appealed. Thirty cartoonists' organisations from across the world also appealed to the President and the Prime Minister to withdraw the case.

The West Bengal government paid no heed to the protests, and Chief Minister Mamata Banerjee publicly supported the actions of the police - making public statements against Justice Katju and A.K. Ganguly, former judge of the Supreme Court and head of the West Bengal Human Rights Commission respectively. A charge sheet was framed against Prof. Mahapatra and others, with Section 66A as one of the charges.

The case has been going on for over two years. Recently, on March 10, 2015, the Calcutta High Court upheld the recommendations of the West Bengal Human Rights Commission, and directed the government to implement them. The West Bengal government has preferred an appeal before a division bench, and the case will continue. This is despite the fact that Section 66A has been struck down (by the Supreme Court in Shreya Singhal & Ors. v. Union of India).

Though noting that he was not an expert, Prof. Mahapatra put forward that it seemed that the freedom of expression of the common man depends on the whims of the ruling parties and the State/Central governments. It is of utmost importance, according to him, to protect the common man's freedom of speech, for his recourse against the government and powerful entities is pitifully limited.

Questions & Comments

Q. A participant stated that the core trouble appears to lie in the power struggle of political parties. Political parties wish to retain power and gather support for their views. Despite progressive laws, it is the Executive that implements the laws. So perhaps what is truly required is police and procedural reforms rather than legislative changes.

A. Members of the panel agreed that there is a need for more sensitivity and awareness amongst the law enforcement agencies and this might be long overdue and much needed step in protecting the rights of citizens.

Q. A participant was interested in understanding how it might be possible to correct the dichotomy between FoE policy and doctrine? The participant also wanted the panel to comment on progressive policy making if any.

A. Members of the panel stated that there is no easy way of correcting this dichotomy between custom and law. Scholars have also argued that the relationship between custom and pernicious social censorship is ambiguous. Towards this, more studies are required to come to a conclusion.

Q. A participant requested clarity on what rights can be created to ensure and support a robust right to freedom of expression, and how this might affect the debates surrounding net neutrality?

A. Members of the panel noted that the Internet allows citizens and corporations to regulate speech on their own (private censorship), and this is problematic. Members of the panel also responded that the existing free speech right does not enable diversity of speech. Social and local customs permit social censorship, and this network effect is clearly visible online; individuals experience a chilling effect. Finally, in the context of net neutrality, the interests of content-producers (OTTs, for instance) are different from those of users. They may benefit economically from walled gardens or from non-interference with traffic-routing, but users may not. Therefore, there is a need for greater clarity before coming to a conclusion about potential net neutrality regulation.

Session 2: Current Realities

Dr. Cherian George, Associate Professor, Hong Kong Baptist University
Dr. George began his talk by highlighting how there is no issue as contentious as offensive speech and how it should be dealt with. The debate around free speech is often framed as a battle between those who support democracy and those who oppose it. Yet, this is also a tension within democracy. Citizens should not be unjustly excluded from participating in democracy (companion rights in Article 19 and 20, ICCPR). Relevant UN institutions and Article 19 have come up with reports and ideals that should be universally adopted - norms that apply to many areas including speech. These norms are different from traditional approaches. For example:

Human Rights Norms	Traditional Approach
Regulate incitement of violence (discrimination, hate, etc.)	Law protects people's feelings from speech that offends
Protect minorities as they are more vulnerable to exploitation and uprooting of their values	Law sides with the majority, to protect mainstream values over minority values
Allow robust criticism of ideas, religions, and beliefs	Law protects religion, beliefs, and ideas from criticism
Strive for balance between liberty and equality	Aims for order and maintenance of status quo
Promote harmony through the media	Enforces harmony by the state

Commenting on the traditional approach, Dr. George noted that if the state protects feelings of offence against speech, it allows groups to use such protection as a political weapon: "hate spin", which is the giving or taking of offence as a political strategy. Hate spin is normally framed as a "visceral, spontaneous reaction" to a video, writing, or speech, etc. Yet, the spontaneous reaction of indignation to speech or content can consistently be revealed to result from conscious manipulation by middlemen for political purposes.

South Asia is similar to West Asia - as the legal frameworks provide immunity for dangerous speech. In practice, this allows for the incitement of discrimination, hostility, and violence. At the same time, the legal frameworks allow for excessive sympathy for wounded feelings, and often the taking of offence turns into a political strategy. Power enters the equation here. The law allows the powerful to take offence and use hate speech against those not in powerful positions.

Dr. George highlighted a number of legal quandaries surrounding freedom of expression including:

Enforcement gaps: There is a lack of enforcement of existing laws against incitement.
Non-regulated zones: Socio-political research demonstrates that many problems cannot be regulated, and yet the law can only deal with what can be regulated. Hate speech is one of these as hate speech is not in the speech itself, but in the meaning that is produced in the mind of those saying/listening.
Verdict-proof opportunities: Political entrepreneurs can use legislative and judicial processes to mainstream hateful views, regardless of how legislature and courts ultimately act. The religious right, for instance, can always pit themselves morally against "secular" decisions of apex authorities (SC, etc.). For example, in the context of the US and Islamophobia - the State legislature in Alabama introduced an anti-Shariah law. Yet, the law is against a non-existent threat and appears to be a ploy to normalize anti-Muslim sentiments, including in political rhetoric. While focusing on winning battles in courts or legislature, the intolerant groups do not need to win a legal court case to introduce and entrench language of intolerance in public discourse and discussion. This demonstrates that there is a need to begin moving away from a purely legal analysis (interpretation or development) of the laws, and a need to begin studying these issues through a sociological lens.

Zakir Khan, Article 19, Bangladesh
Mr. Khan introduced Article 19 and its work in Bangladesh and the rest of South Asia. He noted that Article 19 is involved in documenting and analysing laws and regulations affecting freedom of expression, including in Bangladesh. Article 19 also campaigns for changes in law and policy, and responds from a policy perspective to particular instances of government overreach.

