Centre for Internet and Society

Indian politicians yet to tap voters online: CIS’s Abraham

praskrishna — 2013-10-23T05:31:34Z

Sunil Abraham talks about the role online media will play in forthcoming elections and the behaviour of online readers of news.

The interview (taken by Venkatesh Upadhyay) was published in Livemint on October 22, 2013.

Sunil Abraham, 40, is executive director of the Centre for Internet and Society, a not-for-profit research organization that works on issues related to freedom of expression and privacy. Abraham was in New Delhi to speak on the impact of media, social media and technology on governance and democracy, organized by the Observer Research Foundation together with the Rosa Luxemburg Stiftung. On the sidelines of the conference, he talked about the role that online media will play in forthcoming elections as well the behaviour of online readers of news.

Edited excerpts from the interview:

How important will digital media be for the forthcoming elections?

I think the Internet in India is very different from, say, the one found in the US. So, our capacity to read from similar experience in their elections is limited. If you take the extensive exposure that the (Barack) Obama campaign had on the online space and the manner in which it supposedly helped the campaign, I don’t see that happening here.

Politicians and political parties very active on social media. You don’t think that will have an effect on elections?

I think the missing part of the equation till now is that there has not been any devising—to my knowledge—of targeting of voters through Facebook or Twitter. Our digital footprint leads to immense big-data opportunities, which I do not see politicians in India being able to exploit. Again, to give an example from the United States, there were certain instances there from where if you were member of a particular community, you could be targeted by political campaigns. Here, I don’t see that happening that easily.


Above: Sunil Abraham on the role of digital media in elections

So our politicians are wasting their time on social media?

Not entirely. In my view, one of the good things that the Internet does is that it has the capacity to democratize public opinion. One must also keep in mind that networks such as the ones available through social media are not homogenous. So nodes such as users who are opinion-makers and journalists are active on these networks, and so politicians can use these methods to reach out to more people.

Does the traditional media still have a role?
Of course. Traditional media is more likely to determine political outcomes in comparison to social media because most of the links that we see in social media are related to content that is created on traditional media. Now, of course, we can be sceptical of the role that traditional media plays in influencing the general mood of the country, but that is a different question.

Is there something peculiar about the manner in which readers interact with newspaper reports online?
I think one can usually see the comments section of some news sites littered with hurtful and hateful comments. So, some readers such as myself basically go through these comments to look at trolling and also sometimes for comic relief. But again, every news organization seems to be dealing with this differently. The Times of India, doesn’t, in my view, regulate its comments section. But one can see, say, in The Hindu, that readers’ comments are regulated and are usually very thoughtful.

Is there any particular reason why certain news readers respond the way they do?

Well, a part of the reason why people consuming news online comment and interact the way they do is that anonymity produces a level of freedom that allows people to be more brutal in their behaviour online.

At the same time, you can also see, in some instances, the chilling effects of surveillance, where people end up censuring their thoughts on issues. Of course, surveillance is not the answer. Societies need to deal with hateful threats on their own terms.

What will it take for politicians and public figures to get their message across, given the idiosyncrasies of the Indian digital media?
I think two components are crucial: trust and authenticity. For example, in the case of Wikipedia, there is an assumed amount of trust that the user has. The trust relationship between public figures who are active online and the public also is a two-way street. Politicians must also trust their common party members to use their social media presence as and when they want to. For example, why don’t they allow each and every member of the political party to man their Twitter handle for a day?

As for authenticity, the human mind can say whether an act by someone online is authentic or not.

Finally, what is your view on the role that larger Internet monopolies such as Facebook and Google are playing across the digital plane?

The Internet has also changed over the past 15 years. It used to be a decentralized network. Everybody was hopeful that it would have democratizing potential and, therefore, techno-utopianism was born. Now, it is increasingly clear that a small proportion of websites have 90% of the traffic and large corporations such as Google and Facebook play a significant role in configuring the attention economy. They are now also beginning to take this role very seriously themselves. In the case of Google, increasingly Google is using its power over the attention economy to play a role in the electoral process in India. They have been holding Google Hangouts and what they have been able to do is bring the public to the politicians.

Other concerns such as Facebook and Twitter through their walled-garden arrangements with telecom companies also play a similar role in configuring the attention economy. One is more innocuous—like the manner in which their algorithms are structured determining who shows up in their feeds.

For more details visit https://cis-india.org/news/livemint-venkatesh-upadhyay-october-22-2013-indian-politicians-yet-to-tap-voters-online

Interview with the Tactical Technology Collective on Privacy and Surveillance

maria — 2013-10-18T09:56:16Z

The Centre for Internet and Society recently interviewed Anne Roth from the Tactical Technology Collective in Berlin. View this interview and gain an insight on why we should all "have something to hide"!

For all those of you who haven't heard of the Tactical Technology Collective, it's a Berlin and Bangalore-based non-profit organisation which aims to advance the skills, tools and techniques of rights advocates, empowering them to use information and communications to help marginalised communities understand and effect progressive social, environmental and political change.

Tactical Tech's Privacy & Expression programme builds the digital security awareness and capacity of human rights defenders, independent journalists, anti-corruption advocates and activists. The programme's activities range from awareness-raising comic films aimed at audiences new to digital security issues, to direct training and materials for high-risk defenders working in some of the world's most repressive environments.

Anne Roth works with Tactical Tech on the Privacy & Expression programme as a researcher and editor. Anne holds a degree in political science from the Free University of Berlin. She cofounded one of the first interactive media activist websites, Indymedia, in Germany in 2001 and has been involved with media activism and various forms of activist online media ever since. She has worked as a web editor and translator in the past. Since 2007 she has written a blog that covers privacy, surveillance, media, net politics and feminist issues.

The Centre for Internet and Society interviewed Anne Roth on the following questions:

How do you define privacy?
Can privacy and freedom of expression co-exist? Why/ Why not?
What is the balance between Internet freedom and surveillance?
According to research, most people worldwide care about their online privacy – yet they give up most of it through the use of social networking sites and other online services. Why, in your opinion, does this occur and what are the potential implications?
Should people have the right to give up their right to privacy? Why/ Why not?
What implications on human rights can mass surveillance potentially have?
“I'm not a terrorist and I have nothing to hide...and thus surveillance can't affect me personally”. Please comment.
Do we have Internet freedom?

VIDEO

For more details visit https://cis-india.org/internet-governance/blog/interview-with-the-tactical-technology-collective

Interview with Bruce Schneier - Internationally Renowned Security Technologist

maria — 2013-10-17T08:54:32Z

Maria Xynou recently interviewed Bruce Schneier on privacy and surveillance. View this interview and gain an insight on why we should all "have something to hide"!

Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist.

He is the author of 12 books -- including Liars and Outliers: Enabling the Trust Society Needs to Survive -- as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and his blog "Schneier on Security" are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press.

Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Security Futurologist for BT -- formerly British Telecom.

The Centre for Internet and Society (CIS) interviewed Bruce Schneier on the following questions:

Do you think India needs privacy legislation? Why/ Why not?
The majoity of India's population lives below the line of poverty and barely has any Internet access. Is surveillance an elitist issue or should it concern the entire population in the country? Why/ Why not?
“I'm not a terrorist and I have nothing to hide...and thus surveillance can't affect me personally.” Please comment.
Can free speech and privacy co-exist? What is the balance between privacy and freedom of expression?
Should people have the right to give up their right to privacy? Why/ Why not?
Should surveillance technologies be treated as traditional arms/weapons? Why/ Why not?
How can individuals protect their data (and themselves) from spyware, such as FinFisher?
How would you advise young people working in the surveillance industry?

VIDEO

For more details visit https://cis-india.org/internet-governance/blog/interview-with-bruce-schneier

Interview with Big Brother Watch on Privacy and Surveillance

maria — 2013-10-15T14:24:27Z

Maria Xynou interviewed Emma Carr, the Deputy Director of Big Brother Watch, on privacy and surveillance. View this interview and gain an insight on why we should all "have something to hide"!

For all those of you who haven't heard of Big Brother Watch, it's a London-based campaign group which was founded in 2009 to protect individual privacy and defend civil liberties.

Big Brother Watch was set up to challenge policies that threaten our privacy, our freedoms and our civil liberties, and to expose the true scale of the surveillance state. The campaign group has produced unique research exposing the erosion of civil liberties in the UK, looking at the dramatic expansion of surveillance powers, the growth of the database state and the misuse of personal information. Big Brother Watch campaigns to give individuals more control over their personal data, and hold to account those who fail to respect our privacy, whether private companies, government departments or local authorities.

Emma Carr joined Big Brother Watch as Deputy Director in February 2012 and has since been regularly quoted in the UK press. The Centre for Internet and Society interviewed Emma Carr on the following questions:

How do you define privacy?
Can privacy and freedom of expression co-exist? Why/Why not?
What is the balance between Internet freedom and surveillance?
According to your research, most people worldwide care about their online privacy – yet they give up most of it through the use of social networking sites and other online services. Why, in your opinion, does this occur and what are the potential implications?
Should people have the right to give up their right to privacy? Why/Why not?
What implications on human rights can mass surveillance potentially have?
“I'm not a terrorist and I have nothing to hide...and thus surveillance can't affect me personally.” Please comment.
Do we have Internet freedom?

VIDEO

For more details visit https://cis-india.org/internet-governance/blog/interview-with-big-brother-watch-on-privacy-and-surveillance

The India Privacy Monitor Map

maria — 2013-10-09T16:26:14Z

The Centre for Internet and Society has started the first Privacy Watch in India! Check out our map which includes data on the UID, NPR and CCTNS schemes, as well as on the installation of CCTV cameras and the use of drones throughout the country.

In a country of twenty-eight diverse states and seven union territories, it remained unclear to what extent surveillance, biometric and other privacy-intrusive schemes are being implemented. We are trying to make up for this by mapping out data in every single state in India on the UID, CCTNS and NPR schemes, as well as on the installation of CCTV cameras and the use of Unmanned Aerial Vehicles (UAVs), otherwise known as drones.

