Centre for Internet and Society

Targeting surveillance

praskrishna — 2014-12-30T14:10:58Z

In the fall of 2005, Scotland Yard raided a flat in west London and arrested a suspected al-Qaeda militant known by a teasing Arabic nickname, Irhabi (“Terrorist”) 007.

The article by Ajai Sreevatsan was published in the Hindu on December 28, 2014. Sunil Abraham gave his inputs.

The similarities between Irhabi 007, later identified as Younis Tsouli, and India’s Mehdi Masoor Biswas are uncanny.

Neither participated in any terror attack. Their reputation stems from an alleged involvement as cyber propagandists for proto-terror groups — Irhabi was distributing manuals and teaching online seminars on behalf of the emerging al-Qaeda faction in Iraq, while Mehdi is alleged to be an IS sympathiser. Both in their early 20s with cover identities during the day, and separated by a decade in technological evolution.

Such expertise within terror groups is hardly surprising, says Sunil Abraham of the Centre for Internet and Society. “Any organisation engaged in a war for hearts and minds and oil fields will exploit contemporary technology to its fullest potential,” he says.

Irhabi currently serves a 16-year jail term, while Mehdi awaits his trial. What their cases highlight is that the phenomenon of young, tech-savvy armchair radicals is nothing new.

Research done at Israel’s Haifa University, which tracks the proliferation of terrorist websites, shows that the number of such sites went up from fewer than 100 in the late-1990s to more than 4,800 in just a decade. There is also credible evidence that an al-Qaeda website posted a sketched-out proposal for the 2004 Madrid bombings three months before the attack. Another macabre example is the crowd-sourcing effort launched in 2005 by the Victorious Army Group to build its website. By the competition’s rules, the winner would get to fire a rocket at an American base.

As Indian agencies gear up to respond to similar online threats in this part of the world, Mr. Abraham says India should not repeat the mistakes made by the West over the previous decade. “We should not get caught up in big data surveillance,” he says.

“Surveillance is like salt. It could be counter-productive even if slightly in excess. Ideally, surveillance must be targeted. Indiscriminate surveillance just increases the size of the haystack, making it difficult to find the needles,” Mr. Abraham says.

“Even in the case of Mehdi, his identity was uncovered not by online spying but by Channel 4 which did some old-fashioned detective work,” he says.

In any case, recent events show that the threat of online terror propaganda might be overblown. Much like online activism, it is subject to the law of diminishing returns.

A set of letters sent by newly recruited volunteers of IS was leaked to the French newspaper Le Figaro earlier this month and it shows youngsters complaining about being made to do the dishes or the Iraqi winter. One of them wrote: “I’m fed up to the back teeth. My iPod no longer works out here. I have got to come home.” Of the estimated 1,100 young French who are believed to have joined the IS, more than 100 have already returned.

The IS may have Twitter on its side. But the harsh realities of Iraq and the gruesome ideology behind the slick doctrinal videos are a lot harder to sell.

Mr. Abraham says there is no such thing as a Twitter revolution or a social media terror group. “Such statements underestimate the role of ideology and human beings,” he says.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-december-28-2014-ajai-sreevatsan-targeting-surveillance

Why did India fail to discover the ISIS Twitter handle?

praskrishna — 2014-12-27T03:27:16Z

India's surveillance system fails to track the servers of internet giants like Google or Facebook because these do not have servers in the country, says a leading cyber law expert.

The article by Anita Babu was published in the Business Standard on December 26, 2014. Sunil Abraham gave his inputs.

Back in 2009, after the investigation team, probing into the 26/11 Mumbai terror attacks, almost cracked the case, it was the US’s Federal Bureau of Investigation (FBI) which connected the missing links by arresting David Headley, the mastermind.

Five years later, India is staring at a similar situation, when Bengaluru-based Mehdi Masroor Biswas, was allegedly found to be operating a pro-ISIS (Islamic State) Twitter handle. It was a British broadcaster, Channel 4, which blew the lid off Biswas’s activity. Soon after the report, Indian authorities swung into action. Last year, when communal violence broke out in some parts of Uttar Pradesh, a Pakistani news organisation reported that a fake video was being circulated to fan sentiments.

But, why have Indian agencies failed to detect such activities which pose a threat to the national security? A senior government official said intelligence agencies in the country scan the internet for leads. But, in the light of increased threats, systems need to be beefed up significantly. Perhaps, as a first step towards this, the home ministry on Wednesday formed a committee to prepare a road map for tackling cyber crimes in the country.

It will give suitable recommendations on all facets of cyber crime, apart from suggesting possible partnerships with public and private sector, non-governmental organisations and international bodies.

According to Sunil Abraham, executive director of a Bengaluru-based research organisation, the Centre for Internet and Society, it’s time we move closer towards intelligent and targeted surveillance, rather than mass surveillance. This will require monitoring a selected accounts or profiles, instead of tapping information from across the population. Old-fashioned detective work is also very important, as it has helped zero in on Biswas.

Another problem the country faces is that a lot of data is being pooled in by multiple agencies, but of little use. “We must free up our law enforcement agencies and intelligence services from the curse of having too much data,” Abraham adds. Since most of the internet companies are headquartered outside India, the authorities face a lot of difficulties in accessing information from these networks.

“India’s surveillance system fails to track the servers of internet giants like Google or Facebook because these do not have servers in the country. Our system is only confined within the country,” says Pavan Duggal, a leading cyber law expert.

Since the US has the capability to access information from telecom companies, service providers such as Twitter and Facebook and the consortia that run submarine cables, these companies cooperate in a much more effective and immediate manner, adds Abraham. “But these are things that we will never be able to do in India,” he adds.

For instance, India follows the mutual legal assistance treaty procedure, to gather and exchange information in an effort to enforce public laws or criminal laws. However, this is a time-consuming process and often takes up to two years before we get any data from these companies.

But due to the threat of cyber-terrorism being shared by both companies and governments, companies such as Google, Twitter and Facebook are cooperating more than before, experts say.

Internet and Jurisdiction Project, an international group that works towards ensuring digital coexistence, tries to get a procedural law between two countries in a harmonised manner and includes collection, storage, handling and processing of evidence.

More lubricating efforts should be undertaken internationally on these lines, say experts. Hopefully, the new committee will take steps in this direction.

For more details visit https://cis-india.org/internet-governance/news/business-standard-december-26-2014-anita-babu-why-india-failed-to-discover-the-isis-twitter-handle

Security, Governments, and Data: Technology and Policy

elonnai — 2014-12-24T08:06:59Z

The Centre for Internet & Society and the Observer Research Foundation invite you to a one day conference on January 8, 2015 in New Delhi.

About the Conference

The conference will focus on the technologies, policies, and practices around cyber security and surveillance. The conference will reach out to a number of key stakeholders including civil society, industry, government, and academia and explore the present scenario in India to reflect on ways forward.

Conference Context

Ensuring the security of the India’s cyber space is a complex, challenging, and ever changing responsibility that the government is tasked with. Doing so effectively requires a number of factors to come together in a harmonized strategy including: laws & policies, technical capabilities, markets, and a skilled workforce. It also requires collaboration on multiple levels including with foreign governments, domestic and foreign industry, and law enforcement. The first of these is particularly important given the ability of attackers to penetrate across borders and the global nature of data. Any strategy developed by India must be proactive and reactive – evolving defences to prevent a potential threat and applying tactics to respond to a real time threat. To do so, the government of India must legally have the powers to take action and must have the technical capability to do so. Yet, many of these powers and technical capabilities require a degree of intrusion into the lives of citizens and residents of India through means such as surveillance. Thus, such measures must be considered in light of principles of proportionality and necessity, and legal safeguards are needed to protect against the violation of privacy. Furthermore, a principle of optimization must be considered i.e, how much surveillance achieves the most amount of security and how can this security be achieved with the optimal mix of technology, policy and enforcement.

Panel Descriptions

Challenges & Present Scenario

Protecting and enhancing the cyber security of India is a complex and dynamic responsibility. The challenge of securing cyber space is magnified by the demarcated nature of the internet, the multiplicity of vulnerabilities that can be exploited at the national level, the magnitude of infrastructure damage possible from a cyber attack, and the complexity of application of a jurisdiction’s law to a space that is technologically borderless. A comprehensive ‘cyber security’ ecosystem is required to address such challenges – one that involves technology, skills, and capabilities – including surveillance capabilities. The Government of India has taken numerous steps to address and resolve such challenges. In July 2013, the National Cyber Security Policy was published for the purpose of creating an enabling framework for the protection of India’s cyber security. In February 2014, the 52^nd Standing Committee on Information Technology issued a report assessing the implementation of this policy – in which they found that a number of areas needed strengthening. The Government of India has also proposed the establishment of a number of centres focused on cyber security – such as the National Cyber Coordination Center and the National Critical Information Infrastructure Protection Centre. CERT-IN, under the Department of Electronics and Information Technology is presently the body responsible for overseeing and enforcing cyber security in India, while other bodies such as the Resource Centre for Cyber Forensic and TERM cells under the Department of Telecommunications play critical roles in overseeing and undertaking capabilities related to cyber security.

Law & Policy

India has five statutes regulating the collection and use of data for surveillance purposes. These laws define circumstances on which the government is justified in accessing and collecting real time and stored data as well as procedural safeguards they must adhere to when doing so. The Department of Telecommunications has also issued the Unified Access License which, among other things, mandates service providers to provide technical support to enable such collection. The Indian judicial system has also provided a number of Rulings that set standards for the access, collection, and use of data as well as defining limitations and safeguards that must be respected in doing so. The draft Privacy Bill 2011, released by the Department of Personnel and Training, also contained provisions addressing surveillance in the context of interception and the use of electronic video recording devices. In the Report of the Group of Experts on Privacy, the AP Shah Committee found that the legal regime for surveillance in India was not harmonized and lacked safeguards. Furthermore, in the era where the direct collection of large volumes of data is easily possible, there is a growing need to re-visit questions about the legitimate and proportionate collection and use (particularly as evidence) of such data. Questions are also arising about the applicability of standards and safeguards to the state. At a global level, catalyzed by the leaks by Edward Snowden, there has been a strong push for governments to review and structure their surveillance regimes to ensure that they are in line with international human rights standards.

Architecture & Technology

India is in the process of architecting a number of initiatives that seek to enable the collection and sharing of intelligence such as the CMS, NATGRID, and NETRA. At a regional level, the Ministry of Home Affairs is in the process of implementing ‘Mega Policing Cities’ which include the instalment of CCTV’s and centralized access to crime related information. Globally, law enforcement and governments are beginning to take advantage of the possibilities created by ‘Big Data’ and ‘open source’ policing. The architecture and technology behind any surveillance and cyber security initiative are key to its success. Intelligently and appropriately designed projects and technology can also minimize the possibility of intrusions into the private lives of citizens. Strong access controls, decentralized architecture, and targeted access are all principles that can be incorporated into the architecture and technology behind a project or initiative. At the same time, the technology or process around a project can serve as the ‘weakest link’ – as it is vulnerable to attacks and tampering. Such possibilities raise concerns about the use of foreign technology and dependencies on foreign governments and companies.

International and Domestic Markets

Globally, the security market is growing – with companies offering a range of services and products that facilitate surveillance and can be used towards enhancing cyber security. In India, the security market is also growing with studies predicting that it will reach $1.06 billion by 2015. Recognizing the potential threat posed by imported security and telecom equipment, India also develops its own technologies through the Centre for Development of Telematics –attached to the Department of Telecommunications, and the Centre for Development of Advanced Computing – attached to the Department of Electronics and Information Technology. At times India has also imposed bans on the import of technologies believed to be compromised. Towards this end, the Government of India has a number of bodies responsible for licensing, auditing, and certifying the use of security and telecommunication equipment. Though India has recognized the security vulnerabilities posed by these technologies, as of yet it has not formally recognized the human rights violations that are made possible. Indeed, though India has submitted a request to be a signing member of the Wassenaar agreement, they have yet to be accepted.