Mr. Khan explained that India has the Information Technology Act, 2000 (am. 2008) ("IT Act"), and in Bangladesh, the equivalent legislation is the Information and Communication Technology Act, 2006 ("ICT Act"). The ICT Act was enacted to bring Bangladeshi law in conformity with international law; i.e. in accordance with the UNCITRAL model law on e-commerce and online transactions. The ICT Act deals with hacking, crimes committed with the use of a computer system, breach of data, breach of computer system, and hardware.

Like the IT Act in India, Bangladesh's ICT Act also criminalizes speech and expression online. For instance, Section 57, ICT Act, criminalizes the publication of "fake, obscene or defaming information in electronic form". Similarly, bringing damage to "the state's image" online is criminalized. In 2013, the Bangladesh Ministry of Law amended the ICT Act to increase penalties for online offences, and allow for the detention of suspected offenders, warrantless arrests and indefinite detention without bail. Bloggers and activists have been protesting these changes, and have been targeted for the same.

Mr. Khan noted that Article 19 has developed a tool to report violations online. Individuals who have experienced violations of their rights online can post this information onto a forum, wherein Article 19 tracks and reports on them, as well as creating awareness about the violation. Any blogger or online activist can come and voice concerns and report their stories. Mr. Khan also highlighted that given the ICT Act and the current environment, online activists and bloggers are particularly threatened. Article 19 seeks to create a safe space for online bloggers and activists by creating anonymity tools, and by creating awareness about the distinctions between political agenda and personal ideology.

Chinmayi Arun, Research Director, Centre for Communication Governance (CCG), National Law University (Delhi)
Ms. Arun began by noting that usually conversations around freedom of expression look at the overlap between FoE and content i.e. the focus is on the speaker and the content. Yet, when one targets the mediator - it shifts the focus as it would be approaching the issue from the intermediary's perspective. When structural violation of free speech happens, it either places the middleman in the position of carrying through the violation, or creates a structure through which speech violations are incentivized.

An example of this is the Bazee.com case. At the time of the case the law was structured in such a way that not only perpetrators of unlawful content were punished, but so were the bodies/persons that circulated illegal content. In regulatory terms this is known as "gatekeeper liability". In the Bazee.com case, a private party put obscene content up for sale and Bazee.com could and did not verify all of the content that was for sale. In the case, the Delhi HC held Avnish Bajaj, the CEO of Bazee.com, liable on the precedent of strict liability for circulation of obscene content. The standard of strict liability was established under Ranjit Udeshi case. The standard of strict liability is still the norm for non-online content, but after Bazee.com, a Parliament Standing Committee created a safe harbour for online intermediaries under Section 79 of the IT Act. As per the provision, if content has been published online, but an intermediary has not edited or directly created the content, it is possible for them to seek immunity from liability for the content. The Parliament Standing Committee then stated that intermediaries ought to exercise due diligence. Thus, the Indian legal regime provides online intermediaries with immunity only if content has not been published or edited by an intermediary and due diligence has been exercised as defined by Rules under the Act. While developing India's legal regime for intermediary liability the Parliamentary Standing Committee did not focus on the impact of such regulation on online speech.

To a large extent, present research and analysis of Freedom of Expression is focused on the autonomy of the speaker/individual. An alternative formulation and way of understanding the right, and one that has been offered by Robert Post through his theory of democratic self governance, is that Freedom of Expression is more about the value of the speech rather than the autonomy of the speaker. In such a theory the object of Freedom of Expression is to ensure diversity of speech in the public sphere. The question to ask then is: "Is curtailment affecting democratic dialogue?" The Supreme Court of India has recognized that people have a right to know/listen/receive information in a variety of cases. Ms. Arun explained that if one accepts this theory of speech, the liability of online intermediaries will be seen differently.

Ms. Arun further explained that in Shreya Singhal, the notice-and-takedown regime under section 79 of the IT Act has been amended, but the blocking regime under section 69A has not. Thus, the government can still use intermediaries as proxies to take down legitimate content, and not provide individuals with the opportunity to to challenge blocking orders. This is because as per the Act, blocking orders must be confidential. Though the blocking regime has not been amended, the Supreme Court has created an additional safeguard by including the requirement that the generator of content has to be contacted (to the extent possible) before the government can pass and act upon a blocking order. Mr. Arun noted that hopefully, when implemented, this will provide a means of recourse for individuals and counter, to some extent, the mandated secrecy of content blocking orders.

Raman Jit Singh Chima, Asia Consultant, Access Now
Mr. Chima began his presentation by noting that the Internet is plagued by a few founding myths. Tim Goldsmith and Jack Wu (in Who Controls the Internet: Illusions of a Borderless World) name one: that no laws apply to the Internet; that, because of the borderless nature of the Internet - data flows through cables without regard for State borders - and thus countries' laws do not affect the Internet. These cyber-anarchists, amongst whom John Perry Barlow of the Electronic Frontier Foundation (EFF) is inspiring, also argue that regulation has no role for the Internet.

Mr. Chima countered these 'myths', arguing that the law affects the Internet in many ways. The US military and Science departments funded the invention of the Internet. So the government was instrumental in the founding of the Internet, and the US Department of Commerce has agreements with ICANN (Internet Corporation for Assigned Names and Numbers) to govern the Domain Names System. So the law, contracts and regulation already apply to the Internet.

Mr. Chima further explained that today organisations like EFF and civil society in India argue for, and seek to influence, the creation of regulation for the protection of journalists against unfair and wrongful targeting by the government. This includes moves to protect whistleblowers, to ensure the openness of the Internet and its protection from illegitimate and violative acts against freedom of expression, access and other rights. Some governments, like India, also place conditions in the licenses granted to Internet Service Providers (ISPs) to ensure that they bring access to the rural, unconnected areas. Such law and regulation are not only common, but they are also good; they help the population against virtual wrongdoing.