In particular, the map in its current format includes data on the following:

UID: The Unique Identification Number (UID), also known as AADHAAR, is a 12-digit unique identification number which the Unique Identification Authority of India (UIDAI) is currently issuing for all residents in India (on a voluntary basis). Each UID is stored in a centralised database and linked to the basic demographic and biometric information of each individual. The UIDAI and AADHAAR currently lack legal backing.

NPR: Under the National Population Register (NPR), the demographic data of all residents in India is collected on a mandatory basis. The Unique Identification Authority of India (UIDAI) supplements the NPR with the collection of biometric data and the issue of the AADHAAR number.

CCTV: Closed-circuit television cameras which can produce images or recordings for surveillance purposes.

UAV: Unmanned Aerial Vehicles (UAVs), otherwise known as drones, are aircrafts without a human pilot on board. The flight of a UAV is controlled either autonomously by computers in the vehicle or under the remote control of a pilot on the ground or in another vehicle. UAVs are used for surveillance purposes.

CCTNS: The Crime and Criminal Tracking Networks and Systems (CCTNS) is a nationwide networking infrastructure for enhancing efficiency and effectiveness of policing and sharing data among 14,000 police stations across India.

Our India Privacy Monitor Map can be viewed through the following link: http://cis-india.org/cisprivacymonitor

This map is part of on-going research and will hopefully expand to include other schemes and projects which are potentially privacy-intrusive. We encourage all feedback and additional data!

For more details visit https://cis-india.org/internet-governance/blog/india-privacy-monitor-map

Privacy Meet

praskrishna — 2013-11-20T05:13:57Z

Bhairav Acharya was invited by Yahoo's Director of International Privacy, Laura Juanes Micas, to a dinner meeting on privacy at the Oberoi in New Delhi.

The meeting was attended by Justice A.P. Shah, Dr. Gulshan Rai, Dr. Kamlesh Bajaj and others. At this event, Bhairav spoke about the need to develop laws to regulate surveillance and personal data in India. Bhairav further spoke about both the commercial benefits that will accrue from data protection law as well as the national benefit from surveillance regulation and security law. Bhairav also spoke of the need to create a procedure that is just, fair and reasonable and, he highlighted the point that these laws would have to survive constitutional scrutiny by the Supreme Court of India. He also pointed out that meaningful protections lay in creating procedural law that allowed individuals the protection of natural justice and identified magistrates to authorise data collections and interceptions. He further made it clear that India's distinct security situation, both internal and external, warranted a robust surveillance framework that enables law enforcement and strengthens the criminal justice system in manner consistent with the rule of law.

Timings	Agenda
19.00 19.25	Handshakes and Introduction
19.25 19.30	Welcome Remarks by Laura Juanes Micas, Director – International Privacy, Yahoo Inc
19.30 19.35	Address by Manoj Joshi, Joint Secretary, Deptt of Personnel and Training
19.35 19.40	Address by Dr. Gulshan Rai, Director General, CERT-IN
19.40 19.45	Address by Dr. Kamlesh Bajaj, CEO – Data Security Council of India (DSCI)
19.45 19.50	Address by Bhairav Acharya, Legal Adviser, Centre for Internet and Society (CIS)
19.50 19.55	Address by Rajan Mathews, Director General, Cellular Operators Association of India (COAI)
19.55 20.00	Address by Justice A P Shah, Former Chief Justice, Delhi High Court and Chairman, Group of Experts
20.00 20.05	Address by Pavan Duggal, Advocate, Supreme Court
20.05 20.10	Address by Chinmayi Arun, Research Director – Centre for Communication Governance, National Law University - Delhi
20.10 20.15	Address by Prasanth Sugathan, Counsel, Software Freedom Law Centre (SFLC.IN)
20.15 20.20	Address by Dr. Subho Ray, President, Internet and Mobile Association of India (IAMAI)
20.20	Discussions (Along with Sit – Down Dinner)

For more details visit https://cis-india.org/news/privacy-meet-october-7-2013

Decline in web freedom steepest in India: Report

praskrishna — 2013-10-24T03:50:51Z

In a report on the state of internet in 60 countries, Freedom House, a US-based organization, said that in 2013 India saw the "most significant year-on-year decline" in terms of the web freedom.

The article by Javed Anwer was published in the Times of India on October 3, 2013. Sunil Abraham is quoted.

The report said that that the internet in India was "partly free". This is the same status that India had in 2012. But the country's score is now 47 points (higher means more censorship) in 2013 compared to 39 in 2012. The 8-point fall is the steepest Freedom House found among all 60 countries that the group surveyed. Freedom House said it recorded 5-point fall in Brazil, Venezuela and the US.

Despite mass surveillance revealed by Edward Snowden, a former contractor for National Security Agency in the US, Freedom House calls the web in the country "free".

The Freedom House report said that in 2013 India "suffered from deliberate interruptions of mobile and internet service to limit unrest, excessive blocks on content during rioting in northeastern states, and an uptick in the filing of criminal charges against ordinary users for posts of social media sites".

In 2013, India's commitment to the web freedom has not only been worse than developed countries but has also been inferior to countries like Malawi, Tunisia and Mexico.

In the case of India, Freedom House particularly singles out Central Monitoring System, which Indian government is putting in place to regulate and monitor the web usage within the country. "Surveillance (under CMS) requires no judicial oversight. While some of this activity might be justifiable, the lack of transparency surrounding the system, which was never reviewed by Parliament, is concerning," it notes in the report. "The system's potential for abuse is also disquieting, as is its inadequate legal framework.

The report cites the case of the girl who was arrested for liking a Facebook post in Maharashtra, blocking of some Twitter accounts belonging to Indian users, overly broad court directives that have resulted in blocking of websites and a general lack of transparency in how Indian government blocks or filters content reach a conclusion that Indians now have less freedom on how they use the web.

Sunil Abraham, director at Bangalore-based Centre for Internet and Society, says that Freedom House reports are not very accurate because they don't factor in censorship by copyright holders. But he agreed with its basic premise that in India conditions for web users are getting more difficult.

"The report is absolutely right in pointing out that censorship and surveillance in India is increasing. Despite protests from many quarters, it is a real pity that the government is not taking steps to amend the IT act and has joined other nation states in the global race to the bottom of the internet freedom," said Abraham.

Anja Kovacs, founder of Delhi-based Internet Democracy Project, agrees. "I have some issues with Freedom House reports due to how they are prepared and their methodologies. But yes I can say that last year has been very eventful and difficult," said. "But at the same time, there has also been a lot of push back from web users and activists. There have been conversations around the issue of web censorship, which is good."

Globally, the web surveillance is on the rise. "Broad surveillance, new laws controlling web content, and growing arrests of social-media users drove a worldwide decline in internet freedom in the past year," noted Freedom House.

Overall, 34 out of 60 countries part of the report saw a decline in the web freedom. "Vietnam and Ethiopia continued on a worsening cycle of repression; Venezuela stepped up censorship during presidential elections; and three democracies—India, the United States, and Brazil—saw troubling declines," noted the report.

Iceland and Estonia topped the list of countries with the greatest degree of internet freedom. China, Cuba, and Iran were found to be the most repressive countries.

For more details visit https://cis-india.org/news/times-of-india-october-3-2013-javed-anwer-decline-in-web-freedom-steepest-in-india

September 2013 Bulletin

praskrishna — 2013-10-24T06:48:33Z

Our newsletter for the month of September 2013 can be accessed below.

The Centre for Internet and Society (CIS) welcomes you to the ninth issue of its newsletter for the year 2013. During this month we signed an MoU with the Goa University to enhance digital literacy in Konkani language, submitted a report on Inclusive Disaster and Emergency Management for persons with disabilities to the National Disaster Management Authority, published an updated version of the Privacy Protection Bill, 2013 based on feedback collected from the Privacy Round Table held on August 24, and published an analysis of the Crucifixion Protests in Paraguay. Further, updates on our upcoming events and media coverage are brought in this newsletter.

Our policies on Ethical Research Guidelines, Non-Discrimination and Equal Opportunities, Privacy, Terms of Website Use, and Travel can be accessed here.

Accessibility

As part of our project on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India with the Hans Foundation, we bring you a new draft chapter on the union territory of Andaman and Nicobar. With this we have completed compilation of draft chapters for 21 states and 4 union territories. Feedback and comments are invited from readers for this chapter:

National Resource Kit Chapter

The Andaman and Nicobar Chapter (by CLPR, September 30, 2013).

Reports

Inclusive Disaster and Emergency Management for Persons with Disabilities (by Deepti Samant Raja and Nirmita Narasimhan, September 17, 2013). It was submitted to the National Disaster Management Authority of India (NDMA) on September 17 for their action.
The ICT Opportunity for a Disability-Inclusive Development Framework (by leading international organisations such as G3ict, ITU, Microsoft, UNESCO, et.al.) was released on September 24. CIS gave its inputs to this report.

Access to Knowledge and Openness

The Access to Knowledge team at CIS is working on expanding the Indic language Wikipedia in partnership with the Wikimedia Foundation . As part this project, we held seven Wikipedia workshops. Our project on Pervasive Technologies examines the relationship between production of pervasive technologies and intellectual property and we have produced a column in EuroScientist as part of our efforts of promoting openness including open government data, open standards, open access, and free/libre/open source software:

Open Access
Column

Open Access: An Opportunity for Scientists around the Globe (by Subbiah Arunachalam, Euro Scientist, September 25, 2013).

Blog Entries

e - DIRAP Google+ Hangout: Open Government (by Christine Apikul, September 18, 2013).
The Indian Council of Agricultural Research Adopts an Open Access Policy (by Nehaa Chaudhari, September 30, 2013).

Wikipedia
Wikipedians from various communities can request for outreach programmes, technical bugs, logistics-merchandize and media, public relations and communications here.

Announcements

CIS Signs MoU with Goa University: The A2K team at CIS has signed an MoU with the Goa University to digitize the “Konkani Vishwakosh” under the Creative Commons license and build a digital knowledge partnership to enhance digital literacy in Konkani language. See here for more details.

