Centre for Internet and Society

The Second IJLT-CIS Lecture Series at National Law School, Bangalore

praskrishna — 2011-05-13T11:03:04Z

The Indian Journal of Law and Technology and the Centre for Internet and Society, present the second IJLT- CIS Lecture Series, an event comprised of an intensive series of lectures by luminaries with expertise in law and technology to give students, professionals and anyone interested in a comprehensive idea about the theme, "Emerging Issues in Privacy law".

The focus will be on contemporary sub-issues of critical relevance such as:

The Unique Identification Project and Challenges to Privacy
Cloud Computing and Behavioural Tracking
The State and Privacy: Electronic Surveillance

Speakers

The following delegates would be speaking at the conference:

Usha Ramanathan
Malavika Jayaram
Vivek Durai
Prof. Sudhir Krishnaswamy

Profiles of the Speakers

Usha Ramanathan

Dr. Usha Ramanathan is an internationally recognized expert on law and poverty. She studied law at Madras University, the University of Nagpur and Delhi University. She is a frequent adviser to non-governmental organisations and international organizations. She is a member of Amnesty International's Advisory Panel on Economic, Social and Cultural Rights and has been called upon by the World Health Organisation as a expert on mental health on various occasions. Her research interests include human rights, displacement, torts and environment. She has published extensively in India and abroad.

Malavika Jayaram

Malavika Jaya has an experience of more than 15 years as a lawyer with a specialization in information technology and intellectual property. She is a partner in Jayaram & Jayaram, Bangalore managing a portfolio of work that has a strong focus on IT/IP and commercial work, especially with an international angle and is a fellow of the Centre for Internet and Society. She works with CIS in its efforts to explore, understand, and affect the shape and form of the Internet, and its relationship with the cultural and social milieu of our time.

More info on Malavika Jayaram can be found here

Vivek Durai

Vivek G Durai is co-founder and managing partner at Atman Law Partners. He represents Indian and overseas clients in connection with their India entry strategies, venture capital and private equity investments, infrastructure projects, technology contracts, procurement and supply agreements and real estate investments.

More info on Vivek Durai can be found here

Professor (Dr.) Sudhir Krishnaswamy

Prof. Sudhir Krishnaswamy graduated from National Law School Bangalore with a BA LLB (Hons) degree. He then went onto finish a BCL and DPhil in Law from the University of Oxford on a Rhodes Scholarship. He has taught at National Law School, Bangalore and Pembroke College, University of Oxford among other places. His research interests include constitutional law, administrative law, intellectual property law, legal profession and reform of the legal system.

More info on Prof. Krishnaswamy can be found here

Admission will not charged but in order to enable us to ensure adequate seating, do register without fail by the 18th of May by email at editorialboard@ijlt.in.

Updates regarding the conference will be posted here.

For more details visit https://cis-india.org/events/ijlt-cis-lecture-series

The Quixotic Fight to Clean up the Web

sunil — 2012-01-26T20:53:02Z

The ongoing attempt to pre-screen online content won’t change anything. It will only drive netizens into the arms of criminals, writes Sunil Abraham in this article published in Tehelka Magazine, Vol 9, Issue 04, Dated 28 Jan 2012.

GOOGLE AND Facebook’s ongoing case in the Delhi High Court over offensive online content is curious in three ways. First, the complaint does not mention the IT Act, 2000. Prior to the 2008 amendment, intermediaries (in this case, Google, Facebook, etc) had no immunity. But after the amendment, intermediaries have significant immunity and are not considered liable unless takedown notices are ignored.

Second, it is curious that the complaint does not mention specific individuals or groups directly responsible for authoring the allegedly offensive material. Only intermediaries have been explicitly named. If specific content items have been submitted in court then it is curious that specific accounts and users have not been charged with the same offences.

Three, Delhi-based journalist Vinay Rai claims that takedown notices and requests for user information were ignored by the intermediaries. As yet, unpublished research at the Centre for Internet and Society has reached the exact opposite conclusion. We sent fraudulent takedown notices to seven of the largest intermediaries in India as part of a policy sting operation. Six of them over-complied and demonstrated no interest in protecting freedom of expression. Our takedown notices were complied with even though they were largely nonsensical. It is therefore curious that Rai’s takedown notices were ignored.

Under Section 79 of the IT Act, the intermediary must not “initiate the transmission”, “select the receiver of the transmission” and “select or modify the information contained in the transmission”. In other words, they must not possess “actual knowledge” of the content. This would be absolutely true if intermediaries acted as “dumb pipes” or “mere conduits”. But today, they have reactive “human filters” ensuring conformance to community guidelines that often go beyond constitutional limits on freedom of expression.

For example, Facebook deletes breastfeeding photographs if a certain proportion of the breast is visible, despite numerous protests. Intermediaries also use proactive “machine filters” to purge their networks of pornography and copyright infringing content. In order to retain immunity under the IT Act, intermediaries would have to demonstrate that they have no “actual knowledge”. This would also imply that they cannot proactively filter or pre-screen content without becoming liable for illegal content.

More sophisticated “machine filters” will continue to be built for social media platforms as computing speeds increase and costs decrease dramatically. But there will be significant collateral damage — the vibrancy of online Indian communities will be diminished as legitimate content will be removed and this in turn will retard Internet adoption rates. Free media, democratic governance, research and development, culture and the arts will all be fundamentally undermined. So whether pre-censorship is technically feasible is an irrelevant question. The real question is what limits on freedom of expression are reasonable in the Internet age.

The legal tussle is yet another chance for reflecting on the shortcomings of the IT Act

Censorship is like prohibition, illegal content will persist, the mafia will profit and ordinary citizens will be implicated in criminal networks. Use of anonymising proxies, circumvention tools and encryption technologies will proliferate, frustrating network optimisation efforts and law enforcement activities.

This is yet another opportunity for reflecting on the shortcomings of the ITAct. A lot of the confusion and anxiety today emerges from vague language, unconstitutional limits on freedom of expression, multi-tiered blanket surveillance provisions, blunt security policy measures contained in the statute and its associated rules. The next Parliament session is the last opportunity for MPs to ask for the rules for intermediaries, cyber cafes and reasonable security practices to be revisited. The MP who musters the courage to speak will be dubbed a superhero.

As told to Shonali Ghosal. Sunil Abraham is Executive director, centre for internet and society and can be contacted at sunil@cis-india.org. The original article was published in Tehelka.