Agenda

11.00	Registration & Tea
11.30	Key Note Speech
12.00	Challenges & Present Scenario
13.00	Law & Policy
14.00	Lunch
15.00	Architecture & Technology
16.00	International & Domestic Markets
17.00	Tea
17.30	Conclusion & Closing Remarks

For more details visit https://cis-india.org/internet-governance/events/security-governments-data-technology-policy

Study of Privacy Policies of Indian Service Providers

praskrishna — 2014-12-21T15:09:49Z

For more details visit https://cis-india.org/internet-governance/blog/study-of-privacy-policies-indian-service-providers.pdf

Security and Surveillance: A public discussion on Optimizing Security while Safeguarding Human Rights

praskrishna — 2014-12-19T08:46:34Z

The Centre for Internet and Society (CIS) invites you to a public discussion on optimizing security and safeguarding human rights at its Bangalore office on Friday, December 19th, 2014, 16:00 to 18:00.

The Centre for Internet and Society, in collaboration with Privacy International UK, has undertaken exploratory research into surveillance, security, and the security market in India.

Through this research, we hope to understand and document policy and law associated with security, surveillance, and the security market in India and learn about the regulation of security and related technologies such as encryption, filtering, monitoring software, and interception equipment. We also hope to understand the import and export policy regime for dual use technologies.

Such findings will be critical in creating evidence based research to inform security policy and regulation in India and work towards enabling regulatory frameworks that optimize the nation’s security while protecting the rights of citizens.

For more details visit https://cis-india.org/internet-governance/events/security-and-surveillance-optimizing-security-human-rights

Identifying Aspects of Privacy in Islamic Law

Vidushi Marda and Bhairav Acharya — 2015-01-01T14:04:44Z

This white paper seeks to identify aspects of privacy in Islamic Law and demonstrate that the notion of privacy was recognized and protected in traditional Islamic law.

I. Introduction

The nuances of privacy have been deliberated by numerous scholars till date, without arriving at a definite answer. It has been perceived as a right to be left alone, as mere secrecy, as the right to a legitimate area of seclusion and solitude. Privacy is a particularly nebulous concept, with a tendency of resting on intuitionist arguments. However, finding refuge in intuitionist arguments has not lent to a clear understanding of the term itself. This presents a peculiar predicament; while privacy is demanded, nobody seems to have a clear understanding of what it truly means. Daniel Solove opines that privacy is a concept in disarray, it is about everything and hence it seems to be about nothing. Solove finds agreement in a variety of literature, where privacy has been described as a "chameleon-like word", a term suffering from an "embarrassment of meanings", a "powerful rhetorical battle cry".

Traditional notions such as bodily privacy, privacy within one's home, or privacy resulting out of private property are received with far less scepticism than more recent aspects of privacy. With the burgeoning increase in information exchange, the ambit of privacy concerns is widened but not always understood. While earlier notions of privacy confined themselves to physical intrusions, it is now possible to invade a person's privacy without physically intruding on their space. As capabilities to intrude on privacy increase, the demand for respecting privacy grows stronger. In their historic article, Warren and Brandeis referred to privacy as an incorporeal notion, referring to cases of defamation, proprietary harms, contractual harms, breach of confidence to conclude that all such cases belonged to an umbrella principle of the right to privacy.

I.II Aspects of Privacy

William Prosser, a torts scholar, in 1860 attempted to classify privacy comprehensively. He contemplated four kinds of activities as impinging on a person's privacy. They were
1. Intrusion upon the plaintiff's seclusion or solitude, or into his private affairs.
2. Public disclosure of embarrassing private facts about the plaintiff.
3. Publicity which places the plaintiff in a false light in the public eye.
4. Appropriation, for the defendant's advantage, of the plaintiff's name or likeness.
While this classification lent some structure to the understanding of privacy, it restricted itself to only tort law.

A wider taxonomy was offered by Daniel Solove, imbibing concerns of digital privacy and information technology. Focussing on activities that invade privacy, Solove argued that information collection, aggregation of information, dissemination of such aggregated information and invasion into people's private affairs are the aspects integral to understanding the privacy concerns of a data subject.

In its policy paper on privacy in India, the Data Security Council of India (DSCI) recognised privacy issues in the context of e-commerce, transactional privacy, cyber crime, national security, and cross border data flows. Similarly the Department of Personnel and Training (DoPT) in 2011 focussed on understanding privacy in the context of data protection and surveillance. Subsequently, in 2012, the Planning Commission of India set up the A.P. Shah Committee to look into issues of data protection. This Committee classified the dimensions of privacy into four main categories; interception and access, audio and video recording, access and use of personal identifiers, and bodily and genetic material.

The classification of privacy for the purpose of this paper is under the heads of bodily privacy, informational and communications privacy, and territorial and locational privacy. Bodily privacy stems from the notion of personal autonomy and inviolate personality. Battery, rape, voyeurism are all examples of the recognition of the need to protect the privacy of one's body. Communications and informational privacy refers to the protection of sensitive personal information, specific communications and private conversations. Interception of messages, spying, hacking or tapping phone lines are all activities that impinge on privacy under this head. India's ambitious biometric project, Aadhar, has brought to the fore concerns surrounding personal information. Territorial privacy is developed from the notion of private property, the tort of trespass being ample recognition of the same.

I.III Is India a Private Nation?

In October, 2010, the government published an approach paper for legislation on privacy. In explaining the need for privacy legislation in India, the paper states,

"India is not a particularly private nation. Personal information is often shared freely and without thinking twice. Public life is organized without much thought to safeguarding personal data. In fact, the public dissemination of personal information has over time, become a way of demonstrating the transparent functioning of the government."

The notion of privacy being a foreign construct carves the argument that legislation on privacy would mean subjecting India to an alien cultural value. However, this ignores the possibility of privacy being culturally subjective. Cultures have exhibited different measurements by which they measure public and private realms. This paper aims to demonstrate that while the word "privacy" does not find explicit reference in traditional Indian law, the essence of privacy as we understand it today has existed in traditional Indian culture, specifically Indian Islamic culture, pre-dating colonialism in India and modernity in India's legal system.

I.IV Displacement of traditional Indian Law

Contemporary Indian law functions within a rubric that was constructed after the "expropriation" of traditional law. India's colonial legacy rendered the displacement of traditional Indian law with a unified modern legal system abounding in European ideas of modernity and legal systems, leaving it is a state of "fractured modernity". Before the British rule, Indians were governed by their personal laws and these laws did not aim to unify the nation in ways that Western legal systems did.. The decision to establish a modern legal system stemmed from the desire to administer the law as a function of the state, which would have been impractical at best in the absence of a unified legal system.

Edward Said eloquently states that the colonial experience does not end when the last European flag comes down or when the last white policeman leaves. One cannot help but agree with Said, as the understanding of law in contemporary India is constructed on the principles of the English common law and on ideas of a modern legal system. While the word "privacy" does not arise in traditional law, this paper argues that the notions of privacy as we perceive it today did exist hitherto the modernization of India's legal system.

I.V Structure of the paper

While Part I has laid down the foundation of this paper and the arguments it endeavours to make, Part II explains the sources of Islamic law and attempts at locating privacy in them. It also explains certain pervasive concepts that will enhance an understanding of privacy in Islamic law. This paper restricts itself to Sunni Islamic law. Part III gives an indication of privacy rights in India's neighbouring Islamic countries (both predominantly Sunni), Pakistan and Bangladesh; and highlights the legal framework for privacy in these countries.

II. Privacy in Islamic Law

II.I Sources of Islamic Law

Before locating aspects of privacy in Islamic Law, an understanding of its structure and sources will be helpful. Islamic Law is composed of Shariah, and fiqh. Shariah indicates the path a faithful Muslim must undertake to attain guidance in the present world and deliverance to the next. Fiqh, the jurisprudence of Islam, refers to the rational understanding of Shariah and human reasoning to appreciate the practical implications of Islam. While Shariah is divine revelation, fiqh is the human inference of Shariah.

The principle tenet of Islam is unwavering obedience to the teachings of God. According to Muslim belief, the Quran is the divine communication from Allah to the Prophet of Islam. It is the foremost record of the word of God, and for this reason is considered the apex source of Islamic law. It is in the Quran that basic norms of Shariah are found, and it embodies the exact words of God as was revealed to the Prophet over a period of 23 years. Fiqh, or the understanding of Shariah, also finds its origins in the holy Quran.

The Sunnah or Prophetic traditions are the ingredients for the model behaviour of a Muslim as demonstrated by the Prophet. It is a "way, course, rule, mode, or manner, of acting or conduct of life." The Sunnah were compiled through the communications of Prophet Muhammad in the form of Hadiths which are communications, stories or conversations; and may be religious or secular; historical or recent. The narrators of the Hadith are known as "isnad" who convey the "matn" or the substance of the Prophet's actions or words as narrated through oral communications through the years. Due to its very nature, the accuracy of the Sunnah came under considerable scrutiny, with concerns as to its possible fabrication and dilution. However, with a well devised system of recording and verifying sources, the Sunnah accompanies the imperative source of Islamic law, the Quran.

The other sources of Islam are found in human reasoning, or ijtihad. Ijtihad assumes a variety of secondary sources such as analogical reasoning (Qiyas), unanimous consensus (Ijma), decisions in favour of public interest (isthihsan), and presumption of continuity (istishab).
Ijtihad entails a resilient effort; an exertion in interpreting the primary sources in order to understand Shariah, to infer the law which is not explicit or evident. The legitimacy of Ijma is found in the Prophetic tradition, which states that the followers of Islam would never agree on an error, and will never unite on misguidance.

The Quran and Sunnah lie at the pinnacle of Islamic jurisprudence and their authoritativeness lends a ready inference of legal principles derived from them. In exploring the concept of Privacy in Islamic Law, this paper will focus mainly on the material available in the Quran and Sunnah.

II.II The Public and Private in Islam

According to the doctrine of Shariah, every aspect of life is deemed to be private unless shown otherwise. The public sphere is that in which governmental authority operates, making it both transparent and open to scrutiny and observation. Since its inception, Islam has considered the idea of governance with reasonable scepticism, ascribing to the view that there is no concept of a human ruler beyond reproach. This perhaps gave impetus to the idea of a private sphere as one that is inhabited exclusively by an individual and the divine, excluding any interference of the State; except with permission from religious law. In Islamic belief, a pious individual had submitted himself to God, and not the worldly State. Hence, all aspects of his life will align with the tenets of Islamic law and in pursuance with the will of God. Any failure to perform religious duties on the part of a Muslim is beyond the scope of another; it is only a consideration between him and the divine. It is believed that the Prophet said, "Those, who acknowledge God in words, and not at heart, do not find fault with their fellow Muslims. The wrongdoing of those who do so become the subject of God's scrutiny, and when God looks into someone's wrongdoing then all shall be truly exposed" The individual is bestowed with complete freedom of action in the private sphere, subject only to the will of the divine. To govern another is wholly beyond the capacity of any individual, and this forms a pervasive theme in Islamic jurisprudence.