Mr. Chima pointed out that when States contemplate policy-making for the Internet, they look to a variety of sources. Governments draw upon existing laws and standards (like India with the virtual obscenity offence provision Section, 67 and 67A, IT Act, which is drawn from the real-world penal provision Section 292, IPC) and executive action (regulation, by-laws, changes to procedural law) to create law for the Internet. Additionally, if a government repeats a set of government actions consistently over time, such actions may take on the force of law. Mr. Chima also spoke of web-developers and standards-developers (the technical community), who operate by rules that have the force of law, such as the 'rough consensus and running code' of the IETF (Internet Engineering Task Force). Governments also prescribe conditions ("terms of use") that companies must maintain, permitting or proscribing certain kinds of content on websites and platforms.

Finally, Mr. Chima highlighted international legal and policy standards that play a role in determining the Internet's law and regulation. ICANN, the administrator of the Internet Assigned Numbers Authority (IANA) functions and governing body for the Domain Names System, functions by a set of rules that operate as law, and in the creation of which, the international legal community (governments, companies, civil society and non-commercial users, and the technical community) play a role. The ITU (International Telecommunications Union) and organisations like INTERPOL also play a role.

Mr. Chima explained that when one wants to focus on issues concerning freedom of expression, multiple laws also apply. Different States set different standards. For instance, in the US, the main standards for the Internet came from issues relating to access to certain types of online content. In Reno v. ACLU (1997), the US Supreme Court considered what standards should be created to access obscene and indecent content on the Internet. The judges held that the Internet, as a medium of unprecedented dynamism, deserved the higher protection from governmental overreach.

In Asia, the main legal standards for the Internet came from Internet commerce: the UNCITRAL model law, which prescribed provisions best suited to the smoother commercial utilization of a fast and growing medium, became the foundation for Internet-related law in Asian states. Predictably, this did not offer the strongest rights protections, but rather, focused on putting in place the most effective penalties. But when Asian states drew from the European UNCITRAL law, many forgot that European states are already bound by the European Convention for Human Rights, the interpretation of which has granted robust protections to Internet-related rights.

Mr. Chima provided the example of Pakistan's new Cybercrime Bill. The Bill has troubling provisions for freedom of expression, and minimal to no due process protections. While drafting the law, Pakistan has drawn largely from model cybercrime laws from the Council of Europe, which are based on the Budapest Convention. In Europe and the US, States have strong parallel protections for rights, but States in Asia and Africa do not.

Mr. Chima concluded that when one talks of freedom of expression online, it is important to also remember the roles of intermediaries and companies. The ISPs can be made liable for content that flows through their wires, through legal mechanisms such as license provisions. ISPs can also be made to take further control over the networks, or to make some websites harder to access (like the Internet Watch Foundation's blacklist). When policy organisations consider this, it is critical that they ask whether industry bodies should be permitted to do this without public discussion, on the basis of government pressure.

Questions & Comments

Q. Participants asked for panel members to talk about the context in which bloggers find themselves in danger in Bangladesh.

A. Panel members stated that the courts are not fair to bloggers as often they side with government. It was added that courts have labelled bloggers as atheist, and subsequently all bloggers are being associated with the label. Further, it was added that most people who are outraged, do not even know what blogging is, and people associate blogging with blasphemy and as opposing religious beliefs. It was also noted that in Bangladesh, while you see violations of FoE from the State, you see more violations of blogger rights from non-state actors.

Q. Participants asked if there is anything specific about the Internet that alters how we should consider hate speech online and their affective/visceral impact.

A. Pa nel members noted that they are still grappling with the question of what difference the Internet makes, but noted that it has indeed complicated an already complex issue as there is always the question about political entrepreneurs using convenient content to foment fires.

Q. Participants questioned panel members about how the right to offend is protected in jurisdictions across Asia where there is still tension between classical liberalism and communitarian ideologies, and where the individuated nature of rights is not clearly established or entrenched.

A. Panel members responded by stating that when one compares the US, Indonesia and India, the US seems to be able to strike a balance between free speech and other competing interests as they are committed to free speech and committed to religious tolerance and plurality of competing interests. Panel members also added that the fabric of civil society also has an impact. For example, Indonesian civil society is simultaneously religious and secular and pro-democracy. In India, there seems to be a tension between secular and religious groups. In Indonesia, people are moving to religion for comfort, while still seeking a world that is religious and secular.

Q. Participants asked for clarification on ways to approach regulation of hate speech given that hate speech is not just about a particular kind of threatening speech, but encompasses rumours and innuendos.

A . Panel members acknowledged that more research needs to be done in this area and added that applying the socio-cultural lens on such issues would be beneficial.

Q. Participants asked if panel members had a framework for a regulating the content practices of private actors, who are sometimes more powerful than the state and also enforcing censorship.

A. Panel members responded that private censorship is an important issue that needs to be reflected upon in some depth, though a framework is far from being developed even as research is ongoing in the space.

Session 3: Looking Ahead

The third and final session of the conference aimed to find principles and methods to achieve beneficial and effective regulation of the Internet. One of the core aims was the search for the right balance between the dangers of the Internet (and its unprecedented powers of dissemination) and the citizens' interest in a robust right to freedom of expression. Mr. Sutirtho Patranobis, Assistant Editor with the Hindustan Times (Sri Lanka desk, previously China correspondent), shared his experience with governmental regulation of online free speech in China and Sri Lanka. Ms. Karuna Nandy,Advocate, Supreme Court of India, analysed the Indian Supreme Court's decision in Shreya Singhal v. Union of India (March 24, 2015), and sought to draw lessons for the current debate on net neutrality in India. Ms. Geeta Seshu, founder and editor of the online magazine The Hoot, offered an expanded definition of freedom of speech, focusing on universal access as the imperative. Finally, Mr. Pranesh Prakash, Policy Director, Centre for Internet & Society, offered his views on net neutrality and the issue of zero-rating, as well as arguing for an increased, cooperative role of civil society in creating awareness on issues relating to the Internet.