Illustration by Sudeep Chaudhuri

For more details visit https://cis-india.org/internet-governance/quixotic-fight-to-clean-the-web

The Public Voice: Privacy Rights are a Global Challenge

praskrishna — 2012-10-22T14:28:09Z

October 21, 2012 is an important day for global civil society defending privacy and free speech. The Public Voice coalition will be hosting a global conference in Punta del Este, Uruguay, and you are invited to take part in the conversation and interact with the panelists. Malavika Jayaram is speaking at this event.

You can follow the live conversation here, and join the conversation by using #thepublicvoice hashtag, ask questions, participate in polls and interact with those covering the event in several languages. The conference aims to assess cultures and privacy perspectives from around the World, and members of civil society wil discuss the spread of Surveillance Technologies and its implications in societies, experts will explore Latin American policy, law, and technology perspectives on privacy governance and suggest to governments and private sector to safeguard citizens privacy.

You can read the program and follow the live Webcast in English and Spanish.

During the day the panelists will assess cultures and privacy perspectives from around the world. They will raise public awareness of surveillance technology and its consequences to consumers, for freedom of expression and human rights, and they will explore Latin American policy, law, and technology perspectives. It is the small window civil society has before the 34th International Conference of Data Protection and Privacy Commissioners comprising all the governmental agencies all over the World, webcast available here. It certainly can bring the relevant topics for citizens to the discussion table. I hope you join us.

For more details visit https://cis-india.org/internet-governance/events/privacy-rights-are-a-global-challenge

The Privatisation of Censorship: The Online Responsibility to Protect Free Expression

praskrishna — 2012-12-09T01:48:13Z

Pranesh Prakash was a panelist at this workshop organised on November 5, 2012. It was organized by Index on Censorship.

Much is known about state censorship, but increasingly private corporations are implementing censorship either at the behest of governments, or as part of a ‘walled garden’ approach. This censorship takes many guises: whether the proactive take-down of entirely legal material, the blocking of websites by overly zealous ISPs, mobile filters that cut access to websites such as Index on Censorship and the use of surveillance technology on behalf of autocratic states. The combination of state-led censorship with the privatisation of censorship requires a debate on the responsibilities of corporations and the framework needed to protect free expression online.

This side session will focus on two key areas:
1. Take-down, blocking and filtering of content
2. The export of surveillance technology, privacy

The panel will explore the ways in which the above can affect free expression online, and how civil society, governments and corporations can and should approach these issues, addressing the following questions:

1. Whether, why and in what ways censorship and surveillance is either as or more pervasive, intrusive and chilling than offline, and the impact on free speech and press freedom?
2. The inappropriate, intrusive or excessive use of filters and firewalls including how these impact directly and indirectly on access to media and the nature of news provision
3. Criminalisation of free speech and free expression – chilling use of takedown requests (impacting on public online debates, on media freedom including investigative journalism), and constraints on comment and debate (twitter, trolls, comment threads etc);
4. Excessive and blanket surveillance and data-gathering
5. Regulations and laws including intermediary responsibility that curtail digital free speech

Chair:
Michael Harris, Head of Advocacy, Index on Censorship

Panelists:

Dr Hosein Badran, Regional Chief Technology Officer, Cisco Systems International, covering MENA
Pranesh Prakash, Policy Director at the Centre for Internet and Society
Abhilash Nair, Northumbria University, UK
Camino Manjon Sierra, International Relations Policy Officer, Directorate General for Communications Networks, Content and Technology, European Commission
Andrew Puddephatt, Global Partners and Associates

For more details visit https://cis-india.org/news/privatisation-of-censorship

The Privacy (Protection) Bill 2013: A Citizen's Draft

bhairav — 2013-07-12T11:50:20Z

The Centre for Internet and Society has been researching privacy in India since 2010 with the objective of raising public awareness around privacy, completing in depth research, and driving a privacy legislation in India. As part of this work, Bhairav Acharya has drafted the Privacy (Protection) Bill 2013.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

The Privacy (Protection) Bill 2013 contains provisions that speak to data protection, interception, and surveillance. The Bill also establishes the powers and functions of the Privacy Commissioner, and lays out offenses and penalties for contravention of the Bill. The Bill represents a citizen's version of a possible privacy legislation for India, and will be shared with key stakeholders including civil society, industry, and government.

Click to download a full draft of the Privacy (Protection) Bill, 2013.

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-citizens-draft

The power of the next click...

nishant — 2012-03-13T10:43:41Z

P2P cameras and microphones hooked up to form a network of people who don't know each other, and probably don't care; a series of people in different states of undress, peering at the each other, hands poised on the 'Next' button to search for something more. Chatroulette, the next big fad on the internet, is here in a grand way, making vouyers out of us all. This post examines the aesthetics, politics and potentials of this wonderful platform beyond the surface hype of penises and pornography that surrounds this platform.

In his futuristic novel 1984, George Orwell conceived of a Big Brother who watches us all the time, tracking every move we make, every step we take, and reminding us that we are being watched. The Internet has often been seen as the embodiment of this fiction. There are many who unplug computers, look over surreptitious shoulders and wear tin-foil hats so that their movements cannot be traced. While this caricatured picture might seem absurd to funny, there is no denying the fact that we are being stalked by technologies. As our world gets more connected and our dependence on digital and internet objects grow, we are giving out more and more of our private and personal information for an easy trade-off with convenience and practicality.

As a reply to the question “Who watches the watchman?” several Internet theorists had suggested as a reply, a model where everybody looking at everybody else so that there is no one person who has exclusive powers of seeing without being seen. In this utopian state, people would be looking at each other (thus keeping a check on actions), looking after each other (forming virtual care networks) and looking for each other (building social networks with familiar strangers). After about 20 years of the first emergence of this discussion vis-à-vis the World Wide Web , comes an internet platform that produces a strange universe of people looking at.for.after each other in a condition of extreme vouyerism, performance, exhibitionism, surveillance and playfulness. It is a website that the Digital Natives are flocking to because it changes the way they look at each other. Literally.

Chatroulette! is a new MMORPG (Massively Multiple Online Role Playing Game) that uses a Peer-2-Peer network to constantly pair random people using their web cams, to look at each other. You start a Game and you begin a series of ‘lookings’ as people look back at you. Connect, cruise, watch, interact, boot – that is the anatomy of a Chatroullete! game. If you like what you see, you can linger a while or begin a conversation, or just ‘boot’ your ‘partner’ and get connected to somebody else in the almost infinite network. In the process you come across the unexpected, unpredictable and the uncanny. In the last one month of betting my time on Chatroullete!, I have seen it all and then some more – masturbating teenagers, strip teasing men and women, animals (including a very handsome tortoise) staring back at me, groups of friends eating dehydrated noodles and giggling, partners in sexual intercourse, graphic images of human gentilia, clever advertisements, pictures, art, musicians performing, dancers dancing, conference delegates staring bemusedly at a screen, ... the list is endless and probably exhausting. A growing community of users now dwell on Chatroulette! to connect in this new way that is part speed dating, part networking, part performance, part voyeurism.