Islamic Law recognizes that it is inevitable for every society to impose certain requirements on individuals both by the law and by societal norms. In respect of a public domain, Islam prescribes an amalgam of requirements of a Muslim community and the teachings of Islam. While committing sins in private is beyond the scope of public or governmental scrutiny, committing a sin in public amounts to a crime, meriting worldly punishment.

Islamic law provides for an individual's obligations to the divine at all times, and to the state in matters within the public domain. This is the most striking difference between Islamic law and modern law, as the function of enforcement of the law and punishment are forfeited to the state in a modern legal system, by virtue of the social contract. However, in Islamic societies, the concept of social contract does not exist. Instead, an individual's obligations lie to the state only if acts meriting worldly punishment occur in the public sphere. It is this distinction in the obligations of individuals that leads to conflicts between the application of Islamic law and modern law.

The Quran is replete with rules for all believers to ordain good and forbid evil (al-amrbi al-Ma'rufwa al-nahy 'an al-munkar'). This divine injunction is a restriction of freedom in the private sphere. The notion of privacy in the public sphere was tested through the office of the muhtasib, or compliance officer. These officers were appointed to ensure that the quality of life is preserved in Islamic societies. Personal or private matters which were visible in the public realm were liable to scrutiny from the muhtasib as well. However, this does not extend to matters such as surveillance and spying even on the authority of the state. The Prophet, according to the hadith of Amir Mu'awiyah remarked, " If you try to find out the secrets of the people, then you will definitely spoil them or at least you will bring them to the verge of ruin." In fact, modern jurists admonish the idea of surveillance as "exactly what Islam has called as the root cause of mischief in politics."

II.III. Privacy in Islamic Law

Bodily Privacy

The sanctity of one's bodily privacy is well recognised in Islamic Law. The Quran (24:58) demarcates certain periods in a day which are times of privacy for an individual, and indicates the need for prior permission before one may enter the private sphere of another. These periods are before the prayer at dawn, during the afternoon where one rests, and after the night prayer. This verse also calls upon children who have not yet reached the age of puberty to get accustomed to asking for permission before entering rooms apart from their own.

As far as bodily seizure of individuals accused of crimes goes, the Traditions indicate a general disinclination towards pre-adjudication restraint of individuals. The very occurrence of it appears to be a cause of discomfort as recorded in the Traditions. One of the Prophet's closest companions, Umar, is believed to have encourages officials to speed up adjudication processes so that the accused could not be deprived of the comfort of their homes and families.

bodily privacy and modesty

Although the Quran stipulates gender equality, the norms of bodily privacy and modesty applicable to men are far less rigorous than the rules of modesty that apply to women. While staring is not contemplated as a crime in modern jurisdictions, the Quran directs "believing men to lower their gaze and be modest." At the same time, it directs women to adhere to strict rules of clothing and conduct, with directions on how to conduct oneself both in private as well as public. Interestingly, with the use of full-body scanners at airports around the world, the bodily privacy of Muslims came to the forefront with several Muslim scholars opining that such use of scanners was in direct violation of the tenets of Islam. According to the Quran, the modesty of a Muslim woman is an indication of her faith.

Communication and Informational Privacy

Privacy is, in many ways, inextricably linked to the notions of personal autonomy, and inviolate personality. Privacy in matters apart from those concerned with proprietary interests was only developed as a legal idea around the ninth century, although the Quran made ample references to it. Whilst the term "privacy" is not directly alluded to in the Quran, it contains verses emphasizing the importance of respecting personal autonomy. The Quran (49:12) rebukes those who wish to pry into matters which do not concern them, or harbour suspicions in respect of others, conceding that some suspicions can even be considered crimes. This implies an injunction against investigation; which complements the prohibition of circulation of information pertaining to an individual's private sphere (24:19). According to this verse, publication of immorality is desirous of punishment. A reasonable conclusion from the reading of these verses is that the Quran mandates respect for the private sphere, guaranteeing that a faithful believer will not violate it. The Prophet is reported to have said that non interference of individuals in matters that do not concern them is a sign of their good faith. Interestingly, the injunction against unwarranted search is for all members of a Muslim community, not just followers of Islam. An extension of the concept of informational privacy is the privacy of one's opinion, which is believed to be beyond reproach regardless of its contents. Deeds in the public sphere can be subject to worldly punishment, but thoughts and opinions everywhere, are not subject to it.

The Sunnah have also emphasized on privacy in communications. The Prophet once said, "He, who looks into a letter belonging to his brother, looks into the Hellfire" , indicating that private communications shall enjoy their privacy even in the public domain. This is evident from another saying of the Prophet,"Private encounters result in entrustment", which entails a restriction on communications arising out of private meetings.

Territorial Privacy

Domestic privacy is considered an important facet of Islamic life and this idea pervades different aspects of Shariah. Privacy in regard to proprietary interests was in fact the first legal conception of privacy recognised by Muslim jurists. The Quran (24:27-8) forbids entering another's house in lieu of permission to do the same. It seeks to ensure that a person visiting another's house is welcome in that house; reminding individuals of their rights during such visits. Further, the Quran (2:189) envisions visits made to other's houses only through the front door, indicating respect and transparency in visiting another's dwelling place. Muslim scholars are of the opinion that such rules were laid down in order to safeguard one's private sphere; to allow people to modify their behaviour to accommodate a visitor in a private domain. Clarifying the reasons for such rules, a jurist offered the following explanation, "The first greeting is for the residents to hear the visitor, the second is for the residents to be cautious( fa-ya khudhu hidhrahum),and the third is for them to either welcome the visitor or send him away."

Privacy in the domestic sphere extends to both physical privacy as well as intangible privacy. The Prophet opined that if one's gaze has entered into a private home before his body does, permission to enter the home would be redundant. This follows from the idea that if a person curiously peeps into another's home, it is equivalent to him entering it himself. The right to privacy is extended to absolve the home owner of any guilt in the event of attack on the intruder. Curiously, the right to privacy within one's home is extended to privacy in respect of sinful behaviour within his private sphere; the accountability of a Muslim to his fellow humans is only to be discerned in respect of his public actions. This is illustrated by an interesting story in the Hadith of Umar ibn al-Khattab. Khattab climbed the wall of a house on the suspicion of wine being consumed within the premises. On his suspicion being confirmed, he chided them for their conduct. They then reminded him that while he pointed out their sins, he himself was guilty of three sins; spying on them, failing to greet them and also not approaching their house through the front door. He agreed with them and walked away.

The rationale behind recognising privacy in the domestic sphere is not just illegal intrusion into one's physical space; it is also intrusion into matters of sensitivity which widens the scope for privacy in Islamic Law.

III Privacy in Shariah Based States

Locating aspects of privacy is Shariah-based states is particularly challenging due to the duality of obligations that exists in their legal framework. While Islamic law focuses on obligations of individuals to the divine in all affairs and the state only in public matters, legal obligations in modern states are understood vis-à-vis the state only. The incorporation of Islam into these modern legal systems represents the attempt at reconciling two distinct sources of law. This Part will consider the legal frameworks for privacy in Pakistan and Bangladesh.

III.I Pakistan

Islamic law has had a profound impact on the legal system of Pakistan. This Islamic Republic integrates Shariah law into its common law system, as is evident from Article 227(1) of the 1973 Constitution of Pakistan ("the 1973 Constitution"). It reads, " All existing laws shall be brought in conformity with the Injunctions of Islam as laid down in the Holy Quran and Sunnah, in this Part referred to as the Injunctions of Islam, and no law shall be enacted which is repugnant to such injunction". In addition to the Constitutional safeguards, General Zia-ul-Haq, between 1977 and 1988 provided great impetus to Pakistan's process of incorporating Islam into its common law system through the establishment of appellate religious courts and also enactment of the Hudood criminal law, which was consequently criticized for being discriminatory and arbitrary.

Constitutional Provisions

Enshrined in the 1973 Constitution is the fundamental right of persons not to be subject to any action detrimental to the life, liberty, body, reputation or property. While referring to the rights of individuals, Article 4(1) lays down, "To enjoy the protection of law and to be treated in accordance with law in the inalienable right of every citizen. Wherever he may be, and of every other person for the time being within Pakistan." While aspects of privacy can be read into this Article quite emphatically, the 1973 Constitution explicitly recognises the right to privacy, dignity and the inviolability of persons in Article 14(1),"The dignity of man, subject to law, the privacy of home, shall be inviolable". The sanctity of these rights is vigorously upheld as laws inconsistent with fundamental rights are declared to be void to the extent of their inconsistency.

Bodily Privacy

The 1973 Constitution recognises the fundamental right of persons not to be subject to any action detrimental to the life, liberty, body, reputation or property. The Pakistan Penal Code (Act XLV of 1860) refers to the protection of privacy of women in Section 509, upholding the modesty of women.

Communications and Informational Privacy

The Pakistan Telecommunication (Re-organisation) Act 1996 enables investigating authorities under the Act to take cognizance of illegalities in communications. These authorities submit their reports to the courts, ensuring the accountability of such events, as well as legitimising search and seizure in pursuance of intercepted communications. The Act also makes arrangements for authorised interception of communications in cases of national security, although the wide and sweeping powers bestowed under this Section are a cause for concern. Moreover, any person causing annoyance to another through a telephone is liable to criminal punishment under the Telegraph Act, 1885.

Medicaland Financial information is recognised as a unit of privacy in the legal system of Pakistan. The delicate balance between transparency of government action and extent of privacy of information is struck in the Freedom of Information Ordinance, which exempts divulging information regarding personal privacy of individuals, private documents and financial privacy.

As far as digital privacy is concerned, the law in Pakistan is still at a nascent stage. In 2000, Pakistan implemented the National Information Technology Policy and Action Plan, which provided for confidentiality of transactional information. In 2002, an Electronic Transactions Ordinance was passed with a view to recognise and protect electronic transactions, setting up a framework within which privacy of information can be guaranteed and authenticity can be verified. There is no devoted law on data protection yet, although a Draft Electronic Data Protection Bill was published by the Ministry of Information in 2005.

Territorial and Locational Privacy

Akin to notions of privacy of the home in Islamic law, criminal trespass is a punishable offence under the Pakistan Penal Code. Pakistan has an unfortunately intimate relationship with terrorism. The Anti Terrorism Act of 1997 incorporates some provisions which raise concerns as to the sanctity of individual privacy. The Act allows an officer of police, armed forces or civil armed forces to enter and search any premise, and to seize any property they suspect to be connected to a terrorist act, without a warrant. Perhaps what is more worrying is that the entry of an officer is not subject to review, unlike in other Islamic countries like the United Arab Emirates. The trade off between personal liberties and national security is acutely felt in Pakistan, with intelligence agencies carrying on mass surveillance, without any legal framework providing for the same.

III.II Privacy in Bangladesh

Bangladesh identifies itself as a secular nation, although Islam is the state religion. The Constitution of Bangladesh uses the word privacy in the context of both territorial and communications privacy.

Bodily Privacy

The Bangladesh Penal Code, similar to Pakistan's, contains a section guaranteeing the bodily privacy of a woman and prohibiting any form of outraging her modesty. It criminalises assault, and also provides for private defence in case of assault.

Communications Privacy

The privacy of communications is subject to interception for the purpose of public safety, as envisaged in the Telegraph Act, 1885. It also contains provisions regarding unlawful interception of messages, as well as tampering or damaging communications. The Telecommunications (Amendment) Act 2006 gives the police sweeping powers to intercept mobile communications as well. However, a notice was issued to the government after this amendment to demonstrate its legality. Bangladesh also has the Right to Information Act, 2009 to promote transparency in governance, although it has a considerable number of agencies exempt from the Act as well. Provisions for cyber crime are enshrined in the Information and Communication Technology Act, 2006.