Sutirtho Patranobis, Assistant Editor, Hindustan Times
During his career, Mr. Patranobis was the China correspondent for the Hindustan Times. Mr. Patranobis began his presentation by sharing his experiences in China. In China, multiple online platforms have become sources of news for citizens. Chinese citizens, especially the urban young, spend increasing amounts of time on their mobile phones and the Internet, as these are the major sources of news and entertainment in the country.

The Chinese government's attitude towards freedom of expression has been characterized by increasing control over these online platforms. The includes control over global companies like Google and Facebook, which have negotiated with the Chinese government to find mutually acceptable operating rules (acceptable to the government and the company, but in most cases unfavourable to the citizens) or have faced being blocked or filtered from the country. Mr. Patranobis noted that free speech regulation in China has evolved into a sophisticated mechanism for control and oppression, and the suppression of dissent. Not only China, but Sri Lanka has also adopted similar approaches to dealing with freedom of expression.

In China, free speech regulations have evolved with an aim to curtail collective action and dissent. China's censorship programmes work towards silencing expression that can represent, reinforce or spur social mobilisation. Mr. Patranobis explained that these programmes aim to put an end to all collective activities (current or future) that may be at odds with government policies. Therefore, any online activity that exposes government action as repressive, corrupted or draconian is meted out harsh treatment. Indeed it is possible to see that there are sharp increases in online censorship and crackdowns when the government implements controversial policies offline.

Mr. Patranobis went on to discuss the nature of objectionable content, and the manner in which different jurisdictions deal with the same. Social and cultural context, governmental ideologies, and political choices dictate the nature of objectionable content in States such as China and Sri Lanka. On the flipside, media literacy, which plays a big role in ensuring an informed and aware public, is extremely low in Sri Lanka, as well as in many other States in South Asia.

Mr. Patranobis raised the question of how the Internet can be regulated while retaining freedom of expression - noting that the way forward is uncertain. In Sri Lanka, for instance, research by UNESCO shows that the conflicting policy objectives are unresolved; these first need to be balanced before robust freedom of expression can be sustained. The Internet is a tool, after all; a tool that can connect people, that can facilitate the spread of knowledge and information, to lift people from the darkness of poverty. The Internet can also be a tool to spread hate and to divide societies and peoples. Finding the right balance, contextualised according to the needs of the citizens and the State, is key to good regulation.

Karuna Nundy, Advocate, Supreme Court of India
Ms. Nandy focused her presentation on two issues currently raging in India's free speech debates: the Supreme Court's reasoning on Sections 66A and 69A, IT Act, in Shreya Singhal & Ors. v. Union of India (Supreme Court, March 24, 2015), and issues of access and innovation in the call for a net neutrality regulation. She stated that the doctrine of the "marketplace of ideas" endorsed by Justices Nariman and Chelameswar in Shreya Singhal speaks to the net neutrality debate.

Ms. Nandy held that a law can be challenged as unconstitutional if it prohibits acts that are legitimate and constitutional. Such an argument refers to the impugned law's "overbroad impact". For instance, the Supreme Court struck down Section 66A, IT Act, on the ground (among others) that the impugned section leads to the prohibition and criminalisation of legitimate and protected speech. Cases such asChintaman Rao v. State of Madhya Pradesh [(1950) SCR 759] and Kameshwar Prasad v. State of Bihar [1962 Supp. (3) SCR 369] speak to this principle. They expand the principle of overbreadth to include the notion of "chilling effect" - i.e., situations where overbroad blocking leads to the prohibition of legitimate constitutional speech. In such situations, citizens are unsure what constitutes protected speech and what does not, leading to a chilling effect and self-censorship for fear of reprisals.

In Shreya Singhal, the Supreme Court also considered the "reasonable person" doctrine that has been developed under the law of obscenity. India had initially adopted the Hicklin test, under which the test to determine what is obscene depended on whether prurient minds (minds that have a tendency to be corrupted) would find the impugned material lascivious and corrupting. This test, laid down in Ranjit Udeshi v. State of Maharashtra [AIR 1965 SC 881] and altered/refined by decades of jurisprudence, was put to rest in Aveek Sarkar v. State of West Bengal [AIR 2014 SC 1495]. In Aveek Sarkar, the Supreme Court adopted the "community standards" test to determine obscene content. According to Ms. Nandy, the "community standards" test rests on the doctrine of reasonable persons. Ms. Nandy noted that in effect there is a need for more police officers to protect those who produce legitimate content from hecklers.

Quoting from the U.S. decision of Whitney v. California [71 L. Ed. 1095], Ms. Nandy submitted that:

" It is the function of speech to free men from the bondage of irrational fears. To justify suppression of free speech there must be reasonable ground to fear that serious evil will result if free speech is practiced. There must be reasonable ground to believe that the danger apprehended is imminent. There must be reasonable ground to believe that the evil to be prevented is a serious one. "

On the issue of website blocking and the Supreme Court's reasoning on Section 69A, IT Act, in Shreya Singhal, Ms. Nandy explained that the Additional Solicitor General had conceded a number of points during the oral arguments. She further explained that website blocking can be applied when the Central Government is satisfied that there is a necessity for it. However, reasons must be recorded in writing. Also, according to the Supreme Court's interpretation of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 (" Blocking Rules"), both the intermediary and the originator of the communication (the content-creator) have to be given a chance to be heard.