The verdict on the blogosphere is still not in whether this is a new fad or something more long-lasting. Irrespective of its longevity, what Chatroullete! has done is show us a new universe of social interaction that Digital Natives around the world find appealing. The possibilities of cultural exchange, collaborative working, love, longing and learning that emerge around Chatroullete! are astounding. For Digital Natives the appeal of Chatroullete! is in forging viral and temporary networks which defy the Facebook way of creating sustained communities of interaction. This is the defining moment of virtual interaction and online networking –A model that is no longer trying to simulate ‘Real Life’ conditions online by forming permanent networks of ‘people like us’. Chatroulette! marks the beginning of a new way of spreading the message to completely random strangers, enticing them into thought, exchange and mobilisation through the world of gaming. The potentials for drawing in thousands of unexpected people into your own political cause are astounding. It might be all cute cats and sexual performance now, but it is only a matter of time when Digital Natives start exploring the possibility of using Chatroulette! to mobilise resources for dealing with crises in their personal and public environments. The wheel has been spun. We now wait to see where the ball lands.

For more details visit https://cis-india.org/digital-natives/blog/chatroulette

The Platform Economy’s Gatekeeping of Class and Caste Dominance in Urban India

Ambika Tandon and Aayush Rathi — 2024-04-19T03:11:44Z

Ambika Tandon and Aayush Rathi contributed an essay on how gated society management apps like MyGate and NoBrokerHood feed on caste and income inequalities in new datafied forms. The essay features in The Formalization of Social Precarities, an anthology edited by Murali Shanmugavelan and Aiha Nguyen and published with Data & Society.

Ashrit is an experienced platform worker. He has been a delivery worker for three years, job-hopping frequently. Ashrit has worked as a package delivery worker for three platforms: two courier services and a hyperlocal grocery delivery company, which promises compressed ten-minute deliveries over short distances. While navigating the city, he often deals with omnipresent surveillance tools deployed in apartment complexes owned by upper-class and dominant-caste homeowners. Ashrit is used to being screened at every apartment complex he enters, including having his picture taken and verifying details such as his name, mobile number, and the platform he is delivering for. The everydayness of constant identity verification means that Ashrit is not bothered much by it — he said he doesn’t mind the process so much as the delay it causes when customers forget to approve his entry.

MyGate is one such company offering “gated community management,” claiming to service over 25,000 gated societies in India. A competing application, NoBrokerHood, services over 18,000 societies. Apps of this nature have sprung up across urban India in the past five years, offering “society management” services to a niche market of gated societies. Their bouquet of services includes everything from property listings with a commission rate for the platform, security services, accounting services for maintenance and related expenses, and in-app discussion forums for residents. These apps market digital security, which allows residents to regulate entries and exits and make a database of all non-resident visitors in the society. The objective of these apps is to legitimize surveillance as a way of ensuring safety in gated societies. Through a preliminary search online, we found over 20 different companies specializing in digital solutions for gated societies. The industry even had a business exposition in Mumbai on “Housing Society Management,” focused on technology solutions for gated societies.

This study uses the framework of platform urbanism to understand surveillance platforms. Platform urbanism analyzes the growing power of digital platforms in cities. Urban geographers have argued that platforms are a symptom of current models of capitalism, which exploit “idle resources” to produce new forms of urban spaces and value where they might not have existed earlier. Airbnb and Uber are often used as examples of this new form of extraction and value creation from existing assets by monetizing empty rooms and car seats. We argue that platforms offering surveillance services are another instance of this wider landscape of platform urbanism, manufacturing the need for surveillance systems in elite urban enclaves. We use this case study to show that platforms monetize not just idle resources but social inequality and stratification to generate value and capital.

Click to download the full essay

For more details visit https://cis-india.org/raw/the-platform-economys-gatekeeping-of-class-and-caste-dominance-in-urban-india

The Phishing Society: Why 'Facebook' is more Dangerous than the Government Spying on You - A Talk by Maria Xynou

maria — 2013-09-27T09:16:19Z

Next Wednesday, you are all invited to listen to Maria Xynou's crazy - or not-so-crazy theory of the "Phishing Society", in which surveillance, control and oppression is not imposed in a traditional top-down manner, but rather a personal and collective "choice"...come and engage in a heated debate!

We have read and heard a lot of theories on the contemporary "Surveillance Society"...but how much of that is about surveillance per se? Are we being spied on a top-down manner...or are we enabling our own surveillance? Have the masses ever directly or indirectly "pursued" their own surveillance in the past...or are we witnessing a new phenomenon in history?

Most geeks would probably agree that the term "phishing" is used to describe the act of attempting to acquire sensitive information, such as usernames, passwords, private encryption keys and credit card details, by masquerading as a trustworthy entity. In other words, "phishing" is commonly used to describe the acquisition of sensitive, personal data through the use of bait.

The aim of the talk on Wednesday is to discuss the possible existence of a "Phishing Society", through which the act of providing bait — whether it being security, commodities, services or relationships — is a common, contemporary practice on a social, political and economic level in the pursuit of the "Gold of the Digital Age": personal data. Through this discussion, the "Government spying vs. Corporate spying" debate will be looked at, in an attempt to understand why the dynamics of surveillance have changed over the last year.

Everyone with an open mind is welcome to attend this talk and to share all opinions, ideas and concerns!

Video

For more details visit https://cis-india.org/internet-governance/events/the-phishing-society-a-talk-by-maria-xynou

The Personal Data (Protection) Bill, 2013

prachi — 2013-08-30T14:53:11Z

Below is the text of the Personal Data (Protection) Bill, 2013 as discussed at the 6th Privacy Roundtable, New Delhi held on 24 August 2013. Note: This version of the Bill caters only to the Personal Data regime. The surveillance and privacy of communications regime was not discussed at the 6th Privacy Roundtable.

For more details visit https://cis-india.org/internet-governance/blog/the-personal-data-protection-bill-2013

The Panama Papers and the question of privacy

praskrishna — 2016-04-24T14:03:35Z

This statement was originally published on privacyinternational.org on 4 April 2016.

Read the entry by Claire Lauterbach published in Big News Network on April 6, 2016. Sunil Abraham was quoted.

We do agree with Ramon Fonseca about one thing: that "Each person has a right to privacy, whether they are a king or a beggar."

But that's where our commonality with co-founder of disgraced Panama law firm Mossack Fonseca ends.