Territorial Privacy

In the context of territorial privacy, the Bangladesh Penal Code recognises criminal trespass, house trespass, lurking house trespass and house breaking as offences under Bangladeshi law.

IV. Conclusion

Privacy is a comprehensive term that entails a plethora of claims, making an exact definition of the term difficult to come by. In the absence of an explicit reference to privacy in the Indian Constitution, the Supreme Court has brought the right to privacy within the penumbra of Article 21 through various case laws. In 2010, the Government in its approach paper on privacy claimed that India is not a particularly private nation. In order to comprehensively understand India's modern legal framework, it is imperative to analyze the concepts of traditional law as they existed hitherto the colonial era. Although the term "privacy" is a modern construct, this paper has sought to demonstrate that the notion of privacy was well recognized and protected in traditional Islamic law.

From the discussion above, it is evident that the concept of privacy in Shariah law rests convincingly within the taxonomy adopted in this paper. The Quran and Hadith accommodate concerns surrounding private property, personal autonomy, protection of private communications, domestic life, modesty and the modern idea of surveillance. In addition to this, Islamic jurisprudence ascribes to the idea of a public and private sphere. The public sphere is occupied by society and governmental action, being liable to scrutiny and observation. On the other hand, the private sphere is occupied by the individual and the divine alone, free from any interference except in accordance with Shariah law. Inspite of the term "privacy" not finding explicit mention in the Quran or Hadith, a closer analysis of Shariah reveals privacy as a pervasive theme in Islamic jurisprudence.

Daniel Solove, A Taxonomy of Privacy, Vol. 154, No.3 University of Pennsylvania Law Journal, 477 (2006).

Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harvard Law Review 193, 193 (1890).

Richard A. Posner, Privacy, Surveillance and the Law, Vol. 75 No. 1 The University of Chicago Law Review 245, 245 (2008).

Blanca Rodríguez Ruiz, Privacy in Telecommunications: A European and an American Approach 39 (1st ed. 1997).

James Q. Whitman, The Two Western Cultures of Privacy : Dignity versus Liberty, 113 Yale Law Journal 1152, 1153 (2004).

Whitman, supra note 5, at 1153.

Solove, supra note 1, at 479.

Ibid. Referencing Lillian r. BeVier, Information About Individuals in the Hands of Government: Some Reflections on Mechanisms for Privacy Protection, 4 WM. & MARY BILL RTS. J. 455, 458 (1995) .

Ibid. Referencing KIM LANE SCHEPPELE, LEGAL SECRETS 184-85 (1988).

Ibid. Referencing 1 J. THOMAS MCCARTHY, THE RIGHTS OF PUBLICITY AND PRIVACY § 5.59 (2d ed. 2005).

Solove, supra note 1, at 560.

Samuel D. Warren & Louis D. Brandeis, supra note 2, at 193.

William L Prosser, Privacy, 48 California Law Review 383,389 (1960).

Solove, supra note 1, at 488.

Data Security Council of India, Policy Paper: Privacy in India. Available at https://www.dsci.in/sites/default/files/Policy%20Paper%20-%20Privacy%20in%20India.pdf.

Department of Personnel and Training, (DoPT) Approach Paper for a Legislation on Privacy. Report available at http://ccis.nic.in/WriteReadData/CircularPortal/D2/D02rti/aproach_paper.pdf.

Justice Ajit.P.Shah Committee, Report of the Group of Experts on Privacy, 60. Available at - http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf.

Bhairav Acharya, at http://freespeechhub.thehoot.org/freetracker/storynew.php?storyid=565&sectionId=10.

DoPT, Approach Paper. supra note 16.

Whitman, supra note 5, at 1154.

Chandran Kukathas, Cultural Privacy, Vol. 91, No. 1 The Monist 68, 69 (2008).

Marc Galanter, Displacement of Traditional Law in Modern India, Vol XXIV, No. 4 Journal of Social Issues 65, 67 (1968).

Stuart Corbridge & John Harriss, Reinventing India: Liberalization, Hindu Nationalism and Popular Democracy 238 (Reprint, 2006).

Galanter, supra note 22, at 66.

Ibid. at 67.

Edward Said, Representing the Colonized: Anthropology's Interlocutors, Vol. 15 No.2 Critical Inquiry 205, 207 (1989).

Mohammad Hashim Kamali, Shari'ah Law, An Introduction 19 (2009)

M Mustafa Al Azami, Studies in Hadith Methodology and Literature 7 (2002).

Id. at 3.

NJ Coulson, A History of Islamic Law 22 (1964)

Kamali, supra note 27, at 19.

Sunan Ibn Majah , Book of Tribulations (Kitab al-Fitan) , #3950, available at http://sunnah.com/ibnmajah/36.

Mohsen Kadivar, An Introduction to the Private and Public Debate in Islam, Vol.70 , No. 3 Social Research 659, 663 (2003).

Lara Aryani, Privacy Rights in Shariah and Shariah-based States, Vol. 3, Iss.2, Journal of Islamic State Practices in International Law, 3 (2007)

Kadivar, supra note 33, at 664.

Ibid. at 665.

Ibid. at 667. Referencing Koleini, Mohammad. Al-Kaafi. Qom, Vol. 2: 353 1388.

Ibid. at 671.

Ibid. at 664.

Social Contract Theory of John Locke(1932-1704) in the Contemporary World , SelectedWorks of Daudi Mwita, Nyamaka (2011) Available at http://works.bepress.com/cgi/viewcontent.cgi?article=1009&context=dmnyamaka.

Kadivar, supra note 33, at 664.

Ibid. at 673.

Abul a'la Mawdudi, Human Rights in Islam 24 (1995). Also available online, at http://books.google.co.in/books?id=RUJWdCOmmxoC&printsec=frontcover#v=onepage&q&f=false.

Aryani, supra note 34, at 13.

This indicates Sura 24 : verse 58.

Holy Quran, 24:58 - O you who have believed, let those whom your right hands possess and those who have not [yet] reached puberty among you ask permission of you [before entering] at three times: before the dawn prayer and when you put aside your clothing [for rest] at noon and after the night prayer. [These are] three times of privacy for you. There is no blame upon you nor upon them beyond these [periods], for they continually circulate among you - some of you, among others. Thus does Allah make clear to you the verses; and Allah is Knowing and Wise. (Translation from Sahih International available at http://quran.com/24/58)

Reza Sadiq, Islam's Fourth Amendment : Search and Seizure in Islamic Doctrine and Muslim Practice, Vol. 40 Georgetown Journal of International Law 703, 730 (2008 - 2009).

Ibid. at 733. Referencing IBRAHIM ABDULLA AL-MARZOUQI, Human Rights in Islamic Law 392 (2000).

Rohen Peterson, The Emperor's New Scanner :Muslim Women at the Intersection of the First Amendment and Full Body Scanners, 22 Hastings Women's Law Journal 339, 343 (2011).

Holy Quran, 24:30 - Tell the believing men to reduce [some] of their vision and guard their private parts. That is purer for them. Indeed, Allah is Acquainted with what they do. (Translation from Sahih International available at http://quran.com/24/30-31).

Holy Quran, 24:31- And tell the believing women to reduce [some] of their vision and guard their private parts and not expose their adornment except that which [necessarily] appears thereof and to wrap [a portion of] their headcovers over their chests and not expose their adornment except to their husbands, their fathers, their husbands' fathers, their sons, their husbands' sons, their brothers, their brothers' sons, their sisters' sons, their women, that which their right hands possess, or those male attendants having no physical desire, or children who are not yet aware of the private aspects of women. And let them not stamp their feet to make known what they conceal of their adornment. And turn to Allah in repentance, all of you, O believers, that you might succeed. (Translation from Sahih Internation, available at http://quran.com/24/30-31).

David Garner, Muslims warned not to go through airport body scanners because they violate Islamic rules on nudity, The daily mail, (Feb 12, 2010). http://www.dailymail.co.uk/news/article-1250616/Muslims-warned-airport-body-scanners-violate-Islamic-rules-nudity.html#ixzz3KF8hS6q3 .

Holy Quran, 33:59 - O Prophet, tell your wives and your daughters and the women of the believers to bring down over themselves [part] of their outer garments. That is more suitable that they will be known and not be abused. And ever is Allah Forgiving and Merciful. (Translation from Sahih International, available at http://quran.com/33/59.)

Eli Alshech, "Do Not Enter Houses Other than Your Own": The Evolution of the Notion of a Private Domestic Sphere in Early Sunnī Islamic Thought Vol. 11, No. 3, Islamic Law and Society 291, 304 (2004).

Holy Quran, 49:12 - O you who have believed, avoid much [negative] assumption. Indeed, some assumption is sin. And do not spy or backbite each other. Would one of you like to eat the flesh of his brother when dead? You would detest it. And fear Allah ; indeed, Allah is Accepting of repentance and Merciful. ( Translation from Sahih International, available at http://quran.com/49/12)

Holy Quran, 24:19 - Indeed, those who like that immorality should be spread [or publicized] among those who have believed will have a painful punishment in this world and the Hereafter. And Allah knows and you do not know. ( Translation from Sahih International, available at http://quran.com/24/19)

Kadivar, supra note 33, at 666.

Ahmad Atif Ahmad, Islam Modernity violence and everyday life 176 (1^st ed. 2009)

Kadivar, supra note 33, at 667.

Ibid , at 178.

Ibid.

Alshech, supra note 54, at 291.

Holy Quran, 24:27-8 - O you who have believed, do not enter houses other than your own houses until you ascertain welcome and greet their inhabitants. That is best for you; perhaps you will be reminded. And if you do not find anyone therein, do not enter them until permission has been given you. And if it is said to you, "Go back," then go back; it is purer for you. And Allah is Knowing of what you do. ( Translation from Sahih International, available at http://quran.com/24)

Holy Quran, 2:189 - They ask you, [O Muhammad], about the new moons. Say, "They are measurements of time for the people and for Hajj." And it is not righteousness to enter houses from the back, but righteousness is [in] one who fears Allah. And enter houses from their doors. And fear Allah that you may succeed. (Translation from Sahih International, available at http://quran.com/2)

Alshech, supra note 54, at 308.

Ibid. at 306. Referencing Ibn Abi Hatim, 8 TAF5IRAL-QUR'ANAL-'ADHIM 2566 (Makiabat Nlilr Mustaffi 1999).

Ahmad, supra note 58, at 177.

Alshech, supra note 54, at 324.

Aryani, supra note 34, at 4. Also see Ahmad, supra note 24, at 178.

Alshech, supra note 54, at 310.

Kadivar, supra note 33, at 664.

Moeen Cheema, Beyond Beliefs: Deconstructing the Dominant Narratives of the Islamization of Pakistan's Law, 60 American Journal of Comparative Law 875 (2012).

The Constitution of the Islamic Republic of Pakistan, 1973. Available at http://www.na.gov.pk/publications/constitution.pdf.

Cheema, supra note 72, at 879.

The Constitution of the Islamic Republic of Pakistan, 1973, supra note 73.

Ibid.

Ibid. Article 8 - "(1) Any law, or any custom or usage having the force of law, in so far as it is inconsistent with the rights conferred by this Chapter, shall, to the extent of such inconsistency, be void. (2) The State shall not make any law which takes away or abridges the right so conferred and any law made in contravention of this clause shall, to the extent of such contravention, be void

Ibid. Article 4(2)(a) - "no action detrimental to the life, liberty, body, reputation or property of any person shall be taken except in accordance with law."