Rule 16 of the Blocking Rules, which mandates confidentiality of all blocking requests and orders, was also discussed in Shreya Singhal. Though some confusion has arisen about the Rule's interpretation, Ms. Nandy submitted that Rule 16 has been read down. There is no longer a strict, all-encompassing requirement of confidentiality. While the identity of the complainant and the exact nature of the complaint must be kept confidential, the blocking order and the reasoning behind the order are no longer bound by Rule 16. This is because in §109 of the judgment, the Supreme Court accepts that writ petitions can lie on the basis of blocking orders. In order for writs to lie, affected parties must first be aware of the existence and content of the blocking order. Therefore, Ms. Nandy explained, the effect of the Supreme Court's reasoning is that the confidentiality requirement in Rule 16 has been read down.

On net neutrality, Ms. Nandy argued that zero-rating is an efficient solution to providing universal access to the Internet. Services like Internet.org are not strictly market-driven. This is because there is not a large demand for Facebook or specific over-the-top (OTT) service providers. In speaking about the marketplace for ideas in Shreya Singhal, the Supreme Court did not indirectly outlaw services seeking to balance access with diversity of speech. Ms. Nandy held that price discrimination in the provision of telecom, broadband and mobile Internet services already exists. In light of this, the focus should the provision of these services on the basis of consumer choice.

Geeta Seshu, The Hoot
Ms. Seshu began her presentation by noting that one's perspective on online censorship cannot be the same as that on traditional censorship. Traditional censorship cuts off an individual's access to the censored material, but on the Internet, material that is censored in traditional media finds free and wide distribution. One's conceptualisation of freedom of expression and curtailment of this right must include access to the medium as a crucial part. To this end, it is important to not forget that access to the Internet is controlled by a limited number of Internet service and content providers. Thus, a large section of the population in India cannot exercise their right to free speech because they do not have access to the Internet.

In this context, it is important to understand the way in which the digital rollout is happening in India. Ms. Seshu explained that the rollout process lacks transparency, and noted the example of the 4G/LTE rollout plan in India. There is, of course, a diversity of content: those that have access to the Internet have the ability to exercise their right to free speech in diverse ways. However, introducing access into the free speech universe highlights many inequalities that exist in the right; for instance, Dalit groups in India have limited access to the Internet, and some kinds of content receive limited airtime.

Importantly, Ms. Seshu argued that the government and other entities use technology to regulate content availability. Policymakers exploit the technology and architecture of the networks to monitor, surveil and censor content. For instance, one may see the UID scheme as an adaptation of technology to facilitate not only service-provision, but also as a move towards a Big Brother state. Civil society and citizens need to study and respond to the ways in which technology has been used against them. Unfortunately, the debates surrounding regulation do not afford space for Internet users to be part of the discussion. In order to turn this around, it is important that citizens' and users' rights are developed and introduced into the regulatory equation.

Pranesh Prakash, Policy Director, Centre for Internet & Society
Taking up where Ms. Seshu left off, Mr. Prakash wished to explore whether the Internet was merely an enabler of discussion - allowing, for instance, a ruckus to be raised around the consultation paper of the Telecom Regulatory Authority in India (TRAI) on Over-The-Top (OTT) services and net neutrality - or whether the Internet positively adds value. The Internet is, of course, a great enabler. The discussions surrounding OTTs and net neutrality are an example: in response to the TRAI consultation, a campaign titled "Save the Internet" resulted in over 9.5 lakh comments being submitted to the TRAI. It is inconceivable that such a widespread public discussion on so complex a topic (net neutrality) could take place without the Internet's facilitation.

But, Mr. Prakash held, it is important to remember that the Internet is the tool, the platform, for such mobilisation. Campaigns and conversations such as those on net neutrality could not take place without the organisations and people involved in it. Civil society organisations have played prominent roles in this regard, creating awareness and well-informed discussions. For Mr. Prakash, civil society organisations play their role best when they create such public awareness, and it is important, to play to a stakeholders strengths. Some organisations are effective campaigners, while others (such as CIS) are competent at research, analysis and dissemination.

According to Mr. Prakash, it is equally important to remember that successful discussions, campaigns or debates (such as the ongoing one on net neutrality) do not occur solely because of one organisation's strengths, or indeed because of civil society alone. Networks are especially critical in successful campaigns and policy changes. As researchers, we may not always know where our work is read, but sometimes they reach unexpected venues. For instance, one of Mr. Prakash's papers was used by the hacker collective Anonymous for a local campaign, and he was made aware of it only accidentally. Mr. Prakash noted that civil society has to also accept its failures, pointing to the controversy surrounding the Goondas Act in Karnataka. Where there are strong counter-stakeholders (such as the film lobby in south Indian states), civil society's efforts alone may not lead to success.

On net neutrality, Mr. Prakash noted the example of a strategy employed by the Times of India newspaper, when it undercut its competitors by slashing its own prices. Such moves are not unknown in the market, and they have their benefits. Consumers benefit from the lowered prices. For instance, were a Whatsapp or Facebook pack to be introduced by a telecom operator, the consumers may choose to buy this cheap, limited data pack. This is beneficial for consumers, and also works to expand access to the Internet. At the same time, diversity of speech and consumer choice is severely restricted, as these companies and telecom operators can create 'walled gardens' of information and services. Mr. Prakash put forth that if we can facilitate competitive zero-rating, and ensure that anti-competitive cross-subsidization does not occur, then perhaps zero-rated products can achieve access without forcing a trade off between diversity and choice.

Finally, on the issue of website blocking and takedowns under Sections 69A and 79, IT Act, Mr. Prakash noted that the Shreya Singhal judgment does nothing to restrict the judiciary's powers to block websites. According to Mr. Prakash, at the moment, the Shreya Singhal judgment relieves intermediaries of the responsibility to take down content if they receive private complaints about content. After the judgment, intermediaries will lose their immunity under Section 79, IT Act, only if they refuse to comply with takedown requests from government agencies or judicial orders.