Konkani Vishwakosh Digitization Project: The Centre for Internet and Society in collaboration with the University of Goa invites you to a two-month project on digitization of Konkani Vishwakosh. Please send in your applications by October 5, 2013.

Video

Wikipedians Speak: Piotr Konieczny: This episode brings you a conversation with Piotr Konieczny, a veteran Wikipedian from Poland. He has contributed to over 514 DYK articles on Wikipedia.

Columns and Blog Entries

Recap on Konkani Wikipedia Workshop (by Subhashish Panigrahi, Startup Goa Blog, September 9, 2013).
ଅବସର ପରର ଦ୍ବିତୀୟ ଜୀବନ, ଅବସର ପରେ ସକ୍ରିୟ ଭାବେ ଓଡ଼ିଆ ଉଇକିପିଡ଼ିଆରେ ଲେଖାଲେଖି ଜାରୀ ରଖିଥିବା ଜଣେ ଡାକ୍ତରଙ୍କ ସ‌ହ ଭାବାଲୋଚନା (by Subhashish Panigrahi, Odiapua, September 10, 2013).
Selection of Programme Officer — Pilot Projects, CIS-A2K (by Nitika Tandon, September 10, 2013).
Wikipedia reaches Classrooms in Hyderabad (by Syed Muzammiluddin, September 20, 2013).

Events Organised

A Kannada Wikipedia Workshop in Mysore (University of Mysore, August 6, 2013): This is a report of the workshop conducted last month. Dr. Pavanaja conducted the workshop.
Wikipedia Introductory Workshop (Department of Computer Science and Technology, University of Goa, September 28, 2013). Nitika Tandon conducted this workshop. The details will be posted soon.
Train the Trainer — Four-day long Residential Training Workshop in Bangalore (organised by CIS-A2K, Bangalore, October 3 – 6, 2013).

Events Co-organised

Digital Resources in Telugu: A Workshop for Research Scholars (co-organised by CIS-A2K and the English and Foreign Languages University, Hyderabad, September 13, 2013). T. Vishnu Vardhan participated in this event.
Re-releasing Konkani Vishwakosh & Building Konkani Wikipedia (organised by CIS-A2K and the University of Goa, Conference Hall, Goa University, Taleigao, September 26, 2013).
Wikipedia Introductory Workshop (co-organised by CIS-A2K and wikipedians John Noronha and Supriya Kankumbikar, September 27, 2013). Nitika Tandon participated in this workshop.
Odisha: Wikipedia workshop at IIMC, Dhenkanal (co-organised by CIS-A2K and Odia Wikimedia community, September 30, 2013). Subhashish Panigrahi coordinated the entire event along with members of Odia Wikipedia, Dr Subas Chandra Rout, Mrutyunjaya Kar and Sasanka Sekhar Das. This was covered by Odisha Diary (http://bit.ly/1bna9zd), and eOdisha Samachar (http://bit.ly/1aNJvv4).

Events Participated In

Workshop on e-Content Development (organised by Centre for Staff Training and Development, Dr. B.R. Ambedkar Open University, Hyderabad, September 4 – 6, 2013). Vishnu Vardhan gave a guest lecture on Open Source to Open Knowledge, Building Knowledge Bases and Platforms via Mass Collaboration on the Internet, e-Content in Indian languages – History, Challenges and Opportunities, Wikipedia Users to Wikipedia Authors – Exploring Wikipedia as an OER Tool, and e-Content, e-Student, e-Faculty – Reimagining classroom in the digital Age.
Kannada Wikipedia Workshop (organised by Department of Journalism and Mass Communication, SDM College, Ujire, September 15, 2013). Dr. U.B.Pavanaja participated in this workshop.
Konkani Wikipedia Workshop (organised by St. Aloysius College, AIMIT, St Aloysius College (Autonomous), Beeri, Mangalore, September 13, 2013). Dr. U.B. Pavanaja participated in this.

Media Coverage

'Help Konkani Wikipedia come out of incubation' (Deccan Herald, September 13, 2013): The article talks about the relative lack of content in Konkani Wikipedia. “To get it out of incubation, many should write Konkani articles for Wikipedia,” Dr. Pavanaja was quoted as having said.
Konkani Vishwakosh relaunch tomorrow (The Hindu, September 26, 2013). A coverage of the re-release of the Konkani encyclopaedia under Creative Commons license.
Goa university re-releasing Konkani encyclopaedia on Sept 26 (The Times of India, September 24, 2013): Goa University and CIS-A2K re-released the four volume 3632 page Konkani Vishwakosh (encyclopaedia) in Goa.
Goa University announces plan to upload Konkani encyclopedia on Wikipedia (Navhind Times, September 27, 2013).
Konkani Wikipedia from Goa University in 6 months (The Times of India, September 27, 2013): Goa University becomes the first varsity in India to allow data produced and copyrighted by an Indian university to be used by internet users. Professors, students and anyone with expertise or love for Konkani can come forward to help with the project for which training will be provided, says Vishnu Vardhan.
Konkani Wikipedia in the making (by Prakash Kamat, The Hindu, September 29, 2013): Goa University re-launched a four-volume Konkani encyclopaedia and will upload it on Wikipedia. The process will be completed in six months times, says Vishnu Vardhan.
For the love of Konkani: Preserving Goa's official language (by Joanna Lobo, DNA, September 29, 2013): Konkani has 24 lakh speakers as per the Census Department of India 2001 but online documentation is limited. CIS-A2K wants to strengthen the Konkani Wikipedia, says Nitika Tandon.
Goa University to make available online Konkani Wikipedia, within 6 months (by Jagran Josh, September 30, 2013).
Goa University Partners CIS India to Build Konkani Wikipedia (by Apurva Chaudhary, Medianama, September 30, 2013).

Access to Knowledge (Copyright and Pervasive Technologies)

The Access to Knowledge programme addresses the harms caused to consumers, developing countries, human rights, and creativity/innovation from excessive regimes of copyright, patents, and other such monopolistic rights over knowledge:

Event Participated In

The Law and Economics of Copyright Users Rights (organised by the American University Washington College of Law, Massachusetts Ave., NW, Washington DC, September 26, 2013). Sunil Abraham presented the Pervasive Technologies project.

Internet Governance

We are doing a project on conducting research on surveillance and freedom of expression (SAFEGUARDS) with Privacy International and IDRC. So far we have organised six privacy round tables and drafted the Privacy (Protection) Bill. This month we bring you the latest version of the Privacy (Protection) Bill and an analysis of the six privacy round tables. We are also doing a project on mapping cyber security actors in South Asia and South East Asia with the Citizen Lab, Munk School of Global Affairs, University of Toronto and IDRC. We did an interview with Lawrence Liang on privacy and free speech:

SAFEGUARDS Project
Bill

Privacy (Protection) Bill, 2013: Updated Third Draft (by Bhairav Acharya, September 30, 2013): CIS has been researching privacy in India since 2010 with the objective of raising public awareness around privacy, completing in depth research, and driving a privacy legislation in India. As part of this work, we drafted the Privacy (Protection) Bill, 2013. This is the latest version with changes based on feedback from the Privacy Round Table held on August 24.

Event Reports

A Privacy Meeting with the Federal Trade Commission (co-organised by CIS and the Federal Trade Commission, Imperial Hotel, Janpath, New Delhi, September 20, 2013). Elonnai Hickok participated in this meeting.
The National Privacy Roundtable Meetings (by Bhairav Acharya, September 19, 2013). Bhairav provides an analysis of the six round table meetings held in the cities of New Delhi, Bangalore, Chennai, Mumbai, and Kolkata.

Interview

An Interview with Suresh Ramasubramanian (by Elonnai Hickok, September 6, 2013): Suresh Ramasubramanian from IBM speaks about cyber security and issues in the cloud.

Articles and Blog Entries

India: Privacy in Peril (by Bhairav Acharya, Frontline, July 12, 2013). The article was published in Frontline in July but was mirrored only recently on our website.
Privacy Law Must Fit the Bill (by Sunil Abraham, Deccan Chronicle, September 9, 2013).
Transparency Reports — A Glance on What Google and Facebook Tell about Government Data Requests (by Prachi Arya, September 12, 2013).
The National Cyber Security Policy: Not a Real Policy (by Bhairav Acharya, Observer Research Foundation's Cyber Security Monitor Vol. I, Issue.1, August 2013).
The Central Monitoring System: Some Questions to be Raised in Parliament (by Bhairav Acharya, September 19, 2013).
CIS and International Coalition Calls upon Governments to Protect Privacy (by Elonnai Hickok, September 25, 2013).
An Analysis of the Cases Filed under Section 46 of the Information Technology Act, 2000 for Adjudication in the State of Maharashtra (by Bhairav Acharya, September 30, 2013): This is a brief review of some of the cases related to privacy filed under section 46 of the Information Technology Act, 2000 seeking adjudication for alleged contraventions of the Act in the State of Maharashtra.

Media Coverage

Gmail ban looms for Indian gov't workers (by Beatrice Thomas, Arabian Business.com, September 1, 2013): The article says that government would ban Gmail for official communication in light of cyber spying by the US. Sunil Abraham agrees with the ban.
Indien: Regierung will Nutzung von US-Mailprovidern in Verwaltungen verbieten (Netzpolitik, September 3, 2013). Sunil Abraham was quoted in this German newspaper.
A dangerous trend: social media adds fire to Muzaffarnagar clashes (by Zia Haq, The Hindustan Times, September 9, 2013). The article speaks about censorship in wake of publication of malicious content. In such cases the government has a legitimate reason to censor speech, says Sunil Abraham.
Three Years Later, IPaidABribe.com Pays Off (by Jessica McKenzie, TechPresident, September 23, 2013): The article talks about IPaidABribe.com, an online portal focusing on civic engagement and improving governance. But the real problem in India is “high ticket bribes...at the top of the pyramid,” Sunil Abraham was quoted as having said.
Indian biometric ID plan faces court hurdle (by John Ribeiro, Computer World, September 25, 2013): The article talks about Aadhar (India’s biometric system). The Aadhaar number now allows different agencies including private organizations to collect and exchange data between them, says Pranesh Prakash.