Section 509, Pakistan Penal Code (Act XLV of 1860), Available at http://www.oecd.org/site/adboecdanti-corruptioninitiative/46816797.pdf.

Section 32, Pakistan Telecommunication (Re-Organisation) Act, 1996. Available at http://www.pta.gov.pk/media/pta_act_140508.pdf.

Ibid. Section 54.

Section 25-D, Pakistan Telegraph Act, 1885. Available at http://www.fia.gov.pk/law/Offences/26.pdf.

Section 12, Pakistan Medical and Dental Council Code of Ethics. Available at http://www.pmdc.org.pk/LinkClick.aspx?fileticket=v5WmQYMvhz4%3D&tabid=292&mid=845.

http://www.sbp.org.pk/publications/prudential/ordinance_62.pdf

Section 8, Freedom of Information Ordinance, 2002. Available at http://infopak.gov.pk/Downloads/Ordenances/Freedom_of_%20Information_Ordinance2002.pdf.

Pakistan IT Policy and Action Plan, available at http://www.unapcict.org/ecohub/resources/pakistan-information-technology-policy.

Electronic Transactions Ordinance, available at http://www.pakistanlaw.com/eto.pdf.

For a more detailed account, see http://www.supremecourt.gov.pk/ijc/articles/10/1.pdf. Second draft available at http://media.mofo.com/docs/mofoprivacy/PAKISTAN%20Draft%20Law%202nd%20Revision%20.pdf.

Sections 441 - 462, Pakistan Penal Code (XLV of 1860) Chapter XVII, "Offences against Property".

Section 5, Anti Terrorism Act, 1997. Available at http://www.fia.gov.pk/law/ata1997.pdf.

Ibid. Section 10.

Lara Aryani, supra note 34, at 21.

Julhas Alam, Bangladesh moves to retain Islam as state religion, Cns News, http://cnsnews.com/news/article/bangladesh-moves-retain-islam-state-religion.

Article 43, Constitution of Bangladesh. Available at http://www1.umn.edu/humanrts/research/bangladesh-constitution.pdf.

Section 509, Bangladesh Penal Code,1860. Available at http://bdlaws.minlaw.gov.bd/print_sections_all.php?id=11.

Ibid. Sections 351- 358.

Ibid . Section 100.

Section 5, Bangladesh Telegraph Act, 1885. Available at http://bdlaws.minlaw.gov.bd/print_sections_all.php?id=55.

Ibid . Section 24.

Ibid. Section 25.

Bangladesh Penal Code, 1860. supra note 95. Section 441.

Ibid. Section 442.

Ibid. Section 443.

Ibid. Section 445.

See, Kharak Singh v. State of Uttar Pradesh, AIR 1963 SC 1295 : (1964) 1 SCR 332; Govind v. State of Madhya Pradesh, AIR 1975 SC 1378; Rajagopal v. State of Tamil Nadu, AIR 1995 SC 264; People's Union for Civil Liberties (PUCL) v. Union of India, AIR 1997 SC 568; X v. Hospital Z, AIR 1999 SC 495.

DoPT, Approach Paper. supra note 16.

For more details visit https://cis-india.org/internet-governance/blog/identifying-aspects-of-privacy-in-islamic-law

Are Cab Apps safe?

praskrishna — 2014-12-27T17:01:39Z

Cab services are increasingly relying on mobile apps to book, track and charge you for journeys. While tech watchers say there is a digital trail.

Originally published by IBNLive on December 8, 2014. Sunil Abraham gave his inputs.

"You can always share your location, the app has a feature for you to share your location through the way to whoever is waiting at the other end," said Aprameya Radhakrishna, CEO Taxi For Sure.

There's also a major safety loopholes. "We have more complicated technological safegaurd. All the cab driver has to do is use a very primitive technique. He just has to pull off his battery and can ensure that he throws away the phone of the traveller, and no one would know," said Sunil Abraham, Head, Centre For Internet And Society.

So can you trust technology to safeguard you? Rest assured that someone will be monitoring your journey back in some control room?

People feel that there should be some kind of an automatically generated alert system. Had the tracker been switched off, that could have been a point of loophole.

Great degree of automation is possible here but finally it is the human oversight which is critical eventually, in any technology.

Technology, ultimately, doesn't have all the answers, can't provide all solutions against crime prevention. We have seen instances when criminals have attacked women in ATMs knowing full well they are caught on camera, we have seen attacks by unruly drivers at road toll booths, regardless of the surveillance cameras.

While technology helps in tracking digital footprints that a criminal has taken, it hasn't deterred the criminal from doing what he wants to. For that, we have to be on guard.

For more details visit https://cis-india.org/internet-governance/news/ibn-live-december-8-2014-are-cab-apps-safe

India sees biggest improvement in Internet freedom, says report

praskrishna — 2014-12-07T11:08:34Z

Big stride ascribed to removal of restrictions imposed in 2013; globally, Internet freedom sees decline.

The article by Moulishree Srivastava was published in Livemint on December 5, 2014. Sunil Abraham gave his inputs.

India fared better this year when it came to freedom of the Net, while globally Internet freedom declined for the fourth consecutive year in 2014 with a growing number of countries introducing more aggressive online censorship and monitoring practices, said a report by Freedom House, an independent watchdog.

The global Freedom on the Net report 2014, which covered the period between 1 May 2013 and 31 May 2014 and was released on Thursday, said India scored 42 points this year, an improvement of five points over the previous reporting period.

It’s the largest increase in Internet freedom over the past year and was ascribed to the removal of temporary restrictions on access and content that had been imposed in 2013 to stem an exodus of people from north-eastern states from wherever else they were in India.

Of the 65 countries assessed, 36 saw a decline in Internet freedom. The most significant declines were in Russia, Turkey and Ukraine. Iran, Syria and China are the world’s worst abusers of Internet freedom, said Freedom House.

A low score indicates higher Internet freedom.

The US remained relatively free compared with the rest of the world with a total score of 19, the report said.

“Any report on Internet freedom that ranks US as free cannot be taken seriously,” said Sunil Abraham, executive director of the Bengaluru-based research organization Centre for Internet and Society.

There is massive intellectual property rights (IPR)-related censorship in the US, which Freedom House does not consider censorship, and the total surveillance regime of the National Security Agency that resulted in self-censorship was also ignored by Freedom House, he said.

In India, curbs on content and arrests related to online publishing under Section 66A of the information technology (IT) Act declined in the past year.

There have been nine criminal complaints filed against social media posts in the period, but the Supreme Court did its bit by curtailing arrests for online expression under the IT Act.

Independently, the Supreme Court is assessing the constitutionality of provisions in the IT Act and secondary legislation that restrict content and criminalize speech online. Section 66A of the IT Act criminalizes a wide range of speech and led to several arrests for social media posts in 2012 and early 2013. On 2 December, the Supreme Court asked the government to clarify its stand on the constitutionality of these provisions by 9 December.

Several petitioners have also challenged parts of the IT Act, including rules introducing potential criminal liability for intermediary companies for content posted by third parties, as unconstitutional in the Supreme Court.

“Legislation and procedures to effectively protect privacy, meanwhile, remain lacking, and the scope of a privacy law currently being drafted is unclear,” said the Freedom House report.

India was expected to get a privacy law before the launch of the Unique ID, or Aadhar, programme, but this has not happened.

“Allegations of procedural abuses by state officials in surveillance cases have emerged in the states of Himachal Pradesh and Gujarat, in the latter while the present Prime Minister was chief minister,” the report said. “Partly in response to these scandals, the government tightened procedures in January 2014, saying officials must issue interception orders to telecommunications providers in written form, though they still require no warrant or judicial oversight.”

Currently, the government can retrieve data from intermediaries such as Internet service providers, which are required to install infrastructure for surveillance and keyword scanning of all traffic passing through each gateway.

What can curb Net freedom substantially in India, according to the report, is the Indian government’s ambitious nationwide surveillance programme, the Central Monitoring System, which allows authorities to monitor individuals’ digital communications directly without issuing orders to service providers, written or otherwise—that is, “without judicial oversight”.

The move allows government agencies to intercept any online activities, phone calls, text messages and even social media conversations in real time by directly accessing interception equipment on intermediary premises.

The Indian government also requested user information from international Web-based platforms including Google Inc., which received 2,794 data requests from Indian government agencies from January to June 2014. Facebook Inc. got 3,598 such requests and Twitter Inc. 19.

Apoorva contributed to this story.

For more details visit https://cis-india.org/internet-governance/news/livemint-december-5-2014-moulishree-srivastava-india-sees-biggest-improvement-in-internet-freedom

Ubiquity, Mobility, Globality: Charting Directions in Mobile Phone Studies

praskrishna — 2014-12-04T16:25:50Z

For more details visit https://cis-india.org/a2k/blogs/ubiquity-mobility-globality.pdf

November 2014 Bulletin

praskrishna — 2014-12-15T13:27:04Z

We at the Centre for Internet & Society (CIS) welcome you to the eleventh issue of the newsletter (November 2014).

Highlights

On 13 November, 2014, the Department of Industrial Policy and Promotion had released a Call for Suggestions for India's proposed National IPR Policy. CIS sent its comments.
As part of the Pervasive Technologies we published four methodology documents: Rohini Lakshané wrote on Patent Landscaping for the Indian Mobile Device market ; Anubha Sinha wrote on Intellectual Property in Mobile Application Development in India ; Maggie Huang wrote on Access to Music through the Mobile; and Nehaa Chaudhari wrote on Sub Hundred Dollar Mobile Devices and Competition Law .
Odisha's most circulated newspaper Sambad has collaborated with CIS-A2K to relicense 19 books published by its sister concern "Ama Odisha".
Vipul Kharbanda in a blog entry examines the relationship between privacy and transparency in the context of the right to information in India .
Geetha Hariharan in a blog entry explores what India's ITU proposal means for Internet Governance.
Pranesh Prakash wrote an article in the Economic Times exploring net neutrality.
In her final blog post on the mapping exercise undertaken by CIS-RAW, P.P.Sneha summarises some of the key concepts and terms that emerged as significant in the discourse around Digital Humanities in India.

►Job

Programme Officer (Access to Knowledge - Institutional Partnerships): CIS is seeking applications for the post of Programme Officer for its Access to Knowledge (A2K) Programme. The position will be based in its Bangalore office. Programme Officer will collaboratively work with the A2K Team and would report to the Programme Director, Access to Knowledge at CIS.

Accessibility and Inclusion

Under a grant from the Hans Foundation we are doing two projects. The first project is on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India. CIS in partnership with CLPR (Centre for Law and Policy Research) compiled the National Compendium of Policies, Programmes and Schemes for Persons with Disabilities (29 states and 6 union territories). The publication has been finalised and is currently in the process of being printed. The draft chapters and the quarterly reports can be accessed on the project page. The second project is on developing text-to-speech software for 15 Indian languages. The progress made so far in the project can be accessed here.

►NVDA and eSpeak

Monthly Update

November 2014 Report (Suman Dogra; November 30, 2014).

Upcoming Event

Training in Use of eSpeak with Malayalam (co-organized by CIS, DAISY Forum of India and Chakshumathi Assistive Technology Centre; Trivandrum; January 24 - 25, 2015, Trivandrum).

►Other

Blog Entry

Central Guidelines and Schemes (Anandhi Viswanathan; November 6, 2014).