But, as Mr. Prakash explained, the judiciary is itself a rogue website-blocker. In the past few years, the judiciary has periodically ordered the blocking of hundreds of websites. Such orders have resulted in the blocking of a large number of legitimate websites (including, at one point, Google Drive and Github). To ensure that our freedom of expression online is effectively protected, Mr. Prakash argued that ways to stop the judiciary from going on such a rampage must be devised.

Questions & Comments

A. Participants and panel members commented that researchers and commentators err by making analogies between the Internet and other media like newspapers, couriers, TV, satellite, cable, etc. The architecture of the Internet is very different even from cable. On the Internet, traffic flows both ways, whereas cable is not bi-directional. Moreover, pricing models for newspapers have nothing in common with those on the Internet. The comparisons in net neutrality debates stand the danger of incorrectness, and we must guard against that. Zero-rating and net neutrality issues in high-access countries are very different from the issues in low-access countries like India.

B. Participants and panel members commented that access and availability must play a predominant role in thinking about freedom of expression. In India, we are technologically far behind other states, though we have potential. The real end-goal of this is the convergence of services and information, with the user at the centre of the ecosystem. Our technological capabilities include satellite and spectrum; the best spectrum bands are lying vacant and can be re-framed. For this, the government must be educated.

C. Participants and panel members commented that in high-access states, the net neutrality issues surround competition and innovation (since there is no or very little ISP competition and switching costs are not low), while in India and France, where there is already competition amongst providers, access plays a crucial role. On the Internet, the networking or engineering aspects can disrupt the content carried over the network, so that is also a concern.

D. Participants and panel members commented that zero-rating is both a blessing and a curse. Zero-rating would not be detrimental in a market with perfect information and competition. But the reality is information asymmetry and imperfect competition. If today, we were to allow zero-rating, diversity would suffer and we would be left with 'walled gardens'.

Conclusion

The conference addressed a range of issues characteristic of debates surrounding freedom of expression in India and South Asia. Beginning with the conceptual understanding of freedom of expression, panellists advocated an expanded definition, where the right to free speech is teleological. The panellists considered freedom of speech as a tool to ensure diversity of speech, both horizontally and vertically. Towards this end, panellists gave several suggestions:

First , policymakers and scholars must understand freedom of speech as a right of both the speaker and the listener/reader, and carve out a separate listeners' right. Panellists expanded upon this to show the implications for the debate on net neutrality, cross-media ownership and website-blocking, for instance.

Second , there is a need for scholars to examine the historical dichotomy between the policy and jurisprudence of free speech in India and other contexts across South Asia. Such an approach to scholarship and policy research would help predict future government policy (such as in the case of the Indian government's stance towards Section 66A following the Supreme Court's decision in Shreya Singhal v. Union of India) and strategize for the same.

Third , particularly with regard to the Internet, there is a need for policy advocates and policy makers to "bust" the founding myths of the Internet, and look to various domestic and international sources of law and regulation. Studies of regulation of freedom of speech on the Internet in different jurisdictions (Bangladesh, China, Sri Lanka) indicate differing government approaches, and provide examples to learn from. The interpretation and consequences of Shreya Singhal on website-blocking and intermediary liability in India provide another learning platform.

Fourth , panellists discussed the possibilities of cooperation and strategies among civil society and policy organisations in India. Taking the example of the Save the Internet campaign surrounding net neutrality in India, panellists speculated on the feasibility of using the Internet itself as a tool to campaign for governance and policy reform. Together with the audience, the panellists identified several areas that are ripe for research and advocacy, such as net neutrality and zero-rating, and citizens' free speech right as being separate from governmental and corporate interests.

For more details visit https://cis-india.org/internet-governance/blog/freedom-of-expression-in-a-digital-age

India’s digital check

sunil — 2015-09-15T14:55:47Z

All nine pillars of Digital India directly correlate with policy research conducted at the Centre for Internet and Society, where I have worked for the last seven years. This allows our research outputs to speak directly to the priorities of the government when it comes to digital transformation.

The article was originally published by DNA on July 8, 2015.

Broadband Highways and Universal Access to Mobile Connectivity: The first two pillars have been combined in this paragraph because they both require spectrum policy and governance fixes. Shyam Ponappa, a distinguished fellow at our Centre calls for the leveraging of shared spectrum and also shared backhaul infrastructure. Plurality in spectrum management, for eg, unlicensed spectrum should be promoted for accelerating backhaul or last mile connectivity, and also for community or local government broadband efforts. Other ideas that have been considered by Ponappa include getting state owned telcos to exit completely from the last mile and only focus on running an open access backhaul through Bharat Broadband Limited. Network neutrality regulations are also required to mitigate free speech, diversity and competition harms as ISPs and TSPs innovate with business models such as zero-rating.

Public Internet Access Programme: Continuing investments into Common Service Centres (CSCs) for almost a decade may be questionable and therefore a citizen’s audit should be undertaken to determine how the programme may be redesigned. The reinventing of post offices is very welcome, however public libraries are also in need urgent reinventing. CSCs, post offices and public libraries should all leverage long range WiFi for Internet and intranet, empowering BYOD [Bring Your Own Device] users. Applications will take time to develop and therefore immediate emphasis should be on locally caching Indic language content. State Public Library Acts need to be amended to allow for borrowing of digital content. Flat-fee licensing regimes must be explored to increase access to knowledge and culture. Commons-based peer production efforts like Wikipedia and Wikisource need to be encouraged.

e-Governance: Reforming Government through Technology: DeitY, under the leadership of free software advocate Secretary RS Sharma, has accelerated adoption and implementation of policies supporting non-proprietary approaches to intellectual property in e-governance. Policies exist and are being implemented for free and open source software, open standards and electronic accessibility for the disabled. The proprietary software lobby headed by Microsoft and industry associations like NASSCOM have tried to undermine these policies but have failed so far.