Last year, a whistleblower leaked 11.5 million documents about the firm's business brokering offshore companies, details of which were published yesterday. Reportedly the largest leak in journalistic history, the cache reveals hidden assets by a dozen current and former world leaders, and scores of celebrities and tycoons, some of which are linked to high level corruption scandals.

This scandal isn't about privacy, though. If anything, it's about the need for transparency about how the powerful wield their power. We need transparency - and good solid investigation - to understand where and how our right to privacy is eroded.

Privacy and transparency are not opposites. They are two sides of the same coin. As privacy advocates, we use transparency capabilities to investigate surveillance. Meanwhile, privacy as a right requires transparency from the institutions that gather and use our data.

Privacy International, like other human rights groups, conducts investigations in the public interest. That allows us to understand, for example, how Colombia built a shadow surveillance system despite evidence of illegal interceptions, or how UK police appear to be collecting private communications data at protests, according to a Vice News investigation.

Many of the Panama Papers' revelations are in the public interest insofar as they concern the transformation of public assets - like taxpayers' money and state funds - into private gains, and allow the powerful to avoid scrutiny. Privacy and transparency are not opposites. They are two sides of the same coin.

Fonseca called journalism around the leaked files an "international campaign against privacy".

But what Fonseca is really doing is advocating a status quo of 'privacy for the kings, and transparency for the beggars'. Or rather, privacy for the business moguls, politicians, corporations and government agencies, and transparency for the citizens, consumers, activists and journalists.

For the public, our financial systems are now surveiled by design. Our transactions are labelled as suspicious and sent for mining by intelligence agencies. We need IDs to open accounts, and our records are profiled by credit agencies who facilitate key decisions about us and our families. Secretive institutions collate this information to decide whether or not we are terrorists. While a certain degree of this is necessary for public order, what's clear is that we are watched while the 'kings' are able to circumvent many of these measures and escape scrutiny. We should never make the mistake of conflating the right to privacy for the individual with the desire to hide shadowy, ethically dubious, borderline-or-actual illegal activity for the immensely wealthy and powerful.

The real issues around privacy include: the spreading of draconian laws, from the UK, to Pakistan, to Kenya, that sanction warrantless surveillance and online monitoring, with insufficient protection for the public. It's the intrusive biometric registration of some of the most desperate people, like refugees from Dadaab to Calais, desperate for food and medical care. It's the instrumentalisation of consumer data to draw conclusions about us, with or without our consent. It's also the parallel trend of rolling back Freedom of Information laws (see: UK and United States). And, as the Panama Papers show, it is allowing transfers of public funds for private gain to be obscured.

That is the real "campaign against privacy" - not public interest journalism.

As our friend and partner Sunil Abraham, Executive Director of the Centre for Internet and Society in India states succinctly, the right to privacy should "be inversely proportionate to power and almost conversely the requirement of transparency to be directly proportionate to power."

For more details visit https://cis-india.org/internet-governance/news/big-news-network-april-6-2016-claire-lauterbach-panama-papers-and-question-of-privacy

The Niira Radia Tapes: Scrutinizing the Snoopers

praskrishna — 2011-04-02T07:29:21Z

There’s been plenty of outrage in India over taped phone calls between corporate lobbyist Niira Radia and local journalists, revealing what some people believe is evidence that star reporters at the country’s newspapers and TV channels are too cozy with the subjects they’re supposed to be reporting on.

Amid that firestorm, though, there’s been much less scrutiny of why and how the wiretaps happened in the first place, whether they were justified or a governmental overreach, and how these infamous tapes got from the government into the hands of media companies.

Here are just a few questions that merit more consideration: Who orders telephone surveillance in India and on what grounds? How often is it done? What protections are in place to ensure government officials don’t abuse their surveillance authority to settle scores with journalists, corporate officials or ordinary citizens they have a beef with?

The quick answer to all of these: India trusts its bureaucrats to do the right thing. The central government’s Home Secretary, along with some intelligence agencies and state officials, has the authority to approve wiretaps. Unlike in the U.S. and other countries, where investigators must generally obtain court warrants for surveillance to pursue matters ranging from drug-trafficking to insider trading, in India there is no such legal tradition or rule.

“There is no oversight infrastructure, either in parliament or in the judiciary,” said Sunil Abraham, executive director of the Bangalore-based Center for Internet and Society. There is only “post facto” protection in the sense that you can sue the government later if you feel you were wrongly wiretapped, he said.

According to local media reports, industrial giant Ratan Tata on Monday petitioned the Supreme Court over the leaking of the tapes, on which he is heard bantering with Ms. Radia (his lobbyist) about a range of topics related to the $70 billion Tata Group. The reports say he feels the episode violated his privacy and wants the leakers to be punished. (While there’s no explicit constitutional protection of privacy in India, the Supreme Court in some cases has held it is covered by Article 21 of the Constitution, which says, “No person shall be deprived of his life or personal liberty except according to procedure established by law.”)

A report in the Economic Times Monday said government is going to investigate the leak. A Home Ministry spokesman declined to comment on whether an inquiry has been launched but said India’s system of allowing a handful of security and intelligence officials to approve or deny wiretaps sufficiently guards Indian citizens’ privacy. “It isn’t an unchecked kind of thing, that anyone can just do it,” the spokesman said.

India draws its wiretap authority from a few laws, including the 1885 Telegraph Act and a separate information technology law enacted in 2000 and amended in 2008. The government can tap phones or intercept emails for reasons such as “any public emergency” or “in the interest of the public safety” – pretty broad language that gives a lot of leeway to bureaucrats, critics say.

A report in the Hindu last week claimed that more than 5,000 Indian phones are being bugged daily, citing anonymous sources. Mr. Abraham, of the Center for Internet and Society, says that breadth of surveillance in a country of 1.2 billion people wouldn’t be unreasonable. But his organization is planning a Right to Information request to find out more about the scope of government wiretapping.

The government may have had good reasons to conduct the wiretaps of Ms. Radia, which local media reports say were done by the income tax department for two four-month stints in 2008 and 2009, during which time they reportedly logged 5,851 calls.

The income tax agency hasn’t stated publicly what the rationale was and its officials declined to comment Monday.

Media reports suggest that the material was supposed to help probe the irregular allocation of mobile phone spectrum in 2008 to several Indian telecom firms. (The official in charge of that allocation, A. Raja, resigned as telecom minister Nov. 14 amid charges that he rigged the process to favor some companies over others.)

But much of the content in the several hours of so-called “2G tapes” that have leaked to Indian news organizations has little or nothing to do with taxes or 2G spectrum. There’s talk of the billionaire Ambani brothers’ natural gas pricing dispute, mining policy, a dog who is named Google because he is good at finding things, which corporate honchos are easy to get on the phone, and plenty of titillating exchanges between New Delhi’s power brokers on the politics of cabinet appointments. Some pretty top-notch gossip, in other words.