Upcoming Event

Privacy Round Table, New Delhi (co-organised by FICCI, DSCI and CIS, FICCI Federation House, Tansen Marg, New Delhi, October 19, 2013).

Event Organised

Public Law and Jurisprudential Issues of Privacy (CIS, Bangalore, September 27, 2013): Abhayraj Naik, a graduate from the National Law School of India University, Bangalore, and the Yale Law School gave a talk on public law and jurisprudential issues related to privacy.

Events Participated In

Young Scholar Tutorials (organised by Communication Policy Research South, September 3-4, 2013). Nehaa Chaudhari participated in this event.
Privacy and Surveillance in India (organised by the Centre for Culture, Media and Governance, Jamia Millia Islamia, New Delhi, September 18, 2013). Sunil Abraham gave a talk.
Syllabus: “Policy and regulation conducive to rapid ICT sector growth in Myanmar: An introductory course” (organised by LIRNEasia in collaboration with Myanmar ICT Development Organization, and with support from the Open Society Foundation and the International Development Research Centre of Canada, September 28 – October 5, 2013). Sunil Abraham is supporting Prof. Samarajiva on the last optional day of this course in Yangon.
Congress on Privacy and Surveillance (organised by Swiss Federal Institute of Technology, Lausanne, September 30, 2013). Maria Xynou participated in this event.

Cyber Security Project
Video Interview

Part 10: Interview with Lawrence Liang (September 10, 2013): In the ecology of online communication it is crucial for us to look at right to privacy and right to free speech as inseparable.

Forthcoming Events

11th India Knowledge Summit 2013 (organised by ASSOCHAM India, Hotel Shangri-La, New Delhi, October 14-15, 2013). CIS is one of the organisations supporting this event.
CYFY 2013: India Conference on Cyber Security and Cyber Governance (organised by Observer Research Foundation and the Federation of Indian Chambers of Commerce and Industry, Oberoi Hotel, New Delhi, October 14-15, 2013). Sunil Abraham will participate in this event as a speaker.

Knowledge Repository on Internet Access
CIS in partnership with the Ford Foundation is executing a project to create a knowledge repository on Internet and society. This repository will comprise content targeted primarily at civil society with a view to enabling their informed participation in the Indian Internet and ICT policy space. The repository is available at www.internet-institute.in.

Modules

International Telecommunication Union (by Snehashish Ghosh and Anirudh Sridhar, September 30, 2013).
Internet Corporation for Assigned Names and Numbers (ICANN) (by Snehashish Ghosh and Anirudh Sridhar, September 30, 2013).

Telecom

Shyam Ponappa, a Distinguished Fellow at CIS is a regular columnist with the Business Standard. The articles published on his blog Organizing India Blogspot is mirrored on our website:

Newspaper Column

Regrouping for Growth - Interest Rates – III (originally published in the Business Standard on September 4, 2013 and mirrored in Organizing India Blogspot on September 6, 2013).

Digital Natives

Digital Natives with a Cause? examines the changing landscape of social change and political participation in light of the role that young people play through digital and Internet technologies, in emerging information societies. Consolidating knowledge from Asia, Africa and Latin America, it builds a global network of knowledge partners who critically engage with discourse on youth, technology and social change, and look at alternative practices and ideas in the Global South:
Event Report

Bangalore + Sustainability Summit (organized by Ashoka India, Green Lungi and IDEX, September 21, 2013, CIS, Bangalore): Denisse Albornoz has summarised the happenings in this report.

Media Coverage

Youths brainstorm at social summit (The Times of India, September 21, 2013): A coverage of the Bangalore + Sustainability Summit hosted at CIS.

Blog Entry + Video

Revealing Protesters on the Fringe: Crucifixion Protest in Paraguay (by Denisse Albornoz, September 20, 2013): Denisse provides an analysis of the crucifix protest in Paraguay in the light of Nishant Shah’s piece: Whose Change is it Anyway?.

Digital Humanities

CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

Interview

Thinking Digital Beyond Tools: Interview with Dr. Nishant Shah (by Noopur Raval, HASTAC, September 10, 2013): Nishant speaks about his interest in digital studies, the future of humanities, and his HASTAC experience.

Event Participated In

Reclaim Open Learning Symposium (organized by the Digital Media and Learning Research Hub, University of California Humanities Research Institute, UC Irvine, September 26-27, 2013): Nishant Shah participated in this event as a panelist.

About CIS
The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

Follow us elsewhere

Twitter: https://twitter.com/CISA2K

Facebook group: https://www.facebook.com/cisa2k

Visit us at: https://meta.wikimedia.org/wiki/India_Access_To_Knowledge

E-mail: a2k@cis-india.org

Support Us
Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration:
We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org. To discuss collaborations on Indic language wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/september-2013-bulletin

Privacy (Protection) Bill, 2013: Updated Third Draft

bhairav — 2013-10-01T12:25:43Z

The Centre for Internet and Society has been researching privacy in India since 2010 with the objective of raising public awareness around privacy, completing in depth research, and driving a privacy legislation in India. As part of this work, we drafted the Privacy (Protection) Bill, 2013.

This research is being undertaken as part of the 'SAFEGUARDS' project that CIS is doing with Privacy International and IDRC. The following is the latest version with changes based on the Round Table held on August 24:

[Preamble]

CHAPTER I

Preliminary

1. Short title, extent and commencement. – (1) This Act may be called the Privacy (Protection) Act, 2013.

(2) It extends to the whole of India.

(3) It shall come into force on such date as the Central Government may, by notification in the Official Gazette, appoint.

2. Definitions. – In this Act and in any rules made thereunder, unless the context otherwise requires, –

(a) “anonymise” means, in relation to personal data, the removal of all data that may, whether directly or indirectly in conjunction with any other data, be used to identify the data subject;

(b) “appropriate government” means, in relation the Central Government or a Union Territory Administration, the Central Government; in relation a State Government, that State Government; and, in relation to a public authority which is established, constituted, owned, controlled or substantially financed by funds provided directly or indirectly –

(i) by the Central Government or a Union Territory Administration, the Central Government;

(ii) by a State Government, that State Government;

(c) “authorised officer” means an officer, not below the rank of a Gazetted Officer, of an All India Service or a Central Civil Service, as the case may be, who is empowered by the Central Government, by notification in the Official Gazette, to intercept a communication of another person or carry out surveillance of another person under this Act;

(d) “biometric data” means any data relating to the physical, physiological or behavioural characteristics of a person which allow their unique identification including, but not restricted to, facial images, finger prints, hand prints, foot prints, iris recognition, hand writing, typing dynamics, gait analysis and speech recognition;

(e) “Chairperson” and “Member” mean the Chairperson and Member appointed under sub-section (1) of section 17;

(f) “collect”, with its grammatical variations and cognate expressions, means, in relation to personal data, any action or activity that results in a data controller obtaining, or coming into the possession or control of, any personal data of a data subject;

(g) “communication” means a word or words, spoken, written or indicated, in any form, manner or language, encrypted or unencrypted, meaningful or otherwise, and includes visual representations of words, ideas, symbols and images, whether transmitted or not transmitted and, if transmitted, irrespective of the medium of transmission;

(h) “competent organisation” means an organisation or public authority listed in the Schedule;

(i) “data controller” means a person who, either alone or jointly or in concert with other persons, determines the purposes for which and the manner in which any personal data is processed;

(j) “data processor” means any person who processes any personal data on behalf of a data controller;

(k) “Data Protection Authority” means the Data Protection Authority constituted under sub-section (1) of section 17;

(l) “data subject” means a person who is the subject of personal data;

(m) “deoxyribonucleic acid data” means all data, of whatever type, concerning the characteristics of a person that are inherited or acquired during early prenatal development;

(n) “destroy”, with its grammatical variations and cognate expressions, means, in relation to personal data, to cease the existence of, by deletion, erasure or otherwise, any personal data;

(o) “disclose”, with its grammatical variations and cognate expressions, means, in relation to personal data, any action or activity that results in a person who is not the data subject coming into the possession or control of that personal data;

(p) “intelligence organisation” means an intelligence organisation under the Intelligence Organisations (Restriction of Rights) Act, 1985 (58 of 1985);

(q) “interception” or “intercept” means any activity intended to capture, read, listen to or understand the communication of a person;

(r) “personal data” means any data which relates to a natural person if that person can, whether directly or indirectly in conjunction with any other data, be identified from it and includes sensitive personal data;

(s) “prescribed” means prescribed by rules made under this Act;

(t) “process”, with its grammatical variations and cognate expressions, means, in relation to personal data, any action or operation which is performed upon personal data, whether or not by automated means including, but not restricted to, organisation, structuring, adaptation, modification, retrieval, consultation, use, alignment or destruction;

(u) “receive”, with its grammatical variations and cognate expressions, means, in relation to personal data, to come into the possession or control of any personal data;

(v) “sensitive personal data” means personal data as to the data subject’s –

(i) biometric data;

(ii) deoxyribonucleic acid data;

(iii) sexual preferences and practices;

(iv) medical history and health;

(v) political affiliation;

(vi) commission, or alleged commission, of any offence;

(vii) ethnicity, religion, race or caste; and

(viii) financial and credit information.

(w) “store”, with its grammatical variations and cognate expressions, means, in relation to personal data, to retain, in any form or manner and for any purpose or reason, any personal data;

(x) “surveillance” means any activity intended to watch, monitor, record or collect, or to enhance the ability to watch, record or collect, any images, signals, data, movement, behaviour or actions, of a person, a group of persons, a place or an object, for the purpose of obtaining information of a person;

and all other expressions used herein shall have the meanings ascribed to them under the General Clauses Act, 1897 (10 of 1897) or the Code of Criminal Procedure, 1973 (2 of 1974), as the case may be.

CHAPTER II

Regulation of Personal Data

3. Regulation of personal data. – Notwithstanding anything contained in any other law for time being in force, no person shall collect, store, process, disclose or otherwise handle any personal data of another person except in accordance with the provisions of this Act and any rules made thereunder.