The government should continue to resist such pressures. Universal adoption of electronic signatures within government so that there is a proper audit trail for all communications and transactions should be made an immediate priority. Adherence to globally accepted data protection principles such as minimisation via “form simplification and field reduction” for Digital India should be applauded. But on the other hand the mandatory requirement of Aadhaar for DigiLocker and eSign amounts to contempt of the Supreme Court order in this regard.

e-Kranti — Electronic Delivery of Services: The 41 mission mode projects listed are within the top-down planning paradigm with a high risk of failure — the funds reserved for these projects should instead be converted into incentives for those public, private and public private partnerships that accelerate adoption of e-governance. The dependency on the National Informatics Centre (NIC) for implementation of e-governance needs to be reduced, SMEs need to be able to participate in the development of e-governance applications. The funds allocated for this area to DeitY have also produced a draft bill for Electronic Services Delivery. This bill was supposed to give RTI-like teeth to e-governance service by requiring each government department and ministry to publish service level agreements [SLAs] for each of their services and prescribing punitive action for responsible institutions and individuals when there was no compliance with the SLAs.

Information for All: The open data community and the Right to Information movement in India are not happy with the rate of implementation of National Data Sharing and Accessibility Policy (NDSAP). Many of the datasets on the Open Data Portal are of low value to citizens and cannot be leveraged commercially by enterprise. Publication of high-value datasets needs to be expedited by amending the proactive disclosure section of the Right to Information Act 2005.

Electronics Manufacturing: Mobile patent wars have begun in India with seven big ticket cases filed at the Delhi High Court. Our Centre has written an open letter to the previous minister for HRD and the current PM requesting them to establish a device level patent pool with a compulsory license of 5%. Thereby replicating India’s success at becoming the pharmacy of the developing world and becoming the lead provider of generic medicines through enabling patent policy established in the 1970s. In a forthcoming paper with Prof Jorge Contreras, my colleague Rohini Lakshané will map around fifty thousand patents associated with mobile technologies. We estimate around a billion USD being collected in royalties for the rights-holders whilst eliminating legal uncertainties for manufacturers of mobile technologies.

IT for Jobs: Centralised, top-down, government run human resource development programmes are not useful. Instead the government needs to focus on curriculum reform and restructuring of the education system. Mandatory introduction of free and open source software will give Indian students the opportunity to learn by reading world-class software. They will then grow up to become computer scientists rather than computer operators. All projects at academic institutions should be contributions to existing free software projects — these projects could be global or national, for eg, a local government’s e-governance application. The budget allocated for this pillar should instead be used to incentivise research by giving micro-grants and prizes to those students who make key software contributions or publish in peer-reviewed academic journals or participate in competitions. This would be a more systemic approach to dealing with the skills and knowledge deficit amongst Indian software professionals.

Early Harvest Programmes: Many of the ideas here are very important. For example, secure email for government officials — if this was developed and deployed in a decentralised manner it would prevent future surveillance of the Indian government by the NSA. But a few of the other low-hanging fruit identified here don’t really contribute to governance. For example, biometric attendance for bureaucrats is just glorified bean-counting — it does not really contribute to more accountability, transparency or better governance.

The author works for the Centre for Internet and Society which receives funds from Wikimedia Foundation that has zero-rating alliances with telecom operators in many countries across the world

For more details visit https://cis-india.org/internet-governance/blog/dna-sunil-abraham-july-8-2015-india-digital-check

The Digital Divide: pros and cons of Modi's latest big initiative

praskrishna — 2015-07-06T02:11:56Z

Prime Minister Narendra Modi inaugurated the Digital India (DI) initiative on 1 July, at an event attended by scores of government officials as well as industry leaders.

The blog post by Suhas Munshi was published in Catch News on July 2, 2015. Sunil Abraham is quoted.

The initiative

Digital India aims to make all citizens digitally literate. Bring e-governance to every doorstep.

Corporates have promised to invest Rs 4.5 lakh crore in the initiative.

This is greater than the total spend on all govt schemes. It is equivalent to 1/4th of the national budget.

The positives

It will be a boost to industry; both large and small enterprises.

It will ostensibly create a lot of jobs.

It's ideal if citizens can connect directly with the government.

The negatives

Will the initiative be genuinely inclusive?

How will corporates recover their costs? Will the promised investments end up as bad loans from banks?

Who will handle the personal data of so many citizens; will it be efficient?

Who will the vendors be?

Will the proposed digital lockers for official documentation be reliable?

Will the initiative give the govt a tool to conduct mass surveillance?

The alternative focus

Some experts feel the govt should concentrate on giving people access to basic necessities like water, power and sewage.

The backbone of the project, the National Optical Fibre Network, has already run into massive infrastructure issues.

The programme aims to make all citizens digitally literate and bring the internet and e-governance to all sections of the society.

Like Modi's past initiatives, this too has polarised opinion, in this case on the government's aggressive push for e-governance.

While some advise patience before arriving at a verdict, others think it isn't too early to begin celebrations.

Astronomical budget

Most of the funds for this initiative are expected to come from the private sector. The total investments promised by big corporates, according to Modi, is Rs 4.5 lakh crore.

That is an astonishing number - it is equivalent to a quarter of the country's budget.

If true, then the amount spent on this project will be way over the total money spent on all of the government's 66 central sponsored schemes.

However, India hasn't been able to deliver on the last big welfare scheme promised - the Food Security Act, two years after it was passed in Parliament.

Investments promised by corporates add up to Rs 4.5 lakh crore, which is one-fourth of India's total budget

This scheme, which is set to cost the country Rs 1.25 lakh crore, aims to provide subsidised food grains to two-thirds of the populace.

The immediate concern experts have expressed with the budget is the possible intervention of the private sector.

The big corporate houses that have promised these staggering investments, would also be looking to recover them.

"As I see it, effectively a new sector is being created for this initiative. While it is good, when the private sector comes in to support big government projects, we also have to examine what the recovery model for those investments are. Hopefully, more details about investments will be made available," said Subrata Das, Executive Director, Centre for Budget and Governance Accountability.