To be sure, the content on the tapes does raise disturbing and serious questions about whether some elements of the Indian media carry water for particular government ministers or corporations. And it pulls the veil back on how the titans of Indian business and politics shape policy away from the public spotlight, as Siddharth Varadarajan explained in Monday’s edition of the Hindu when he made a clever analogy to the movie The Matrix. (We’ve separately parsed the contents of some of the tapes for their potential significance.)

But it’s still worth asking tough questions about the legal and ethical foundations of wiretapping citizens, because, as Indian civil liberties expert Lawrence Liang said in an email, “if this can happen to a Nira Radia, then it can easily be used for a Nida Nobody.”

Update, 5:09 p.m.: “A Home Ministry spokesman confirmed the ministry has asked the Intelligence Bureau and Central Board of Direct Taxes to conduct a probe into the leak.”

Read the original in Wall Street Journal

For more details visit https://cis-india.org/news/niira-radia-tapes

The New Right to Privacy Bill 2011 — A Blind Man's View of the Elephunt

Prashant Iyengar — 2012-02-29T05:45:41Z

Over the past few days various newspapers have reported the imminent introduction in Parliament, during the upcoming Monsoon session, of a Right to Privacy Bill. Since the text of this bill has not yet been made accessible to the public, this post attempts to grope its way – through guesswork – towards a picture of what the Bill might look like from a combined reading of all the newspaper accounts, writes Prashant Iyengar in this blog post which was posted on the Privacy India website on June 8, 2011.

I am relying entirely on the following three newspaper accounts in the Times of India, the Hindu and the Deccan Chronicle.

A Constitutional/Fundamental Right?

The Times of India piece which broke the story seems to have misunderstood/misquoted Law Minister Veerappa Moily. The article is titled “Right to privacy may become fundamental right” which connotes a constitutional amendment. However this is inconsistent with the later portions of the same article as well as subsequent newspaper accounts in DC and the Hindu. So its safe to assume that this will not be a fundamental right to privacy, but a statutory right to privacy – like what the Right to Information Act grants us.

Preamble

I’m extrapolating here from the Hindu article:

"To provide for such a right [of privacy] to citizens of India AND to regulate collection, maintenance, use and dissemination of their personal information."

So it’s an omnibus Privacy and Data Protection Law that’s being passed. How nice. This addresses some of the misgivings that we had last year against the "Approach Paper on Privacy" released by the Department of Personnel and Training.

Definition of ‘Right to Privacy’

The Hindu article appears to quote directly from the Bill.

Every individual shall have a right to his privacy — confidentiality of communication made to, or, by him — including his personal correspondence, telephone conversations, telegraph messages, postal, electronic mail and other modes of communication; confidentiality of his private or his family life; protection of his honour and good name; protection from search, detention or exposure of lawful communication between and among individuals; privacy from surveillance; confidentiality of his banking and financial transactions, medical and legal information and protection of data relating to individual.

This is a wonderfully expansive definition of the right to privacy which spans diverse areas including privacy of communications, reputational privacy, bodily/physical privacy, confidentiality, privacy of records and data protection. I’m especially pleased that this section does not limit this right to privacy only to claims against the state (as in the Right to Information Act).

The Deccan Chronicle article contains a slightly different definition of 'right to privacy' under the Bill. Here the right to privacy includes "confidentiality of communication, family life, bank and health records, protection of honour and good name and protection from use of photographs, fingerprints, DNA samples and other samples taken at police stations and other places."

This wording is slightly more granular, but less broad. I’m wondering if it is a part of the same section, or a different one entirely.

Interception

What is most interesting is the attempt made in this Bill at harmonization of interception rules across all modes of "communication". (Currently there are different rules/procedures that followed depending on the mode of communication used – Indian Post Act, Telegraph Act, IT Act.)

Here are some of the sweeping changes sought to be introduced:

The bill prohibits interception of communications except in certain cases with approval of Secretary-level officer – not below the rank of home secretary at the Central level and home secretaries in state governments
Mandatory destruction of intercepted material by the service provider within two months of discontinuance of interception.
Constitution of a Central Communication Interception Review Committee (CCIRC) to examine and review all interception orders passed (under all Acts?).
CCIRC empowered to order destruction of material intercepted under the Telgraph Act.
"unauthorised interception" (by whom?) punishable with a maximum of five years’ imprisonment, or a fine of Rs 1 lakh, or both, for each such interception. This makes it a cognizable, non-bailable offense.
Disclosure of legally intercepted communication by “government officials, employees of service providers and other persons” will be punishable with imprisonment up to three years. (It is unclear whether this will be a cognizable offence or not)

Data Protection

The Bill adds muscle to the newly introduced Data Protection Rules under the IT Act, by creating an overarching statutory regime for Data Protection.

Thus, the bill forbids "any person having a place of business in India but has data using equipment located in India" from collecting or processing, using or disclosing "any data relating to individual to any person without consent of such individual". I assume that there will be exceptions to this section. The wording of this section seems to preclude its application to the government (unless you can interpret the ‘government’ to mean ‘a person having a place of business in India’. I have no views on the likelihood of that argument.

The bill evidently authorizes the establishment of an oversight body called “Data Protection Authority of India” that will investigate complaints about alleged violations of data protection. The following appear to be the functions of this body

to monitor development in data processing and computer technology;
to examine law and to evaluate its effect on data protection
to give recommendations and to receive representations from members of the public on any matter generally affecting data protection.
to investigate any data security breach and issue orders to safeguard the security interests of affected individuals whose personal data has or is likely to have been compromised by such breach.

Video Surveillance

The bill includes a very interesting prohibition on "closed circuit television or other electronic or by any other mode", except in certain cases as per the specified procedure.

No further details are provided about the exceptions or the procedure and one expects the devil to be in the details.

Bodily Privacy

The bill prohibits "surveillance by following a person".

This innocuously worded provision has the potential to effect sweeping changes in the criminal administration of this country (if it is even applicable to the state police machinery) . Currently, Police Acts in the various states contain no provisions that enable a person to challenge the surveillance imposed on them. This new section could provide a powerful new shield to the victims of police harassment.

Impersonation and Financial Fraud

In a section apparently dealing with identity theft, the Bill criminalises inter alia "posing as another person when apprehended for a crime" and "using another’s identity to obtain credit, goods and services".

I think the first (at least) is unnecessary since it is already covered by the crime of Impersonation under the IPC.