4. Exemption. – Nothing in this Act shall apply to the collection, storage, processing or disclosure of personal data for personal or domestic use.

CHAPTER III

Protection of Personal Data

5. Regulation of collection of personal data. – (1) No personal data of a data subject shall be collected except in conformity with section 6 and section 7.

(2) No personal data of a data subject may be collected under this Act unless it is necessary for the achievement of a purpose of the person seeking its collection.

(3) Subject to section 6 and section 7, no personal data may be collected under this Act prior to the data subject being given notice, in such and form and manner as may be prescribed, of the collection.

6. Collection of personal data with prior informed consent. – (1) Subject to sub-section (2), a person seeking to collect personal data under this section shall, prior to its collection, obtain the consent of the data subject.

(2) Prior to a collection of personal data under this section, the person seeking its collection shall inform the data subject of the following details in respect of his personal data, namely: –

(a) when it will be collected;

(b) its content and nature;

(d) the manner in which it may be accessed, checked and modified;

(e) the security practices, privacy policies and other policies, if any, to which it will be subject;

(f) the conditions and manner of its disclosure; and

(g) the procedure for recourse in case of any grievance in relation to it.

(3) Consent to the collection of personal data under this section may be obtained from the data subject in any manner or medium but shall not be obtained as a result of a threat, duress or coercion:

Provided that the data subject may, at any time after his consent to the collection of personal data has been obtained, withdraw the consent for any reason whatsoever and all personal data collected following the original grant of consent shall be destroyed forthwith:

Provided that the person who collected the personal data in respect of which consent is subsequently withdrawn may, if the personal data is necessary for the delivery of any good or the provision of any service, not deliver that good or deny that service to the data subject who withdrew his grant of consent.

7. Collection of personal data without prior consent. – Personal data may be collected without the prior consent of the data subject if it is –

(a) necessary for the provision of an emergency medical service to the data subject;

(b) required for the establishment of the identity of the data subject and the collection is authorised by a law in this regard;

(d) necessary to prevent, investigate or prosecute a cognisable offence.

8. Regulation of storage of personal data. – (1) No person shall store any personal data for a period longer than is necessary to achieve the purpose for which it was collected or received, or, if that purpose is achieved or ceases to exist for any reason, for any period following such achievement or cessation.

(2) Save as provided in sub-section (3), any personal data collected or received in relation to the achievement of a purpose shall, if that purpose is achieved or ceases to exist for any reason, be destroyed forthwith.

(3) Notwithstanding anything contained in this section, any personal data may be stored for a period longer than is necessary to achieve the purpose for which it was collected or received, or, if that purpose has been achieved or ceases to exist for any reason, for any period following such achievement or cessation, if –

(a) the data subject grants his consent to such storage prior to the purpose for which it was collected or received being achieved or ceasing to exist;

(b) it is adduced for an evidentiary purpose in a legal proceeding; or

Provided that only that amount of personal data that is necessary to achieve the purpose of storage under this sub-section shall be stored and any personal data that is not required to be stored for such purpose shall be destroyed forthwith:

Provided further that any personal data stored under this sub-section shall, to the extent possible, be anonymised.

9. Regulation of processing of personal data. – (1) No person shall process any personal data that is not necessary for the achievement of the purpose for which it was collected or received.

(2) Save as provided in sub-section (3), no personal data shall be processed for any purpose other than the purpose for which it was collected or received.

(3) Notwithstanding anything contained in this section, any personal data may be processed for a purpose other than the purpose for which it was collected or received if –

(a) the data subject grants his consent to the processing and only that amount of personal data that is necessary to achieve the other purpose is processed;

(b) it is necessary to perform a contractual duty to the data subject;

(d) it necessary to prevent, investigate or prosecute a cognisable offence.

10. Transfer of personal data for processing. – (1) Subject to the provisions of this section, personal data that has been collected in conformity with this Act may be transferred by a data controller to a data processor, whether located in India or otherwise, if the transfer is pursuant to an agreement that explicitly binds the data processor to same or stronger measures in respect of the storage, processing, destruction, disclosure and other handling of the personal data as are contained in this Act.

(2) No data processor shall process any personal data transferred under this section except to achieve the purpose for which it was collected.

(3) A data controller that transfers personal data under this section shall remain liable to the data subject for the actions of the data processor.

11. Security of personal data and duty of confidentiality. – (1) No person shall collect, receive, store, process or otherwise handle any personal data without implementing measures, including, but not restricted to, technological, physical and administrative measures, adequate to secure its confidentiality, secrecy, integrity and safety, including from theft, loss, damage or destruction.

(2) Data controllers and data processors shall be subject to a duty of confidentiality and secrecy in respect of personal data in their possession or control.

(3) Without prejudice to the provisions of this section, a data controller or data processor shall, if the confidentiality, secrecy, integrity or safety of personal data in its possession or control is violated by theft, loss, damage or destruction, or as a result of any disclosure contrary to the provisions of this Act, or for any other reason whatsoever, notify the data subject, in such form and manner as may be prescribed, forthwith.

12. Regulation of disclosure of personal data. – Subject to section 10, section 13 and section 14, no person shall disclose, or otherwise cause any other person to receive, the content or nature of any personal data that has been collected in conformity with this Act.

13. Disclosure of personal data with prior informed consent. – (1) Subject to sub-section (2), a data controller or data processor seeking to disclose personal data under this section shall, prior to its disclosure, obtain the consent of the data subject.

(2) Prior to a disclosure of personal data under this section, the data controller or data processor, as the case may be, seeking to disclose the personal data, shall inform the data subject of the following details in respect of his personal data, namely: –

(a) when it will be disclosed;

(b) the purpose of its disclosure;

(d) the procedure for recourse in case of any grievance in relation to it.

14. Disclosure of personal data without prior consent. – (1) Subject to sub-section (2), personal data may be disclosed without the prior consent of the data subject if it is necessary –

(a) to prevent a reasonable threat to national security, defence or public order; or

(b) to prevent, investigate or prosecute a cognisable offence.

(2) No data controller or data processor shall disclose any personal data unless it has received an order in writing from a police officer not below the rank of [___] in such form and manner as may be prescribed:

Provided that an order for the disclosure of personal data made under this sub-section shall not require the disclosure of any personal data that is not necessary to achieve the purpose for which the disclosure is sought:

Provided further that the data subject shall be notified, in such form and manner as may be prescribed, of the disclosure of his personal data, including details of its content and nature, and the identity of the police officer who ordered its disclosure, forthwith.

15. Quality and accuracy of personal data. – (1) Each data controller and data processor shall, to the extent possible, ensure that the personal data in its possession or control, is accurate and, where necessary, is kept up to date.

(2) No data controller or data processor shall deny a data subject whose personal data is in its possession or control the opportunity to review his personal data and, where necessary, rectify anything that is inaccurate or not up to date.

(3) A data subject may, if he finds personal data in the possession or control of a data controller or data processor that is not necessary to achieve the purpose for which it was collected, received or stored, demand its destruction, and the data controller shall destroy, or cause the destruction of, the personal data forthwith.

16. Special provisions for sensitive personal data. – Notwithstanding anything contained in this Act and the provisions of any other law for the time being in force –

(a) no person shall store sensitive personal data for a period longer than is necessary to achieve the purpose for which it was collected or received, or, if that purpose has been achieved or ceases to exist for any reason, for any period following such achievement or cessation;

(b) no person shall process sensitive personal data for a purpose other than the purpose for which it was collected or received;

(c) no person shall disclose sensitive personal data to another person, or otherwise cause any other person to come into the possession or control of, the content or nature of any sensitive personal data, including any other details in respect thereof.

CHAPTER IV

The Data Protection Authority

17. Constitution of the Data Protection Authority. – (1) The Central Government shall, by notification, constitute, with effect from such date as may be specified therein, a body to be called the Data Protection Authority consisting of a Chairperson and not more than four other Members, to exercise the jurisdiction and powers and discharge the functions and duties conferred or imposed upon it by or under this Act.

(2) The Chairperson shall be a person who has been a Judge of the Supreme Court:

Provided that the appointment of the Chairperson shall be made only after consultation with the Chief Justice of India.

(3) Each Member shall be a person of ability, integrity and standing who has a special knowledge of, and professional experience of not less than ten years in privacy law and policy.

18. Term of office, conditions of service, etc. of Chairperson and Members. – (1) Before appointing any person as the Chairperson or Member, the Central Government shall satisfy itself that the person does not, and will not, have any such financial or other interest as is likely to affect prejudicially his functions as such Chairperson or Member.

(2) The Chairperson and every Member shall hold office for such period, not exceeding five years, as may be specified in the order of his appointment, but shall be eligible for reappointment:

Provided that no person shall hold office as the Chairperson or Member after he has attained the age of sixty-seven years.

(3) Notwithstanding anything contained in sub-section (2), the Chairperson or any Member may –

(a) by writing under his hand resign his office at any time;

(b) be removed from office in accordance with the provisions of section 19 of this Act.

(4) A vacancy caused by the resignation or removal of the Chairperson or Member under sub-section (3) shall be filled by fresh appointment.

(5) In the event of the occurrence of a vacancy in the office of the Chairperson, such one of the Members as the Central Government may, by notification, authorise in this behalf, shall act as the Chairperson till the date on which a new Chairperson, appointed in accordance with the provisions of this Act, to fill such vacancy, enters upon his office.

(6) When the Chairperson is unable to discharge his functions owing to absence, illness or any other cause, such one of the Members as the Chairperson may authorise in writing in this behalf shall discharge the functions of the Chairperson, till the date on which the Chairperson resumes his duties.

(7) The salaries and allowances payable to and the other terms and conditions of service of the Chairperson and Members shall be such as may be prescribed:

Provided that neither the salary and allowances nor the other terms and conditions of service of the Chairperson and any member shall be varied to his disadvantage after his appointment.