Access to Knowledge

As part of the Access to Knowledge programme we are doing two projects. The first one (Pervasive Technologies) under a grant from the International Development Research Centre (IDRC) is for research on the complex interplay between pervasive technologies and intellectual property to support intellectual property norms that encourage the proliferation and development of such technologies as a social good. The second one (Wikipedia) under a grant from the Wikimedia Foundation is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Submission

Comments on the Proposed Intellectual Property Rights Policy to the Department of Industrial Policy and Promotion (Pranesh Prakash, Nehaa Chaudhari, Anubha Sinha and Amulya P.; November 30, 2014).

Blog Entries

MHRD IPR Chairs - Underutilization of Funds and Lack of Information Regarding Expenditures (Amulya Purushothama, November 19, 2014).

Participation in Events

Ubiquity, Mobility, Globality: Charting Directions in Mobile Phone Studies (Organized by Center for Global Communication Studies at the Annenberg School for Communication, University of Pennsylvania, Philadelphia; November 6 - 7, 2014). Nehaa Chaudhari made a presentation on Pervasive Technologies: Access to Knowledge in the Marketplace.
Countering US pressures on India's IP regime (Organized by Lawyer's Collective; November 16, 2014). Anubha Sinha attended the event.
Technology and Gender Based Violence (Organized by the Bachchao Project; November 24, 2014). Rohini Lakshané was a speaker at the event. She spoke about various strategies that women use to respond to online harassment, such as reporting the abuser, and enlisting support from online followers, or friends or family in order to deal with the abuser.

►Pervasive Technology

Blog Entries

Methodology: Patent Landscaping (Rohini Lakshané; November 10, 2014).
Methodology: Intellectual Property in Mobile Application Development in India (Anubha Sinha; November 17, 2014).
Methodology: Access to Music through the Mobile (Maggie Huang; November 18, 2014).
Methodology: Sub Hundred Dollar Mobile Devices and Competition Law (Nehaa Chaudhari; November 25, 2014).

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Op-Ed

Odia Wikisource, its Potential (Subhashish Panigrahi, The Samaja, November 17, 2014).

Blog Entries

55 Works of Iconic Indian writer released under Free Licence to benefit Wikisource (T. Vishnu Vardhan, November 13, 2014).
Odia author Nirmala Kumari Mohapatra's 21 books relicensed under CC-by-SA 4.0 (Subhashish Panigrahi, November 17, 2014).
Nineteen Books Published by Ama Odisha Relicensed under CC-by-SA 4.0 (Subhashish Panigrahi, November 25, 2014).

News and Media Coverage

CIS-A2K team gave its inputs to the following media coverage:

ಭಾಷಣದಿಂದ ಭಾಷೆ ಉಳಿಯಲ್ಲ, ಕನ್ನಡದಲ್ಲೇ ಮಾಹಿತಿ ಸಿಗುವುದು ಅಗತ್ಯ: ಪವನಜ (Just Kannada; November 23, 2014).
Kannada Wikipedia Presentation in Mysuru (Prajavani; November 24, 2014).
Now, Tulu set to be promoted through Wikipedia articles (Hindu; November 24, 2014).
'Tulu Wikipedia' in incubation stage, 600 articles uploaded, says U.B. Pavanaja (Ravi Prasad Kamila; Hindu; November 26, 2014).
Odia Wikisource launched in Odisha capital (Odisha Sun Times; November 28, 2014).
Odia Wikisource aims to bring valuable and rare books on the Internet (Odisha Diary; November 28, 2014).

Event Co-organized

Odia Wikisource Sabha 2014 (Co-organized by CIS-A2K and Odia Wikimedia Community; November 28, 2014). Subhashish Panigrahi participated in the event.

Participation in Event

A Seminar on E-publishing of Odia Books (Organized by Molybtech Technology Solutions; November 30, 2014). Subhashish Panigrahi was a speaker.

►Openness

Blog Entry

Privacy vs. Transparency: An Attempt at Resolving the Dichotomy (Sunil Abraham with feedback and inputs from Sumandro Chattapadhyay, Elonnai Hickok, Bhairav Acharya and Geetha Hariharan; November 14, 2014).

News and Media Coverage

Getting Strategic about Openness and Privacy (Tim Davies; Open Data Research Lead at Web Foundation; November 3, 2014).

Participation in Event

Content co-ordination for the Panel Discussion on Crypto-Currencies (organized by the Law and Technology Society; November 15, 2014). Sharath Chandra Ram was a panelist and made a presentation Scalability and Security Issues in Distributed Trust based Cryto-Currency Systems like BITCOIN

Internet Governance

►Privacy

As part of our Surveillance and Freedom: Global Understandings and Rights Development (SAFEGUARD) project with Privacy International we are engaged in enhancing respect for the right to privacy in developing countries. During the month we published the following blog entries:

Blog Entries

White Paper on RTI and Privacy V1.2 (Vipul Kharbanda; November 9, 2014).
Introduction: About the Privacy and Surveillance Roundtables (Manoj Kurbet; November 27, 2014).

Event Organized

IOCOSE's talk at CIS (CIS, Bangalore; November 27, 2014). There was a presentation of the work of the artists group IOCOSE, current artists in residence at T.A.J./SKE Residency.

Upcoming Event

CPDP 2015 : The eighth international conference on computers, privacy and data protection will be held in Brussels from January 21 to 23, 2015. CIS is a moral supporter of CPDP.

Participation in Events

E-Consultation on Cyber Security, Justice, and Governance Begins! (Organized by the Hague Institute for Global Justice; November 4, 2014). Sunil Abraham facilitated the e-consultation on "Internet access, the freedom of expression online, and development in the Global South".
Learning Forum: Transparency and Human Rights in the Digital Age (Organized by Global Network Initiative; November 6, 2014). Pranesh Prakash gave a talk on transparency reports and their use and abuse in India; the Intermediary Liability Rules in India (and its non-provision of any transparency mechanism); and the need for transparency in private speech regulation, not just governmental speech regulation.
Fourth Discussion Meeting of the Expert Committee to Discuss the Draft Human DNA Profiling Bill (Organized by the Department of Biotechnology; New Delhi; November 10, 2014). Sunil Abraham was unable to participate because of technical problems.
Ground Zero Summit 2014 (Organized by India Infosec Consortium; November 13-14, 2014). Geetha Hariharan participated in this event.
Privacy, security and surveillance: tackling international dilemmas and dangers in the digital realm (Organized by Wilton Park; November 17-19, 2014). Pranesh Prakash was a panelist in the session "Beyond the familiar: how do other countries deal with security and surveillance oversight?"

►Free Speech

Under a grant from the MacArthur Foundation, CIS is doing research on the restrictions placed on freedom of expression online by the Indian government and contribute studies, reports and policy briefs to feed into the ongoing debates at the national as well as international level. As part of the project we bring you the following outputs:

Blog Entries

Good Intentions, Recalcitrant Text - II: What India's ITU Proposal May Mean for Internet Governance (Geetha Hariharan; November 1, 2014).
India's Statement at ITU Plenipotentiary Conference, 2014 (Geetha Hariharan; November 4, 2014).

Newspaper Article

The Socratic debate: Whose internet is it anyway? (Pranesh Prakash; Economic Times; November 18, 2014).

News & Media Coverage
CIS gave its inputs to the following media coverage:

Twitter users find several accounts suspended for unknown reasons (Vasudha Venugopal; Economic Times; November 2, 2014).
Several Indian Twitter users' accounts suspended due to tech glitch (Silky Malhotra; digit; November 3, 2014).
Game release cancelled over gay character (Jaison Lewis; Mumbai Mirror; November 19, 2014).
Leave the Net Alone (Businessworld; November 25, 2014).

Digital Humanities

CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

Blog Entry

Mapping Digital Humanities in India - Concluding Thoughts (P.P.Sneha; November 30, 2014).

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

► Follow us elsewhere

Twitter: https://twitter.com/CISA2K
Facebook group: https://www.facebook.com/cisa2k
Visit us at: https://meta.wikimedia.org/wiki/India_Access_To_Knowledge
E-mail: a2k@cis-india.org

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration:

We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, atsunil@cis-india.org or Nishant Shah, Director - Research, at nishant@cis-india.org. To discuss collaborations on Indic language Wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/november-2014-bulletin

Introduction: About the Privacy and Surveillance Roundtables

manoj — 2014-11-27T13:34:56Z

The Privacy and Surveillance Roundtables is a Centre for Internet and Society (CIS) initiative, in partnership with the Cellular Operators Association of India (COAI), as well as local partners. The Roundtable will be closed-door deliberation involving multiple stakeholders. Through the course of these discussions we aim to deliberate upon the current legal framework for surveillance in India, and discuss possible frameworks for surveillance in India.

The provisions of the draft CIS Privacy Bill 2013, the International Principles on the Application of Human Rights to Communication Surveillance, and the Report of the Group of Experts on Privacy will be used as background material and entry points into the discussion. The recommendations and dialogue from each roundtable will be compiled and submitted to the Department of Personnel and training.

The third Privacy and Surveillance Roundtable was held in New Delhi at the India International Centre by the Centre for Internet and Society in collaboration with the Cellular Operators Association of India and Vahura, legal Partner on the 1^st of September, 2014.

The aim of the discussion was to gain inputs on what would constitute an ideal surveillance regime in India working with theCIS Draft Privacy Protection Bill, the Report of the Group of Experts on Privacy prepared by the Justice Shah committee, and the International Principles on the Application of Human Rights to Communications Surveillance.

Background and Context: Privacy and Surveillance in India

The discussion began with the chair giving an overview of the legal framework that governs communications interception under Indian Law in the interest of the participants since many were there for the first time.

The legal system to govern the manner in which communications are intercepted in India are defined under three main acts

1. Interception of Telephonic Calls : The Telegraph Act 1885

2. Interception of Posts : The Indian Post Office Act,1898

3. Interception of Electronic communication like e-mails etc :The IT Act, 2000

While the interception of postal mail is governed by Section 26 of the Post Office Act, 1898, the interception of modern forms of communication that use electronic information and traffic data are governed under Sections 69 and 69B of the Information Technology Act, 2000, while interception of telephonic conversations are governed by section 5(2) of the Indian Telegraph Act 1885 and subsequent rules under section 419A.

The main discussion of the meeting revolved around the Telegraph Act since it is the main Act which covers the interception of telecommunications. In 1968 the 30th Law Commission Report studying Section 5(2) of this Act came to the conclusion that the standards in the Act may be unconstitutional given factors such as 'public emergency' & 'public safety' were too wide in nature and called for a relook at the provision.

Objective of Round Table Meetings

The objective of the round table meetings is to, be prepared with the proposals on the Privacy Bill which the new government intends to split into separate Bill for Surveillance and Data privacy. Thus these submissions once out in the public domain would further deliberate more discussion and shape the course of the Bill.

Discussion

Authorisation

The chair initiated the discussion continuing from the last meeting about the two models of authorisation for Interception 1. The Judiciary & 2. The Executive

The chair explained why the earlier proposed Judiciary based model, based on the efficient experience of separation of power, would not fit into the Indian context. The main reason for this being that the lower judiciary in India is not competent enough to take decisions of this nature. Providing examples, the chair explained how in many cases the lower Judiciary overlooks essential human rights in their decisions, and such rights are only addressed when the case is appealed in Higher courts. While participants felt that High Court judges would be favourable, it was expressed that the immense backlog at the High Court level and the lack of judges is a challenge and risks being inefficient. Thus an additional responsibility for the High Court would not be a feasible model. Furthermore, adopting a judicial based model would mean that the existing model of executive would need to be entirely replaced. Owing to these practical implementation issues consensus was built over adoption of the existing executive model, but with more safeguards.