Residual

A curious provision appears to be a fine imposed on “any persons who obtain any record of information concerning an individual from any officer of the government or agency under false pretext”. Such a person shall be punishable with a fine of up to Rs. 5 lakh.(unclear whether there is a term of imprisonment in addition).

It will be interesting to see how this section conflicts with the Right to Information under which no 'pretext' need be given to the public authority.

I also think it is ill-conceived to penalise the person obtaining the record of information – the government body in custody of the information should be made more responsible in scrutinizing the 'pretext' before handing over such information.

Tailpiece

That’s all I can make out from the three articles referenced. Looks like it’s going to be a really interesting bill. I’m optimistic about it for the sincere attempt it appears to make to grapple with the protean nature of Privacy concerns we encounter. Veerappa Moily has claimed that this bill will be introduced in the monsoon session in July but has also cautioned that "it’s difficult to commit the timeframe". I think we should make haste slowly with this Bill and hope that the Law Ministry will have the wisdom to solicit public comment before introducing it in Parliament.

I’d greatly appreciate someone sending me a copy of the bill if you have access to it.

Read the article published on the Privacy India website here.

For more details visit https://cis-india.org/internet-governance/blog/privacy/new-right-to-privacy-bill

The National Privacy Roundtable Meetings

bhairav — 2014-03-21T10:03:44Z

The Centre for Internet & Society ("CIS"), the Federation of Indian Chambers of Commerce and Industry ("FICCI"), the Data Security Council of India ("DSCI") and Privacy International are, in partnership, conducting a series of national privacy roundtable meetings across India from April to October 2013. The roundtable meetings are designed to discuss possible frameworks to privacy in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Background: The Roundtable Meetings and Organisers

CIS is a Bangalore-based non-profit think-tank and research organisation with interests in, amongst other fields, the law, policy and practice of free speech and privacy in India. FICCI is a non-governmental, non-profit association of approximately 250,000 Indian bodies corporate. It is the oldest and largest organisation of businesses in India and represents a national corporate consensus on policy issues. DSCI is an initiative of the National Association of Software and Service Companies, a non-profit trade association of Indian information technology ("IT") and business process outsourcing ("BPO") concerns, which promotes data protection in India. Privacy International is a London-based non-profit organisation that defends and promotes the right to privacy across the world.

Privacy in the Common Law and in India

Because privacy is a multi-faceted concept, it has rarely been singly regulated. A taxonomy of privacy yields many types of individual and social activity to be differently regulated based on the degree of harm that may be caused by intrusions into these activities.[1]

The nature of the activity is significant; activities that are implicated by the state are attended by public law concerns and those conducted by private persons inter se demand market-based regulation. Hence, because the principles underlying warranted police surveillance differ from those prompting consensual collections of personal data for commercial purposes, legal governance of these different fields must proceed differently. For this and other reasons, the legal conception of privacy — as opposed to its cultural construction – has historically been diverse and disparate.

Traditionally, specific legislations have dealt separately with individual aspects of privacy in tort law, constitutional law, criminal procedure and commercial data protection, amongst other fields. The common law does not admit an enforceable right to privacy.[2] In the absence of a specific tort of privacy, various equitable remedies, administrative laws and lesser torts have been relied upon to protect the privacy of claimants.[3]

The question of whether privacy is a constitutional right has been the subject of limited judicial debate in India. The early cases of Kharak Singh (1964)[4] and Gobind (1975)[5] considered privacy in terms of physical surveillance by the police in and around the homes of suspects and, in the latter case, the Supreme Court of India found that some of the Fundamental Rights “could be described as contributing to the right to privacy” which was nevertheless subject to a compelling public interest. This inference held the field until 1994 when, in the Rajagopal case (1994),[6] the Supreme Court, for the first time, directly located privacy within the ambit of the right to personal liberty guaranteed by Article 21 of the Constitution of India. However, Rajagopal dealt specifically with a book, it did not consider the privacy of communications. In 1997, the Supreme Court considered the question of wiretaps in the PUCL case (1996)[7] and, while finding that wiretaps invaded the privacy of communications, it continued to permit them subject to some procedural safeguards.[8] A more robust statement of the right to privacy was made recently by the Delhi High Court in the Naz Foundation case (2011)[9] that de-criminalised consensual homosexual acts; however, this judgment is now in appeal.

Attempts to Create a Statutory Regime

The silence of the common law leaves the field of privacy in India open to occupation by statute. With the recent and rapid growth of the Indian IT and BPO industry, concerns regarding the protection of personal data to secure privacy have arisen. In May 2010, the European Union ("EU") commissioned an assessment of the adequacy of Indian data protection laws to evaluate the continued flow of personal data of European data subjects into India for processing. That assessment made adverse findings on the adequacy and preparedness of Indian data protection laws to safeguard personal data.[10]

Conducted amidst negotiations for a free trade agreement between India and the EU, the failed assessment potentially impeded the growth of India’s outsourcing industry that is heavily reliant on European and North American business.

Consequently, the Department of Electronics and Information Technology of the Ministry of Communications and Information Technology, Government of India, issued subordinate legislation under the rule-making power of the Information Technology Act, 2000 ("IT Act"), to give effect to section 43A of that statute. These rules – the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("Personal Data Rules")[11] — were subsequently reviewed by the Committee on Subordinate Legislation of the 15^th Lok Sabha.[12] The Committee found that the Personal Data Rules contained clauses that were ambiguous, invasive of privacy and potentially illegal.[13]

In 2011, a draft privacy legislation called the ‘Right to Privacy Bill, 2011’, which was drafted within the Department of Personnel and Training ("DoPT") of the Ministry of Personnel, Public Grievances and Pensions, Government of India, was made available on the internet along with several file notings ("First DoPT Bill"). The First DoPT Bill contained provisions for the regulation of personal data, interception of communications, visual surveillance and direct marketing. The First DoPT Bill was referred to a Committee of Secretaries chaired by the Cabinet Secretary which, on 27 May 2011, recommended several changes including re-drafts of the chapters relating to interception of communications and surveillance.

Aware of the need for personal data protection laws to enable economic growth, the Planning Commission constituted a Group of Experts under the chairmanship of Justice Ajit P. Shah, a retired Chief Justice of the Delhi High Court who delivered the judgment in the Naz Foundation case, to study foreign privacy laws, analyse existing Indian legal provisions and make specific proposals for incorporation into future Indian law. The Justice Shah Group of Experts submitted its Report to the Planning Commission on 16 October 2012 wherein it proposed the adoption of nine National Privacy Principles.[14] These are the principles of notice, choice and consent, collection limitation, purpose limitation, disclosure of information, security, openness, and accountability. The Report recommended the application of these principles in laws relating to interception of communications, video and audio recordings, use of personal identifiers, bodily and genetic material, and personal data.