Boost to industry

The initiative has already received a massive thumbs up from the industry. Corporate leaders made a beeline to praise the initiative.

RIL chairman Mukesh Ambani said that with Digital India, the government has moved faster than industry. He added that Reliance Jio Infocomm will invest Rs 2,50,000 crore as part of the Digital India programme.

"Tata Consultancy Services (TCS) has partnered with the government for projects like Passport Seva and income tax e-filing, as well as state-level projects," said Cyrus Mistry, chairman of Tata Group, at the event.

Azim Premji, Wipro chairman, was quoted as saying the initiative will democratise the nation and "break down the digital divide in India".

He added that the level of skills of India's people will have to be significantly improved in order to make full use of the new initiative.

Kumar Mangalam Birla, chairman of the Aditya Birla Group, said it would leverage its Idea Cellular network of 165 million subscribers across 3,50,000 towns and villages in India to provide mobile-based healthcare and education services, as well as weather forecasting advisories and 'mandi' prices to over one million farmers.

The company will also launch a mobile wallet and payment bank as well as invest over $2 billion in the next five years in various internet-based sectors.

There seems to be a consensus on the kind of platform DI will provide to small entrepreneurs and the massive job opportunities it will create.

"Who has not heard about their computer engineer friends trying to develop a product in their spare time? These small entrepreneurs will get a lot of help if they are brought to a common platform with big companies and if lack of resources don't impede their work. Besides, as government starts to spend, there will be a severe need for hardware technicians, network operators, data entry operators," said Manish Sabharwal, chairman, Teamlease.

Rajeev Chandrasekhar, independent lawmaker in the Rajya Sabha, says DI is not only essential for the idea of 'minimum government, maximum governance', it is a big boost for the Indian IT industry.

"It is absolutely essential for good governance that as many people as possible are put directly in touch with their government. One of the biggest achievements, I think, will be in connecting 700 million people, so far sequestered, with the rest of the country. This obviously helps small entrepreneurs with launching their startups and bringing in a healthy workforce into the folds of this scheme," he said.

Many sunrise sectors before have similarly promised job growth that has not materialised. It remains to be seen how much of this euphoria plays out in concrete terms.

Privacy concerns

Therefore, while there's been a lot of positive buzz, not everyone is sold on the initiative.

Concerns are being raised about the handling of personal data of so many citizens.

There is a question about the reliability of the digital lockers in which all citizens will have their official documentation, and the anxiety of the data falling into the wrong hands.

"Of course, the concern with respect to privacy is legitimate and urgent.

Since the data the government will collect will be very large in terms of volume and can be misused, the reliability of the government's systems will have to be quite high.

So let's wait to see the nuts and bolts of the programme," said Apar Gupta, a senior lawyer specialising in information technology.

According to Reetika Khera, associate professor, economics at IIT Delhi, applications like digital lockers will make it easier for government to conduct mass surveillance.

There are questions over the reliability of digital lockers and about data falling into the wrong hands

"Programmes like Aadhar, digi-locker, central monitoring system (of mobile calls) etc are creating and enabling a massive surveillance infrastructure in India that will put NSA's PRISM, XKeyScore etc to shame.

"For instance, if Aadhaar is linked to your mobile number, bank account, travel details, the government can build a profile of each person at the click of a mouse. This is especially worrying because data protection and privacy laws are weak or non-existent," she said.

Sunil Abraham, executive director of Bangalore-based research organisation Centre for Internet and Society, also agrees with the concerns but is optimistic about the safeguards being put in place.

"There is a very mature draft of the Privacy Bill at the Department of Personnel and Training which will hopefully be introduced into Parliament after some rounds of public consultation and feedback.

"This, along with appropriate architectural and technological changes to e-governance services, will mitigate privacy concerns," said Abraham.

Misplaced priorities?

Then there is an argument that the less-privileged sections of society may need basic social services before they're considered for internet inclusion.

"What is true at the ground is that many people still don't have access to basic services, so while I think this is a good initiative, it should be part of our medium-term strategy.

"To begin with, we should focus on setting up basic infrastructure and extending water, power and sewer lines to most of the country," said Amitabh Kundu, retired JNU professor, who's advising the government on various projects.

Apar Gupta wonders how the government intends to bring people who are semi-literate, with no access to internet, within the fold of this e-governance project.

"Extending social welfare schemes to this section of people solely through digital medium is not viable," he said.

Some feel that the whole DI initiative is a mass-scale feel-good exercise. The argument is that using technology to 'uplift' the masses isn't a new idea, and is introduced periodically, and turns out to be largely ineffective.

"From the looks of it, this initiative seems to be nothing but techno-optimism. There is a belief that new technologies will, by themselves, transform the social world, but this doesn't happen.

"Techno-optimism, which we have seen before, is no different to traditional forms of governance, and over time, turns out to be nothing but a public relations exercises. An exercise to make governance visible to masses," said Ravi Sundaram, professor at the Centre for the Study of Developing Societies (CSDS).

Infrastructure issues

A project of this ambition and magnitude is bound to run into difficulties and, just a day after the launch, The Indian Express reported that the National Optical Fibre Network, the backbone of the initiative, is way behind schedule.

The project was supposed to be completed by December 2016. Initially, the 2014-15 target was to execute the work for one lakh gram panchayats, which was later halved to 50,000.

However, up until March 2015, only about 20,000 gram panchayats have been covered.

The primary problem is the cascading delays faced by central agencies, and when the active intervention of states was sought, 'right of way' charges have become the bone of contention.

Lack of contractors to do specialised work is also turning out to be an issue.

Thus, it won't be a stretch to say that while the initiative sounds like a great thing, doubts over its proper execution will continue till there is some concrete success to show for it.

For more details visit https://cis-india.org/internet-governance/news/catch-news-july-2-2015-the-digital-divide-pros-and-cons-of-modi-s-latest-big-initiative