Safeguards proposed:

1. A redressal tribunal: Establishing a tribunal for the redressal of interception complaints. The tribunal could be a non-active body. Such a model would be different from other models adopted around the world - for example e in UK a designated tribunal suo-motu reviews cases on a regular basis. The tribunal could also have judicial review authority, to which one of the participants raised an issue that the tribunals usually will not have the power of Judicial review, however the chair assured him that the delegation of Judicial review to a tribunal does exist in Indian law.

2. A review commission: Establishing a commission to review the interceptions carried out on the orders of home secretary. For such an overseeing body, the commissioner should be appointed independently. The commissioner must be a Judge or a senior Lawyer and should report to the Parliament.

Content data and Metadata

In the next session the chair explained the difference between content data and metadata while initiating discussion on provisions addressing them in the proposed Bill. Content data, also called as payload data, is the actual content of the communication which takes place between X and Y.

Example 1: In the VOIP call the voice is packetized and sent in different packets to the destination, the content of that packet is the content data whereas the information of this content i.e the header, footer and checksum of the packet is the metadata.

Example 2: In the serial communication of the normal phone call the content data will be what the communication happened between two or more people over the call and the metadata will be who were involved in the call, on what date and time the call was made from which place, and under which tower.

It was noted that generally it is easier to intercept metadata than content data. In the proposed bill, section 2 (C) refers to the definition of content data and section 2(E) to metadata.

Participants also pointed out that often it is with metadata that concerned governmental authorities are able to carry out tracking. Thus, when determining procedural safeguards for surveillance - and specifically for interception - the question of whether or not content data and meta data should be treated the same under law must be addressed. Participants suggested looking into German laws, which have procedure to deal with this question. Despite differences over the exact level of protection meta data should legally be afforded, participants agreed that a higher authority should be responsible for the interception, collection, and access to metadata and content data.

In India, because the existing legal framework in India has different standards for different modes of communication, it is proposed that a uniform legal framework be created by harmonizing the three Acts through amendments or overriding existing legislation regulating surveillance in India, and establishing a new framework under a Privacy legislation.

Big Data, Cloud & OTT

In this session a participant raised the issue of Big data and Cloud services, and asked whether the CIS Privacy Protection Bill or the draft Privacy Bill from the government addresses this issue. This question was of particular relevance because a number of the cloud data centres are located in locations outside India. Thus a question of jurisdiction arises. The participant opined that in the coming years and with the new government's vision to have space for every citizen in cloud and data localisation being priority, he stressed that the Bill should clearly address issues related to the cloud, big data, outsourcing, and questions of jurisdiction. Responding to this the chair was of the view that the crimes committed outside the territory of India come under Extra-territorial law, section 4 of IPC and Section 188 Cr. P.C. But it was noted that due to the fact that the crime is committed outside the territory of India, despite the provision, it is practically not implementable unless there is a contract between countries or a treaty signed. The solution could be data localisation, hosting the cloud servers in India, but that again has its own pros & cons. In response participants indicated that if a choice had to be made about data localization - the best option would be one that would be economical for Indian business and the government.

OTT (Over the Top) Services

Another participant brought to the notice of the meeting that most of the networks of service provider's are adopting IP (Internet Protocol). In the context of surveillance, this means that for an interception to take place, Deep Packet Inspection (DPI) must be adopted by service providers. This is currently placing a burden on service providers, as it is costly and the connection time of the calls for the number under surveillance increases - though not enough to be noticed by customers.

Telephone Tapping Process

In India the process of intercepting telephones can be broken down into the following three steps:

1. Authorization

a. The Home Secretary issues an authorization for an interception request.

b. The Authorization is handed over to Police Officer in charge of the investigation.

c. The Police Officer serves the order to the nodal officer in the relevant service provider.

2. The service provider conducts the interception.

3. The intercepted data is handed over to the Police officer.

Under Rule 419A, a committee to review the authorization exists, comprising of officials such as the Cabinet Secretary, Secretary of the Department of Telecommunications, Secretary of the Department of Law and Justice and the Secretary of Information Technology and Communication ministry at the Centre and the Chief Secretary, the Law Secretary and an officer not below the rank of a Principal secretary at the State level.

Since the current infrastructure of telecom and broadband is with private service providers, the government is dependent on service providers to carry out surveillance. As national security is a concern of the government and because in the past intercepted material has been leaked by various sources, the government has proposed to replace the existing system. In this regard the government has proposed to set up a Central Monitoring System (CMS) for the interception of voice and data communications.

It is proposed that the CMS infrastructure will be positioned at the service provider's facilities, and will allow governmental agencies to directly intercept traffic on the network of service providers - thus there would no longer be a need for the government to reply on service providers to carry out interception requests. During the meeting it was discussed how this system has pros & cons

Pros

1. For private companies it eliminates an entire level of compliance.

2. It will reduce the possibility of unlawful, extra legal, & fraudulent authorizations of interception requests.

3. The interception carried out would be maintained in a log, which would clearly recorded, making the interception process becomes accountable.

Cons

1. Even though the existing system gives room for leaks, ironically it is the only way through which a person who is tapped will come to know, hence accounting for some transparency eg: Nira Radia & Amar Singh phone Tap case.

2. CMS will be built upon an existing interception framework, which is not procedurally fair - because of issues such as Internal Authorization, Adhoc procedure, that it is not under the ambit of RTI etc. This will result in a system with no transparency and accountability.

To this last point the Chair noted that in 2011 there were 7.5 Lakh phone taps by a single agency which was reportedly illegal. In an attempt to minimize such brazen violations a Privacy Bill is mooted and the round table conference is a step towards making it possible.

Immunity to TSP's & ISP's

Participants also raised the issue of difficulties that TSPs face while engaged in the process of interception, as they are caught between the customers and government authorities and subjected to harassment sometimes. This places service providers in a position where they must often make a number of compromises as they are expected to store traffic data for a specified period of time, but sometimes a judge might ask for access to data that is dated past the specific retention period. In such a scenario, service providers must provide it by accessing backup data.

The question of who should be the custodian of intercepted data was raised by participants as well as who should be held accountable if intercepted data is leaked into the public domain. The chair responded that the officers investigating the case should be held accountable for the intercepted data. This would be analogous to the system under the Right to Information Act whereby the Information officer is named and held accountable for the data or information he provides. Similarly, for the case of intercepted material, an officer should be named and held accountable for the data and ensuring that it reaches those that it is legally intended to.

It was also expressed that a market regulator, responsible for the safeguarding the interest of communication service providers, could be appointed for handling the personal data. Such a role could be merged with the traditional role of a Data Protection Authority and could be the first step towards an information security and assurance regime.

Legal immunity given to service providers was also discussed, as there was a general concern about the position service providers find themselves in - being held legally liable for not complying with orders from the government and being taken to court by citizens.

Format of Interception Orders and Interception as a service

A question was also posed to participants about what information ideally - apart from the intended duration of the order - should be incorporated into interception orders. Participants suggested that the order should be as specific and precise as possible, which the existing format to a large extent confirms. On the topic, a participant noted that in some cases, despite DoPT guidelines, interception orders are issued in regional languages. This can pose as a problem as the nodal officer might not know the language, thus leading to possible ambiguity & misinterpretation of the order. Participants suggested that orders should be in English.

Participants also pointed out that in most European countries - like France and Italy - a fee for the compliance cost arising out of implementing an interception order is paid to service providers by the government. In India, huge costs are involved in carrying out interceptions which service providers presently have to bare. As law enforcement and security agencies ask for more and more accuracy in surveillance, the charges of carrying out surveillance. To address this, participants suggested that interception as a service should be accommodated in the proposed Bill.

Conclusion

The discussions in the Surveillance and Privacy Roundtable in New Delhi mainly revolved around the authorization model and the process of interception. Overall, participants agreed on an organised executive model with an established accountability and review system. Also discussed was how to ensure that service providers are legally protected from disproportionate and unwarranted penalties. Towards this, the interception process should be viewed as a service rather than an obligation.

For more details visit https://cis-india.org/internet-governance/blog/introduction-about-the-privacy-and-surveillance-roundtables

Privacy, security and surveillance: tackling international dilemmas and dangers in the digital realm

praskrishna — 2014-12-15T12:56:49Z

Pranesh Prakash was a panelist in the session "Beyond the familiar: how do other countries deal with security and surveillance oversight?" The event was organized by Wilton Park between November 17 and 19, 2014.

Complete details of the programme can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/wilton-park-november-17-19-privacy-security-surveillance

Privacy vs. Transparency: An Attempt at Resolving the Dichotomy

sunil — 2015-03-08T06:26:21Z

The right to privacy has been articulated in international law and in some national laws. In a few countries where the constitution does not explicitly guarantee such a right, courts have read the right to privacy into other rights (e.g., the right to life, the right to equal treatment under law and also the right to freedom of speech and expression).

With feedback and inputs from Sumandro Chattapadhyay, Elonnai Hickok, Bhairav Acharya and Geetha Hariharan. I would like to apologize for not providing proper citation to Julian Assange when the first version of this blog entry was published. I would also like to thank Micah Sifry for drawing this failure to his attention. The blog post originally published by Omidyar Network can be read here. Also see http://newint.org/features/2015/01/01/privacy-transparency/

In other countries where privacy is not yet an explicit or implicit right, harm to the individual is mitigated using older confidentiality or secrecy law. After the Snowden affair, the rise of social media and the sharing economy, some corporations and governments would like us to believe that “privacy is dead”. Privacy should not and cannot be dead, because that would mean that security is also dead. This is indeed the most dangerous consequence of total surveillance as it is technically impossible to architect a secure information system without privacy as a precondition. And conversely, it is impossible to guarantee privacy without security as a precondition.

The right to transparency [also known as the right to information or access to information] – while unavailable in international law – is increasingly available in national law. Over the last twenty years this right has become encoded in national laws – and across the world it is being used to hold government accountable and to balance the power asymmetry between states and citizens. Independent and autonomous offices of transparency regulators have been established. Apart from increasing government transparency, corporations are also increasingly required to be transparent as part of generic or industry specific regulation in the public interest. For instance, India’s Companies Act, 2013, requires greater transparency from the private sector. Other areas of human endeavor such as science and development are also becoming increasingly transparent though here it is still left up to self-regulation and there isn’t as much established law. Within science and research more generally, the rise of open data accompanied the growth of the Open Access and citizen science movement.

So the question before us is: Are these two rights – the right to transparency and the right to privacy – compatible? Is it a zero-sum game? Do we have to sacrifice one right to enforce the other? Unfortunately, many privacy and transparency activists think this is the case and this has resulted in some conflict. I suggest that these rights are completely compatible when it comes to addressing the question of power. These rights do not have to be balanced against one another. There is no need to settle for a sub-optimal solution. Rather this is an optimization problem and the solution is as follows: privacy protections must be inversely proportionate to power and as Julian Assange says transparency requirements should be directly proportionate to power.[*]

In most privacy laws, the public interest is an exception to privacy. If public interest is being undermined, then an individual privacy can be infringed upon by the state, by researchers, by the media, etc. And in transparency law, privacy is the exception. If the privacy of an individual can be infringed, transparency is not required unless it is in the public interest. In other words, the “public interest” test allows us to use privacy law and transparency law to address power asymmetries rather than exacerbate them. What constitutes “public interest” is of course left to courts, privacy regulators, and transparency regulators to decide. Like privacy, there are many other exceptions in any given transparency regime including confidentiality and secrecy. Given uneven quality of case law there will be a temptation by the corrupt to conflate exceptions. Here the old common-law principle of “there is no confidence as to the disclosure of iniquity” – which prevents confidentiality law from being used to cover malfeasance or illegality – can be adopted in appropriate jurisdictions.