19. Removal of Chairperson and Members from office in certain circumstances. – The Central Government may remove from office the Chairperson or any Member, who –

(a) is adjudged an insolvent; or

(b) engages during his term of office in any paid employment outside the duties of his office; or

(d) is of unsound mind and stands so declared by a competent court; or

(e) is convicted for an offence which in the opinion of the President involves moral turpitude; or

(f) has acquired such financial or other interest as is likely to affect prejudicially his functions as a Chairperson or Member, or

(g) has so abused his position as to render his continuance in offence prejudicial to the public interest.

20. Functions of the Data Protection Authority. – (1) The Chairperson may inquire, suo moto or on a petition presented to it by any person or by someone acting on his behalf, in respect of any matter connected with the collection, storage, processing, disclosure or other handling of any personal data and give such directions or pass such orders as are necessary for reasons to be recorded in writing.

(2) Without prejudice to the generality of the foregoing provision, the Data Protection Authority shall perform all or any of the following functions, namely –

(a) review the safeguards provided by or under this Act and other law for the time being in force for the protection of personal data and recommend measures for their effective implementation;

(b) review any measures taken by any entity for the protection of personal data and take such further action is it deems fit;

(c) review any action, policy or procedure of any entity to ensure compliance with this Act and any rules made hereunder;

(d) formulate, in consultation with experts, norms for the effective protection of personal data;

(e) promote awareness and knowledge of personal data protection through any means necessary;

(f) undertake and promote research in the field of protection of personal data;

(g) encourage the efforts of non-governmental organisations and institutions working in the field of personal data protection;

(h) publish periodic reports concerning the incidence of collection, processing, storage, disclosure and other handling of personal data;

(i) such other functions as it may consider necessary for the protection of personal data.

(3) Subject to the provisions of any rules prescribed in this behalf by the Central Government, the Data Protection Authority shall have the power to review any decision, judgement, decree or order made by it.

(4) In the exercise of its functions under this Act, the Data Protection Authority shall give such directions or pass such orders as are necessary for reasons to be recorded in writing.

(5) The Data Protection Authority may, in its own name, sue or be sued.

21. Secretary, officers and other employees of the Data Protection Authority. – (1) The Central Government shall appoint a Secretary to the Data Protection Authority to exercise and perform, under the control of the Chairperson such powers and duties as may be prescribed or as may be specified by the Chairperson.

(2) The Central Government may provide the Data Protection Authority with such other officers and employees as may be necessary for the efficient performance of the functions of the Data Protection Authority.

(3) The salaries and allowances payable to and the conditions of service of the Secretary and other officers and employees of the Data Protection Authority shall be such as may be prescribed.

22. Salaries, etc. be defrayed out of the Consolidated Fund of India. – The salaries and allowances payable to the Chairperson and Members and the administrative expenses, including salaries, allowances and pension, payable to or in respect of the officers and other employees of the of the Data Protection Authority shall be defrayed out of the Consolidated Fund of India.

23. Vacancies, etc. not to invalidate proceedings of the Data Protection Authority. – No act or proceeding of the Data Protection Authority shall be questioned on the ground merely of the existence of any vacancy or defect in the constitution of the Data Protection Authority or any defect in the appointment of a person acting as the Chairperson or Member.

24. Chairperson, Members and employees of the Data Protection Authority to be public servants. – The Chairperson and Members and other employees of the Data Protection Authority shall be deemed to be public servants within the meaning of section 21 of the Indian Penal Code, 1860 (45 of 1860).

25. Location of the office of the Data Protection Authority. – The offices of the Data Protection Authority shall be in [___] or any other location as directed by the Chairperson in consultation with the Central Government.

26. Procedure to be followed by the Data Protection Authority. – (1) Subject to the provisions of this Act, the Data Protection Authority shall have powers to regulate –

(a) the procedure and conduct of its business;

(b) the delegation to one or more Members of such powers or functions as the Chairperson may specify.

(2) In particular and without prejudice to the generality of the foregoing provisions, the powers of the Data Protection Authority shall include the power to determine the extent to which persons interested or claiming to be interested in the subject-matter of any proceeding before it may be allowed to be present or to be heard, either by themselves or by their representatives or to cross-examine witnesses or otherwise take part in the proceedings:

Provided that any such procedure as may be prescribed or followed shall be guided by the principles of natural justice.

27. Power relating to inquiries. – (1) The Data Protection Authority shall, for the purposes of any inquiry or for any other purpose under this Act, have the same powers as vested in a civil court under the Code of Civil Procedure, 1908 (5 of 1908), while trying suits in respect of the following matters, namely –

(a) the summoning and enforcing the attendance of any person from any part of India and examining him on oath;

(b) the discovery and production of any document or other material object producible as evidence;

(d) the requisitioning of any public record from any court or office;

(e) the issuing of any commission for the examination of witnesses; and,

(f) any other matter which may be prescribed.

(2) The Data Protection Authority shall have power to require any person, subject to any privilege which may be claimed by that person under any law for the time being in force, to furnish information on such points or matters as, in the opinion of the Data Protection Authority, may be useful for, or relevant to, the subject matter of an inquiry and any person so required shall be deemed to be legally bound to furnish such information within the meaning of section 176 and section 177 of the Indian Penal Code, 1860 (45 of 1860).

(3) The Data Protection Authority or any other officer, not below the rank of a Gazetted Officer, specially authorised in this behalf by the Data Protection Authority may enter any building or place where the Data Protection Authority has reason to believe that any document relating to the subject matter of the inquiry may be found, and may seize any such document or take extracts or copies therefrom subject to the provisions of section 100 of the Code of Criminal Procedure, 1973 (2 of 1974), in so far as it may be applicable.

(4) The Data Protection Authority shall be deemed to be a civil court and when any offence as is described in section 175, section 178, section 179, section 180 or section 228 of the Indian Penal Code, 1860 (45 of 1860) is committed in the view or presence of the Data Protection Authority, the Data Protection Authority may, after recording the facts constituting the offence and the statement of the accused as provided for in the Code of Criminal Procedure, 1973 (2 of 1974), forward the case to a Magistrate having jurisdiction to try the same and the Magistrate to whom any such case is forwarded shall proceed to hear the complaint against the accused as if the case had been forwarded to him under section 346 of the Code of Criminal Procedure, 1973 (2 of 1974).

28. Decisions of the Data Protection Authority. – (1) The decisions of the Data Protection Authority shall be binding.

(2) In its decisions, the Data Protection Authority has the power to –

(a) require an entity to take such steps as may be necessary to secure compliance with the provisions of this Act;

(b) require an entity to compensate any person for any loss or detriment suffered;

29. Proceedings before the Data Protection Authority to be judicial proceedings. – The Data Protection Authority shall be deemed to be a civil court for the purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973 (2 of 1974), and every proceeding before the Data Protection Authority shall be deemed to be a judicial proceeding within the meaning of section 193 and section 228 and for the purposes of section 196 of the Indian Penal Code, 1860 (45 of 1860).

CHAPTER V

Regulation by Data Controllers and Data Processors

30. Co-regulation by Data Controllers and the Data Protection Authority. – (1) The Data Protection Authority may, in consultation with data controllers, formulate codes of conduct for the collection, storage, processing, disclosure or other handling of any personal data.

(2) No code of conduct formulated under sub-section (1) shall be binding on a data controller unless –

(a) it has received the written approval of the Data Protection Authority; and

(b) it has received the approval, by signature of a director or authorised signatory, of the data controller.

31. Co-regulation without prejudice to other remedies. – Any code of conduct formulated under this chapter shall be without prejudice to the jurisdiction, powers and functions of the Data Protection Authority.

32. Self-regulation by data controllers. – (1) The Data Protection Authority may encourage data controllers and data processors to formulate professional codes of conduct to establish rules for the collection, storage, processing, disclosure or other handling of any personal data.

(2) No code of conduct formulated under sub-section (1) shall be effective unless it is registered, in such form and manner as may be prescribed, by the Data Protection Authority.

(3) The Data Protection Authority shall, for reasons to be recorded in writing, not register any code of conduct formulated under sub-section (1) that is not adequate to protect personal data.

CHAPTER IV

Surveillance and Interception of Communications

33. Surveillance and interception of communication to be warranted. – Notwithstanding anything contained in any other law for the time being in force, no –

(i) surveillance shall be carried out, and no person shall order any surveillance of another person;

(ii) communication shall be intercepted, and no person shall order the interception of any communication of another person; save in execution of a warrant issued under section 36, or an order made under section 38, of this Act.

34. Application for issuance of warrant. – (1) Any authorised officer seeking to carry out any surveillance or intercept any communication of another person shall prefer an application for issuance of a warrant to the Magistrate.

(2) The application for issuance of the warrant shall be in the form and manner prescribed in the Schedule and shall state the purpose for which the warrant is sought.

(3) The application for issuance of the warrant shall be accompanied by –

(i) a report by the authorised officer of the suspicious conduct of the person in respect of whom the warrant is sought, and all supporting material thereof;

(ii) an affidavit of the authorised officer, or a declaration under his hand and seal, that the contents of the report and application are true to the best of his knowledge, information and belief, and that the warrant shall be executed only for the purpose stated in the application and shall not be misused or abused in any manner including to interfere in the privacy of any person;

(iii) details of all warrants previously issued in respect of the person in respect of whom the warrant is sought, if any.

35. Considerations prior to the issuance of warrant. – (1) No warrant shall issue unless the requirements of section 34 and this section have been met.

(2) The Magistrate shall consider the application made under section 34 and shall satisfy himself that the information contained therein sets out –

(i) a reasonable threat to national security, defence or public order; or

(ii) a cognisable offence, the prevention, investigation or prosecution of which is necessary in the public interest.

(3) The Magistrate shall satisfy himself that all other lawful means to acquire the information that is sought by the execution of the warrant have been exhausted.

(4) The Magistrate shall verify the identity of the authorised officer and shall satisfy himself that the application for issuance of the warrant is authentic.

36. Issue of warrant. – (1) Subject to section 34 and section 35, the Magistrate may issue a warrant for surveillance or interception of communication, or both of them.

(2) The Magistrate may issue the warrant in Chambers.