Criminal Procedure and Special Laws Relating to Privacy

While the Kharak Singh and Gobind cases first brought the questions of permissibility and limits of police surveillance to the Supreme Court, the power to collect information and personal data of a person is firmly embedded in Indian criminal law and procedure. Surveillance is an essential condition of the nation-state; the inherent logic of its foundation requires the nation-state to perpetuate itself by interdicting threats to its peaceful existence. Surveillance is a method by which the nation-state’s agencies interdict those threats. The challenge for democratic countries such as India is to find the optimal balance between police powers of surveillance and the essential freedoms of its citizens, including the right to privacy.

The regime governing the interception of communications is contained in section 5(2) of the Indian Telegraph Act, 1885 ("Telegraph Act") read with rule 419A of the Indian Telegraph Rules, 1951 ("Telegraph Rules"). The Telegraph Rules were amended in 2007[15] to give effect to, amongst other things, the procedural safeguards laid down by the Supreme Court in the PUCL case. However, India’s federal scheme permits States to also legislate in this regard. Hence, in addition to the general law on interceptions contained in the Telegraph Act and Telegraph Rules, some States have also empowered their police forces with interception functions in certain cases.[16] Ironically, even though some of these State laws invoke heightened public order concerns to justify their invasions of privacy, they establish procedural safeguards based on the principle of probable cause that surpasses the Telegraph Rules.

In addition, further subordinate legislation issued to fulfil the provisions of sections 69(2) and 69B(3) of the IT Act permit the interception and monitoring of electronic communications — including emails — to collect traffic data and to intercept, monitor, and decrypt electronic communications.[17]

The proposed Privacy (Protection) Bill, 2013 and Roundtable Meetings

In this background, the proposed Privacy (Protection) Bill, 2013 seeks to protect privacy by regulating (i) the manner in which personal data is collected, processed, stored, transferred and destroyed — both by private persons for commercial gain and by the state for the purpose of governance; (ii) the conditions upon which, and procedure for, interceptions of communications — both voice and data communications, including both data-in-motion and data-at-rest — may be conducted and the authorities permitted to exercise those powers; and, (iii) the manner in which forms of surveillance not amounting to interceptions of communications — including the collection of intelligence from humans, signals, geospatial sources, measurements and signatures, and financial sources — may be conducted.

Previous roundtable meetings to seek comments and opinion on the proposed Privacy (Protection) Bill, 2013 took place at:

New Delhi: April 13, 2013 (http://bit.ly/17REl0W) with 45 participants;
Bangalore: April 20, 2013 (http://bit.ly/162t8rU) with 45 participants;
Chennai: May 18, 2013 (http://bit.ly/12ICGYD) with 25 participants.
Mumbai, June 15, 2013 (http://bit.ly/12fJSvZ) with 20 participants;
Kolkata: July 13, 2013 (http://bit.ly/11dgINZ) with 25 participants; and
New Delhi: August 24, 2013 (http://bit.ly/195cWIf) with 40 participants.

The roundtable meetings were multi-stakeholder events with participation from industry representatives, lawyers, journalists, civil society organizations and Government representatives. On an average, 75 per cent of the participants represented industry concerns, 15 per cent represented civil society and 10 per cent represented regulatory authorities. The model followed at the roundtable meetings allowed for equal participation from all participants.

[1]. See generally, Dan Solove, “A Taxonomy of Privacy” University of Pennsylvania Law Review (Vol. 154, No. 3, January 2006).

[2]. Wainwright v. Home Office [2003] UKHL 53.

[3]. See A v. B plc [2003] QB 195; Wainwright v. Home Office [2001] EWCA Civ 2081; R (Ellis) v. Chief Constable of Essex Police [2003] EWHC 1321 (Admin).

[4]. Kharak Singh v. State of Uttar Pradesh AIR 1963 SC 1295.

[5]. Gobind v. State of Madhya Pradesh AIR 1975 SC 1378.

[6]. R. Rajagopal v. State of Tamil Nadu AIR 1995 SC 264.

[7]. People’s Union for Civil Liberties v. Union of India (1997) 1 SCC 30.

[8]. A Division Bench of the Supreme Court of India comprising Kuldip Singh and Saghir Ahmad, JJ, found that the procedure set out in section 5(2) of the Indian Telegraph Act, 1885 and rule 419 of the Indian Telegraph Rules, 1951 did not meet the “just, fair and reasonable” test laid down in Maneka Gandhi v. Union of India AIR 1978 SC 597 requisite for the deprivation of the right to personal liberty, from whence the Division Bench found a right to privacy emanated, guaranteed under Article 21 of the Constitution of India. Therefore, Kuldip Singh, J, imposed nine additional procedural safeguards that are listed in paragraph 35 of the judgment.

[9]. Naz Foundation v. Government of NCT Delhi (2009) 160 DLT 277.

[10]. The 2010 data adequacy assessment of Indian data protection laws was conducted by Professor Graham Greenleaf. His account of the process and his summary of Indian law can found at Graham Greenleaf, "Promises and Illusions of Data Protection in Indian Law" International Data Privacy Law (47-69, Vol. 1, No. 1, March 2011).

[11]. The Rules were brought into effect vide Notification GSR 313(E) on 11 April 2011. CIS submitted comments on the Rules that can be found here – http://cis-india.org/internet-governance/blog/comments-on-the-it-reasonable-security-practices-and-procedures-and-sensitive-personal-data-or-information-rules-2011.

[12]. The Committee on Subordinate Legislation, a parliamentary ‘watchdog’ committee, is mandated by rules 317-322 of the Rules of Procedure and Conduct of Business in the Lok Sabha (14^th edn., New Delhi: Lok Sabha Secretariat, 2010) to examine the validity of subordinate legislation.

[13]. See the 31^st Report of the Committee on Subordinate Legislation that was presented on 21 March 2013.

[14]. See paragraphs 7.14-7.17 on pages 69-72 of the Report of the Group of Experts on Privacy, 16 October 2012, Planning Commission, Government of India.

[15]. See, the Indian Telegraph (Amendment) Rules, 2007, which were brought into effect vide Notification GSR 193(E) of the Department of Telecommunications of the Ministry of Communications and Information Technology, Government of India, dated 1 March 2007.

[16]. See, inter alia, section 14 of the Maharashtra Control of Organised Crime Act, 1999; section 14 of the Andhra Pradesh Control of Organised Crime Act, 2001; and, section 14 of the Karnataka Control of Organised Crime Act, 2000.

[17]. See, the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data and Information) Rules, 2009 vide GSR 782 (E) dated 27 October 2009; and, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 vide GSR 780 (E) dated 27 October 2009.