Around 10 years ago, the transparency movement gave birth to yet another movement – the open government data movement. The tension between privacy and transparency is most clearly seen in the open government data movement. The open government data movement in some parts of the world is dominated by ahistorical and apolitical technologists, and some of them seem intent on reinventing the wheel. In India, ever since the enactment of the Right to Information Act, 2003, 30 transparency activists are either killed, beaten or criminally intimidated every year. This is the statistic from media coverage alone. Many more silently suffer. RTI or transparency is without a doubt one of the most dangerous sectors within civil society that you could choose to work in. In contrast, not a single open data activist has ever been killed, beaten or criminally intimidated. I suspect this is because open data activists do not sufficiently challenge power hierarchies. Let us look a little bit closely at their work cycle. When a traditional transparency activist asks a question, that is usually enough to get them into trouble. When an open data activist publishes an answer [a dataset nicely scrubbed and machine readable, or a visualization, or a tool] they are often frustrated because nobody seems interested in using it. Often even the activist is unclear what the question is. This is because open data activist works where data is available. Open data activists are obsessed with big datasets, which are easier to find at the bottom of the pyramid. They contribute to growing surveillance practices [the nexus between Internet giants, states, and the security establishment] rather that focusing on sousveillance [citizen surveillance of the state, also referred to as citizen undersight or inverse surveillance]. They seem to be obsessed only with tools and technologies, rather than power asymmetries and injustices.

Finally, a case study to make my argument easier to understand – Aadhaar or UID, India’s ambitious centralized biometric identity and authentication management system. There are many serious issues with its centralized topology, proprietary technology, and dependence on biometrics as authentication factors – all of which I have written about in the past. In this article, I will explain how my optimization solution can be applied to the project to make it more effective in addressing its primary problem statement that corruption is a necessary outcome of power asymmetries in India.

In its current avatar – the Aadhaar project hopes to assign biometric-based identities to all citizens. The hope is that, by doing authentication in the last mile, corruption within India’s massive subsidy programmes will be reduced. This, in my view, might marginally reduce retail corruption at the bottom of the pyramid. It will do nothing to address wholesale corruption that occurs as subsidies travel from the top to the bottom of the pyramid. I have advocated over the last two years that we should abandon trying to issue biometric identities to all citizens, thereby making them more transparent to the state. Let us instead issue Aadhaar numbers to all politicians and bureaucrats and instead make the state more transparent to citizens. There is no public interest in reducing privacy for ordinary citizens – the powerless – but there are definitely huge public interest benefits to be secured by increasing transparency of politicians and bureaucrats, who are the powerful.

The Indian government has recently introduced a biometric-based attendance system for all bureaucrats and has created a portal that allows Indian citizens to track if their bureaucrats are arriving late or leaving early. This unfortunately is just bean counting [for being corrupt and being punctual are not mutually exclusive] and public access to the national portal was turned off because of legitimate protests from some of the bureaucrats. What bureaucrats do in office, who they meet, and which documents they process is more important than when they arrive at or depart from work. The increased transparency or reduced privacy was not contributing to the public interest.

Instead of first going after small-ticket corruption at the bottom of the pyramid, maximization of public interest requires us to focus on the top, for there is much greater ROI for the anti-corruption rupee. For example: constructing a digital signature based on audit trails that track all funds and subsidies as they move up and down the pyramid. These audit trails must be made public so that ordinary villagers can be supported by open data activists, journalists, social entrepreneurs, and traditional civil society in verification and course correction.

I hope open data activists, data scientists, and big data experts will draw inspiration from the giants of the transparency movement in India. I hope they will turn their attention to power, examine power asymmetries and then ask how the Aadhaar project can be leveraged to make India more rather than less equal.

Videos

Open Up? 2014: Risky Business: Transparency, Technology, Security, and Human Rights

Open Up? 2014: Data Collection and Sharing: Transparency and the Private Sector

The videos can also be watched on Vimeo:

[*].http://prospect.org/article/real-significance-wikileaks “Transparency should be proportional to the power that one has.”

Read the presentation on Risky Business: Transparency, Technology, Security and Privacy made at the Pecha Kucha session here. (ODP File, 35 kb)

Disclaimer: The views, opinions, and positions expressed by the author(s) of this blog are theirs alone, and do not necessarily reflect the views, opinions, or positions of Omidyar Network. We make no representations as to accuracy, completeness, timeliness, suitability or validity of any information presented by individual authors of the blogs and will not be liable for any errors, omissions, or delays in this information or any losses, injuries or damages arising from its display or use.

For more details visit https://cis-india.org/openness/blog-old/privacy-v-transparency

Getting Strategic about Openness and Privacy

praskrishna — 2014-11-09T09:19:23Z

This blog post by Tim Davies, Open Data Research Lead at Web Foundation was published in Open Up? on November 3, 2014.

Click to read the original post here. Sunil Abraham gave his inputs.

Information is powerful. And in a world where the amount of information generated, captured and stored has grown exponentially in recent decades, getting hold of the information you need, when you need it, relies upon having access to the data that describes it. That makes the control of data especially powerful.

Modern transparency initiatives, promoting the idea of open data, have been seeking to break the data-monopoly of privileged actors within the state — unlocking key datasets and making them available for public scrutiny and reducing the information inequalities that undermine open public discourse. Opening up government data is *one* way in which citizens can reclaim some power and reestablish the principle that “they work for us”. Open government data gives us power to know how the government is spending money, what companies are getting public sector contracts and licenses, who owns these companies, what profits they make and what royalties and taxes they pay. Yet, progress has been slow, and we have faced substantial challenges in securing reliable and standardised flows of public data that can be joined-up to give a true picture of how public resources are being used, and key decisions made. Although millions of public datasets have been placed online, the most politically salient are often lacking. The 2013 Open Data Barometer found fewer than 1 in 10 accountability datasets were truly open.

At the same time, advocates of building a more open government need to grapple with three other trends that are shaping discussions of data, power and the state:

Firstly, and most important, the revelations brought to our attention by whistleblower Edward Snowden have confirmed the extent of the secret state and the profound imbalance of power between citizens and their state created through mass surveillance. Whilst projects to disclose even basic data on the state like public spending are underfunded and ad hoc, billions of dollars are poured into tools and technologies that violate basic human rights and that threaten trust and security on the Web. Fundamentally the problem with secret mass surveillance is that it destroys the checks and balances that are meant to limit the power of the state over citizens.
Secondly, and in part due to the discussion spared by Snowden, public awareness of the data, and consequently power, held by corporations has grown. The Web has become increasingly centralised, and large companies now harvest large amounts of data on any individual technology user. In parallel, in some countries such as the UK, governments have sought to use open data agendas as cover for increased proprietary sharing of public data with private firms, seeking to go around established principles of consent to share publicly held health, tax or student records with profit-making firms. Such data-sharing is not inherently wrong if there are public benefits, but building citizen trust in the state’s stewardship of personal data, and ensuring safeguards are in place to warrant that trust, is a major challenge.
Thirdly, concerns have been raised that some of the data released through open data initiatives may also affect the privacy of citizens. Some aggregated and anonymised datasets can be combined with other data to reverse engineer identifiable information. Although early calls for “raw data now” were clear that they were not calling for open personal information, in practice the divide between personal and public can be a narrow one.

So, do these trends mean we should be more cautious about opening up? Should the balance swing back towards a focus on protecting privacy? Ultimately, a simple opposition of privacy and openness is a false dichotomy. The question is not should we focus on openness, or should we protect privacy: but is Who should be open? And how? And whose privacy should be protected, and how?

Sunil Abraham, of the Centre for Internet and Society in Bangalore, has offered a key solution in the idea that:

“Transparency should be proportional to power, privacy inversely so.”

It is on this basis that organisations working for a fairer future, with more vibrant public discourse, greater freedom, and better governments, can campaign for both privacy and openness together. Those who occupy public office, own companies, or tender for public contracts must accept that there is a legitimate public interest in information about their activities in these roles, whilst independent citizens must be afforded space to form views and live lives without constant state surveillance. Companies should not be considered to have a right to privacy: their interests are already protected by other laws and provisions.

To deliver effective openness through open data, the Web Foundation is working to understand how data gets used on the ground in different settings across the world, and, with Omidyar support, is working on the creation of inclusive open data standards for public contracting data. Standards like the Open Contracting Data Standard are part of building a new infrastructure of open governance, making it possible to join-up data from different places, helping tilt the balance of power towards citizens when it comes to scrutinising governments and corporations. Through the Open Data Barometer we keep track of the availability of key datasets that can be used for accountability, and we’re co-chairing the Open Government Partnership Open Data Working Group, seeking to set high standards for relevant and usable data disclosures by governments.

By focussing on the civic use of data, we can better identify those datasets that must be in the public domain. And by thinking about relative power when considering privacy we can address genuine privacy concerns, whilst not allowing corporations claiming privacy rights, or public figures trying to hide their financial interests, from diminishing the power of data to enable accountability.

At the same time, the Web Foundation leads the Web We Want campaign, challenging mass surveillance and seeking to secure a Web where individuals have the right to privacy, and the tools to secure it. And increasingly transparency of what the state and companies do with personal data can help increase the capacity of citizens to respond to threats to their autonomy, and can increase oversight and safeguards on state or corporate capacity.

Ultimately, our ongoing efforts to open up, and to protect individual freedoms, have to be strategic. And keeping an analysis of power, and Sunil’s maxim, in mind, provides a good starting point to guide the strategy.

For more details visit https://cis-india.org/internet-governance/news/open-up-tim-davies-november-3-2014-getting-strategic-about-openness-and-privacy

Ubiquity, Mobility, Globality: Charting Directions in Mobile Phone Studies

praskrishna — 2014-12-04T16:27:26Z

Nehaa Chaudhari made a presentation at the Ubiquity, Mobility, Globality : Charting Directions in Mobile Phone Studies Conference. This was organized by the Center for Global Communication Studies at the Annenberg School for Communication, University of Pennsylvania, Philadelphia on November 6 and 7, 2014. Nehaa was on a panel titled Mobile and its Effects on Global Markets and made a presentation on Pervasive Technologies: Access to Knowledge in the Workplace.

Nehaa Chaudhari's presentation can be downloaded here (PDF, 518 KB). Click here for the full programme. Download the agenda here.

Mobile phones are tools for activism and civic participation, surveillance and repression, market making and market disruption. In Ithiel de Sola Pool’s memorable phrase, there have been few “technologies of freedom” that match the consequences of these new instruments and the infrastructure that supports them. This conference examines dimensions of the social, political, and economic effects of the global ubiquity of mobile phones:

What are the affordances and limitations of mobile phones in development?
What is the impact of mobile phones on socio-political change?
How do mobile phones continue to shape our civil liberties?
What are the geo-political consequences of these mobilities?
How does mobile phone adoption challenge and support market innovation?

To tackle these questions, this conference brings together voices from the academy, civil society, and industry—all to examine the heterogeneous sources and consequences of mobility’s diffusion. The goal of this conference is to further interdisciplinary and comparative approaches to the understanding of the mobile phenomenon and to chart directions in mobile phone studies. The conference is funded by the Provost’s Global Engagement Fund, the Center for Global Communication Studies, and the Project for Advanced Research in Global Communication and the program reflects the input of several Schools at Penn, including the Annenberg School for Communication, Wharton, Law, and the School of Arts and Sciences.

For more details visit https://cis-india.org/a2k/news/center-for-global-communication-studies-november-6-2014-ubiquity-mobility-globality-charting-directions-in-mobile-phone-studies