37. Magistrate may reject application for issuance of warrant. – If the Magistrate is not satisfied that the requirements of section 34 and section 35 have been met, he may, for reasons to be recorded in writing, –

(i) refuse to issue the warrant and dispose of the application;

(ii) return the application to the authorised officer without disposing of it;

(iii) pass any order that he thinks fit.

38. Order by Home Secretary in emergent circumstances. – (1) Notwithstanding anything contained in section 35, if the Home Secretary of the appropriate government is satisfied that a grave threat to national security, defence or public order exists, he may, for reasons to be recorded in writing, order any surveillance or interception of communication.

(2) An authorised officer seeking an order for surveillance or interception of communication under this section shall prefer an application to the Home Secretary in the form and manner prescribed in the Schedule and accompanied by the documents required under sub-section (3) of section 34.

(3) No order for surveillance or interception of communication made by the Home Secretary under this section shall be valid upon the expiry of a period of seven days from the date of the order.

(4) Before the expiry of a period of seven days from the date of an order for surveillance or interception of communication made under this section, the authorised officer who applied for the order shall place the application before the Magistrate for confirmation.

39. Duration of warrant or order. – (1) The warrant or order for surveillance or interception of communication shall specify the period of its validity and, upon its expiry, all surveillance and interception of communication, as the case may be, carried out in relation to that warrant or order shall cease forthwith:

Provided that no warrant or order shall be valid upon the expiry of a period of sixty days from the date of its issue.

(2) A warrant issued under section 36, or an order issued under section 38, for surveillance or interception of communication, or both of them, may be renewed by a Magistrate if he is satisfied that the requirements of sub-section (2) of section 35 continue to exist.

40. Duty to inform the person concerned. – Subject to sub-section (2), before the expiry of a period of sixty days from the conclusion of any surveillance or interception of communication carried out under this Act, the authorised officer who carried out the surveillance or interception of communication shall, in writing in such form and manner as may be prescribed, notify, with reference to the warrant of the Magistrate, and, if applicable, the order of the Home Secretary, each person in respect of whom the warrant or order was issued, of the fact of such surveillance or interception and duration thereof.

(2) The Magistrate may, on an application made by an authorised officer in such form and manner as may be prescribed, if he is satisfied that the notification under sub-section (1) would –

(a) present a reasonable threat to national security, defence or public order, or

(b) adversely affect the prevention, investigation or prosecution of a cognisable offence,

for reasons to be recorded in writing addressed to the authorised officer, order that the person in respect of whom the warrant or order of surveillance or interception of communication was issued, not be notified of the fact of such interception or the duration thereof:

41. Security and duty of confidentiality and secrecy. – (1) No person shall carry out any surveillance or intercept any communication of another person without implementing measures, including, but not restricted to, technological, physical and administrative measures, to secure the confidentiality and secrecy of all information obtained as a result of the surveillance or interception of communication, as the case may be, including from theft, loss or unauthorised disclosure.

(2) Any person who carries out any surveillance or interception of any communication, or who obtains any information, including personal data, as a result of surveillance or interception of communication, shall be subject to a duty of confidentiality and secrecy in respect of it.

(3) Every competent organisation shall, before the expiry of a period of one hundred days from the enactment of this Act, designate as many officers as it deems fit as Privacy Officers who shall be administratively responsible for all interceptions of communications carried out by that competent organisation.

42. Disclosure of information. – (1) Save as provided in this section, no person shall disclose to any other person, or otherwise cause any other person to come into the knowledge or possession of, the content or nature of any information, including personal data, obtained as a result of any surveillance or interception carried out under this Act.

(2) Notwithstanding anything contained in this section, if the disclosure of any information, including personal data, obtained as a result of any surveillance or interception of any communication is necessary to –

(a) prevent a reasonable threat to national security, defence or public order, or

(b) prevent, investigate or prosecute a cognisable offence,

an authorised officer may disclose the information, including personal data, to any authorised officer of any other competent organisation.

CHAPTER VI

Offences and penalties

43. Punishment for offences related to personal data. – (1) Whoever, except in conformity with the provisions of this Act, collects, receives, stores, processes or otherwise handles any personal data shall be punishable with imprisonment for a term which may extend to [___] years and may also be liable to fine which may extend to [___] rupees.

(2) Whoever attempts to commit any offence under sub section (1) shall be punishable with the punishment provided for such offence under that sub-section.

(3) Whoever, except in conformity with the provisions of this Act, collects, receives, stores, processes or otherwise handles any sensitive personal data shall be punishable with imprisonment for a term which may extend to [increased for sensitive personal data] years and and may also be liable to fine which may extend to [___] rupees.

(4) Whoever attempts to commit any offence under sub section (3) shall be punishable with the punishment provided for such offence under that sub-section.

44. Abetment and repeat offenders. – (1) Whoever abets any offence punishable under this Act shall, if the act abetted is committed in consequence of the abetment, be punishable with the punishment provided for that offence.

(2) Whoever, having been convicted of an offence under any provision of this Act is again convicted of an offence under the same provision, shall be punishable, for the second and for each subsequent offence, with double the penalty provided for that offence.

45. Offences by companies. – (1) Where an offence under this Act has been committed by a company, every person who, at the time of the offence was committed, was in charge of, and was responsible to, the company for the conduct of the business of the company, as well as the company shall be deemed to be guilty of the offence and shall be liable to be proceeded against and punished accordingly:

Provided that nothing contained in this sub-section shall render any such person liable to any punishment, if he proves that the offence was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence.

(2) Notwithstanding anything contained in sub-section (1), where any offence under this Act has been committed by a company and it is proved that the offence has been committed with the consent or connivance of, or is attributable to any neglect on the part of any director, manager, secretary or other officer of the company, such director, manager, secretary or other officer shall be deemed to be guilty of that offence, and shall be liable to be proceeded against and punished accordingly.

46. Cognisance. – Notwithstanding anything contained in the Code of Criminal Procedure, 1973 (2 of 1974), the offences under section 43, section 44 and section 45 shall be cognisable and non-bailable.

47. General penalty. – Whoever, in any case in which a penalty is not expressly provided by this Act, fails to comply with any notice or order issued under any provisions thereof, or otherwise contravenes any of the provisions of this Act, shall be punishable with fine which may extend to [___] rupees, and, in the case of a continuing failure or contravention, with an additional fine which may extend to [___] rupees for every day after the first during which he has persisted in such failure or contravention.

48. Punishment to be without prejudice to any other action. – The award of punishment for an offence under this Act shall be without prejudice to any other action which has been or which may be taken under this Act with respect to such contravention.

CHAPTER VII

Miscellaneous

49. Power to make rules. – (1) The Central Government may, by notification in the Official Gazette, make rules to carry out the provisions of this Act.

(2) In particular, and without prejudice to the generality of the foregoing power, such rules may provide for –

[__]

(3) Every rule made under this section shall be laid, as soon as may be after it is made, before each House of Parliament while it is in session for a period of thirty days which may be comprised in one session or in two successive sessions and if before the expiry of the session in which it is so laid or the session immediately following, both Houses agree in making any modification in the rule, or both Houses agree that the rule should not be made, the rule shall thereafter have effect only in such modified form or be of no effect, as the case may be, so however, that any such modification or annulment shall be without prejudice to the validity of anything previously done under that rule.

50. Bar of jurisdiction. – (1) On and from the appointed day, no court or authority shall have, or be entitled to exercise, any jurisdiction, powers or authority (except the Supreme Court and a High Court exercising powers under Article 32, Article 226 and Article 227 of the Constitution) in relation to matters specified in this Act.

(2) No order passed under this Act shall be appealable except as provided therein and no civil court shall have jurisdiction in respect of any matter which the Data Protection Authority is empowered by, or under, this Act to determine and no injunction shall be granted by any court or other authority in respect of any action taken or to be taken in pursuance of any power conferred by or under this Act.

51. Protection of action taken in good faith. – No suit or other legal proceeding shall lie against the Central Government, State Government, Data Protection Authority, Chairperson, Member or any person acting under the direction either of the Central Government, State Government, Data Protection Authority, Chairperson or Member in respect of anything which is in good faith done or intended to be done in pursuance of this Act or of any rules or any order made thereunder.

52. Power to remove difficulties. – (1) If any difficulty arises in giving effect to the provisions of this Act, the Central Government may, by order, published in the Official Gazette, make such provisions, not inconsistent with the provisions of this Act, as appears to it to be necessary or expedient for removing the difficulty:

Provided that no such order shall be made under this section after the expiry of a period of three years from the commencement of this Act.

(2) Every order made under this section shall be laid, as soon as may be after it is made, before each House of Parliament.

53. Act to have overriding effect. – The provisions of this Act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force.

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-updated-third-draft

Privacy Protection Bill (September 2013)

praskrishna — 2013-09-27T14:03:52Z

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-september-2013.pdf

CIS and International Coalition Calls upon Governments to Protect Privacy

elonnai — 2013-09-25T07:21:09Z

The Centre for Internet and Society (CIS) along with the International Coalition has called upon governments across the globe to protect privacy.

On September 20 in Geneva, CIS joined a huge international coalition in calling upon countries across the globe, including India to assess whether national surveillance laws and activities are in line with their international human rights obligations.

The Centre for Internet and Society has endorsed a set of international principles against unchecked surveillance. The 13 Principles set out for the first time an evaluative framework for assessing surveillance practices in the context of international human rights obligations.

A group of civil society organizations officially presented the 13 Principles this past Friday in Geneva at a side event attended by Navi Pillay, the United Nations High Commissioner for Human Rights and the United Nations Special Rapporteur on Freedom of Expression and Opinion, Frank LaRue, during the 24th session of the Human Rights Council. The side event was hosted by the Permanent Missions of Austria, Germany, Liechtenstein, Norway, Switzerland and Hungary.

Elonnai Hickok, Programme Manager at the Centre for Internet and Society has noted that "the 13 Principles are an important first step towards informing governments, corporates, and individuals across jurisdictions, including India, about needed safeguards for surveillance practices and related policies to ensure that they are necessary and proportionate."