For more details visit https://cis-india.org/internet-governance/blog/national-privacy-roundtable-meetings

The Mother and Child Tracking System - understanding data trail in the Indian healthcare systems

ambika — 2019-12-30T17:18:05Z

This article was first published by Privacy International, on October 17, 2019

Case study of MCTS: Read

On October 17th 2019, the UN Special Rapporteur (UNSR) on Extreme Poverty and Human Rights, Philip Alston, released his thematic report on digital technology, social protection and human rights. Understanding the impact of technology on the provision of social protection – and, by extent, its impact on people in vulnerable situations – has been part of the work the Centre for Internet and Society (CIS) and Privacy International (PI) have been doing.

Earlier this year, PI responded to the UNSR's consultation on this topic. We highlighted what we perceived as some of the most pressing issues we had observed around the world when it comes to the use of technology for the delivery of social protection and its impact on the right to privacy and dignity of benefit claimants.

Among them, automation and the increasing reliance on AI is a topic of particular concern - countries including Australia, India, the UK and the US have already started to adopt these technologies in digital welfare programmes. This adoption raises significant concerns about a quickly approaching future, in which computers decide whether or not we get access to the services that allow us to survive. There's an even more pressing problem. More than a few stories have emerged revealing the extent of the bias in many AI systems, biases that create serious issues for people in vulnerable situations, who are already exposed to discrimination, and made worse by increasing reliance on automation.

Beyond the issue of AI, we think it is important to look at welfare and automation with a wider lens. In order for an AI to function it needs to be trained on a dataset, so that it can understand what it is looking for. That requires the collection large quantities of data. That data would then be used to train and AI to recognise what fraudulent use of public benefits would look like. That means we need to think about every data point being collected as one that, in the long run, will likely be used for automation purposes.

These systems incentivise the mass collection of people's data, across a huge range of government services, from welfare to health - where women and gender-diverse people are uniquely impacted. CIS have been looking specifically at reproductive health programmes in India, work which offers a unique insight into the ways in which mass data collection in systems like these can enable abuse.

Reproductive health programmes in India have been digitising extensive data about pregnant women for over a decade, as part of multiple health information systems. These can be seen as precursors to current conceptions of big data systems within health informatics. India’s health programme instituted such an information system in 2009, the Mother and Child Tracking System (MCTS), which is aimed at collecting data on maternal and child health. The Centre for Internet and Society, India, undertook a case study of the MCTS as an example of public data-driven initiatives in reproductive health. The case study was supported by the Big Data for Development network supported by the International Development Research Centre, Canada. The objective of the case study was to focus on the data flows and architecture of the system, and identify areas of concern as newer systems of health informatics are introduced on top of existing ones. The case study is also relevant from the perspective of Sustainable Development Goals, which aim to rectify the tendency of global development initiatives to ignore national HIS and create purpose-specific monitoring systems.

After being launched in 2011, 120 million (12 crore) pregnant women and 111 million (11 crore) children have been registered on the MCTS as of 2018. The central database collects data on each visit of the woman from conception to 42 days postpartum, including details of direct benefit transfer of maternity benefit schemes. While data-driven monitoring is a critical exercise to improve health care provision, publicly available documents on the MCTS reflect the complete absence of robust data protection measures. The risk associated with data leaks are amplified due to the stigma associated with abortion, especially for unmarried women or survivors of rape.

The historical landscape of reproductive healthcare provision and family planning in India has been dominated by a target-based approach. Geared at population control, this approach sought to maximise family planning targets without protecting decisional autonomy and bodily privacy for women. At the policy level, this approach was shifted in favour of a rights-based approach to family planning in 1994. However, targets continue to be set for women’s sterilisation on the ground. Surveillance practices in reproductive healthcare are then used to monitor under-performing regions and meet sterilisation targets for women, this continues to be the primary mode of contraception offered by public family planning initiatives.

More recently, this database - among others collecting data about reproductive health - is adding biometric information through linkage with the Aadhaar infrastructure. This data adds to the sensitive information being collected and stored without adhering to any publicly available data protection practices. Biometric linkage is aimed to fulfill multiple functions - primarily authentication of welfare beneficiaries of the national maternal benefits scheme. Making Aadhaar details mandatory could directly contribute to the denial of service to legitimate patients and beneficiaries - as has already been seen in some cases.

The added layer of biometric surveillance also has the potential to enable other forms of abuse of privacy for pregnant women. In 2016, the union minister for Women and Child Development under the previous government suggested the use of strict biometric-based monitoring to discourage gender-biased sex selection. Activists critiqued the policy for its paternalistic approach to reduce the rampant practice of gender-biased sex selection, rather than addressing the root causes of gender inequality in the country.

There is an urgent need to rethink the objectives and practices of data collection in public reproductive health provision in India. Rather than continued focus on meeting high-level targets, monitoring systems should enable local usage and protect the decisional autonomy of patients. In addition, the data protection legislation in India - expected to be tabled in the next session in parliament - should place free and informed consent, and informational privacy at the centre of data-driven practices in reproductive health provision.

This is why the systematic mass collection of data in health services is all the more worrying. When the collection of our data becomes a condition for accessing health services, it is not only a threat to our right to health that should not be conditional on data sharing but also it raises questions as to how this data will be used in the age of automation.

This is why understanding what data is collected and how it is collected in the context of health and social protection programmes is so important.

For more details visit https://cis-india.org/internet-governance/blog/privacy-international-ambika-tandon-october-17-2019-mother-and-child-tracking-system-understanding-data-trail-indian-healthcare

The Ministry And The Trace: Subverting End-To-End Encryption

Gurshabad Grover, Tanaya Rajwade and Divyank Katira — 2021-07-12T08:18:18Z

A legal and technical analysis of the 'traceability' rule and its impact on messaging privacy.

The paper was published in the NUJS Law Review Volume 14 Issue 2 (2021).

Abstract

End-to-end encrypted messaging allows individuals to hold confidential conversations free from the interference of states and private corporations. To aid surveillance and prosecution of crimes, the Indian Government has mandated online messaging providers to enable identification of originators of messages that traverse their platforms. This paper establishes how the different ways in which this ‘traceability’ mandate can be implemented (dropping end-to-end encryption, hashing messages, and attaching originator information to messages) come with serious costs to usability, security and privacy. Through a legal and constitutional analysis, we contend that traceability exceeds the scope of delegated legislation under the Information Technology Act, and is at odds with the fundamental right to privacy.

Click here to read the full paper.

For more details visit https://cis-india.org/internet-governance/blog/the-ministry-and-the-trace-subverting-end-to-end-encryption