Navi Pillay, the United Nations High Commissioner for Human Rights, speaking at the Human Rights Council stated in her opening statement on September 9:

"Laws and policies must be adopted to address the potential for dramatic intrusion on individuals’ privacy which have been made possible by modern communications technology."

Navi Pillay, the United Nations High Commissioner for Human Rights, speaking at the event, said that:

"technological advancements have been powerful tools for democracy by giving access to all to participate in society, but increasing use of data mining by intelligence agencies blurs lines between legitimate surveillance and arbitrary mass surveillance."

Frank La Rue, the United Nations Special Rapporteur on Freedom of Expression and Opinion made clear the case for a direct relationship between state surveillance, privacy and freedom of expression in this latest report to the Human Rights Council:

"The right to privacy is often understood as an essential requirement for the realization of the right to freedom of expression. Undue interference with individuals’ privacy can both directly and indirectly limit the free development and exchange of ideas. … An infringement upon one right can be both the cause and consequence of an infringement upon the other."

Speaking at the event, the UN Special Rapporteur remarked that:

"previously surveillance was carried out on targeted basis but the Internet has changed the context by providing the possibility for carrying out mass surveillance. This is the danger."

Representatives of the Centre for Internet and Society, Privacy International, the Electronic Frontier Foundation,Access,Human Rights Watch,Reporters Without Borders, Association for Progressive Communications, and theCenter for Democracy and Technology all are taking part in the event.

Find out more about the Principles at https://NecessaryandProportionate.org

Contacts

NGOs currently in Geneva for the 24^th Human Rights Council:

Access
Fabiola Carrion: fabiola@accessnow.org

Association for Progressive Communication
Shawna Finnegan: shawna@apc.org

Center for Democracy and Technology
Matthew Shears: mshears@cdt.org

Electronic Frontier Foundation
Katitza Rodriguez: katitza@eff.org - @txitua

Human Rights Watch
Cynthia Wong: wongc@hrw.org

Privacy International
Carly Nyst: carly@privacy.org

Reporters Without Borders
Lucie Morillon: lucie.morillon@rsf.org
Hélène Sackstein: helsack@gmail.com

Signatories

Argentina
Ramiro Alvarez: rugarte@adc.org.ar
Asociación por los Derechos Civiles

Argentina
Beatriz Busaniche: bea@vialibre.org.ar
Fundación Via Libre

Colombia
Carolina Botero: carobotero@gmail.com
Fundación Karisma

Egypt
Ahmed Ezzat: ahmed.ezzat@afteegypt.org
Afteegypt

Honduras
Hedme Sierra-Castro: hedme.sc@gmail.com
ACI-Participa

India
Elonnai Hickok: elonnai@cis-india.org
Center for Internet and Society

Korea
Prof. Park: kyungsinpark@korea.ac.kr
Open Net Korea

Macedonia
Bardhyl Jashari: info@metamorphosis.org.mk
Metamorphosis Foundation for Internet and Society

Mauritania, Senegal, Tanzania
Abadacar Diop: jonction_jonction@yahoo.fr
Jonction

Portugal
Andreia Martins: andreia@coolpolitics.pt
ASSOCIAÇÃO COOLPOLITICS

Peru
Miguel Morachimo: morachimo@gmail.com
Hiperderecho

Russia
Andrei Soldatov: soldatov@agentura.ru
Agentura.ru

Serbia
Djordje Krivokapic: krivokapic@gmail.com
SHARE Foundation

Western Balkans
Valentina Pellizer: valentina.pellizzer@oneworldsee.org
Oneworldsee

Brasil
Marcelo Saldanha: instituto@bemestarbrasil.org.br
IBEBrasil

For more details visit https://cis-india.org/internet-governance/blog/cis-and-international-coalition-calls-upon-governments-to-protect-privacy

FOSS Poster

praskrishna — 2013-09-24T08:58:38Z

For more details visit https://cis-india.org/openness/blog-old/foss-poster.pdf

The Central Monitoring System: Some Questions to be Raised in Parliament

bhairav — 2013-09-25T10:30:10Z

The following are some model questions to be raised in the Parliament regarding the lack of transparency in the central monitoring system.

Preliminary

The Central Monitoring System (CMS) is a Central Government project to intercept communications, both voice and data, that is transmitted via telephones and the internet to, from and within India. Owing to the vast nature of this enterprise, the CMS cannot be succinctly described and the many issues surrounding this project are diverse. This Issue Brief will outline preliminary constitutional, legal and technical concerns that are presented by the CMS.
At the outset, it must be clearly understood that no public documentation exists to explain the scope, functions and technical architecture of the CMS. This lack of transparency is the single-largest obstacle to understanding the Central Government’s motives in conceptualising and operationalizing the CMS. This lack of public documentation is also the chief reason for the brevity of this Issue Note. Without making public the policy, law and technical abilities of the CMS, there cannot be an informed national debate on the primary concerns posed by the CMS, i.e the extent of envisaged state surveillance upon Indian citizens and the safeguards, if any, to protect the individual right to privacy.

Surveillance and Privacy

Surveillance is necessary to secure political organisation. Modern nation-states, which are theoretically organised on the basis of shared national and societal characteristics, require surveillance to detect threats to these characteristics. In democratic societies, beyond the immediate requirements of national integrity and security, surveillance must be targeted at securing the safety and rights of individual citizens. This Issue Brief does not dispute the fact that democratic countries, such as India, should conduct surveillance to secure legitimate ends. Concerns, however, arise when surveillance is conducted in a manner unrestricted and unregulated by law; these concerns are compounded when a lack of law is accompanied by a lack of transparency.
Technological advancement leads to more intrusive surveillance. The evolution of surveillance in the United States resulted, in 1967, in the first judicial recognition of the right to privacy. In Katz v. United States the US Supreme Court ruled that the privacy of communications had to be balanced with the need to conduct surveillance; and, therefore, wiretaps had to be warranted, judicially sanctioned and supported by probable cause. Katz expanded the scope of the Fourth Amendment of the US Constitution, which protected against unreasonable searches and seizures. Most subsequent US legal developments relating to the privacy of communications from surveillance originate in the Katz judgement. Other common law countries, such as the United Kingdom and Canada, have experienced similar judicial evolution to recognise that the right to privacy must be balanced with governance.

Right to Privacy in India

Unfortunately, India does not have a persuasive jurisprudence of privacy protection. In the Kharak Singh (1964) and Gobind (1975) cases, the Supreme Court of India considered the question of privacy from physical surveillance by the police in and around the homes of suspects. In the latter case, the Supreme Court found that some of the Fundamental Rights “could be described as contributing to the right to privacy” which was nevertheless subject to a compelling public interest. This insipid inference held the field until 1994 when, in the Rajagopal (“Auto Shankar”, 1994) case, the Supreme Court, for the first time, directly located privacy within the ambit of the right to personal liberty recognised by Article 21 of the Constitution. However, Rajagopal dealt specifically with the publication of an autobiography, it did not consider the privacy of communications. In 1997, the Supreme Court considered the question of wiretaps in the PUCL case. While finding that wiretaps invaded the privacy of communications, it continued to permit them subject to some procedural safeguards which continue to be routinely ignored. A more robust statement of the right to privacy was made recently by the Delhi High Court in the Naz Foundation case (2011) that de-criminalised consensual homosexual acts; however, this judgment has been appealed to the Supreme Court.

Issues Pertaining to the CMS

While judicial protection from physical surveillance was cursorily dealt with in the Kharak Singh and Gobind cases, the Supreme Court of India directly considered the issue of wiretaps in the PUCL case. Wiretaps in India primarily occur on the strength of powers granted to certain authorities under section 5(2) of the Indian Telegraph Act, 1885. The Court found that the Telegraph Act, and Rules made thereunder, did not prescribe adequate procedural safeguards to create a “just and fair” mechanism to conduct wiretaps. Therefore, it laid down the following procedure to conduct wiretaps:

(a) the order should be issued by the relevant Home Secretary (this power is delegable to a Joint Secretary),
(b) the interception must be carried out exactly in terms of the order and not in excess of it,
(c) a determination of whether the information could be reasonably secured by other means,
(d) the interception shall cease after sixty (60) days.

Therefore, prima facie, any voice interception conducted through the CMS will be in violation of this Supreme Court judgement. The CMS will enforce blanket surveillance upon the entire country without regard for reasonable cause or necessity. This movement away from targeted surveillance to blanket surveillance without cause, conducted without statutory sanction and without transparency, is worrying.
Accordingly, the following questions may be raised, in Parliament, to learn more about the CMS project:

Which statutes, Government Orders, notifications etc deal with the establishment and maintenance of the CMS?
Which is the nodal agency in charge of implementing the CMS?
What are the powers and functions of the nodal agency?
What guarantees exist to protect ordinary Indian citizens from intrusive surveillance without cause?
What are the technical parameters of the CMS?
What are the consequences for misuse or abuse of powers by any person working in the CMS project?
What recourse is available to Indian citizens against whom there is unnecessary surveillance or against whom there has been a misuse or abuse of power?

For more details visit https://cis-india.org/internet-governance/blog/central-monitoring-system-questions-to-be-asked-in-parliament

The National Privacy Roundtable Meetings

bhairav — 2014-03-21T10:03:44Z

The Centre for Internet & Society ("CIS"), the Federation of Indian Chambers of Commerce and Industry ("FICCI"), the Data Security Council of India ("DSCI") and Privacy International are, in partnership, conducting a series of national privacy roundtable meetings across India from April to October 2013. The roundtable meetings are designed to discuss possible frameworks to privacy in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Background: The Roundtable Meetings and Organisers

CIS is a Bangalore-based non-profit think-tank and research organisation with interests in, amongst other fields, the law, policy and practice of free speech and privacy in India. FICCI is a non-governmental, non-profit association of approximately 250,000 Indian bodies corporate. It is the oldest and largest organisation of businesses in India and represents a national corporate consensus on policy issues. DSCI is an initiative of the National Association of Software and Service Companies, a non-profit trade association of Indian information technology ("IT") and business process outsourcing ("BPO") concerns, which promotes data protection in India. Privacy International is a London-based non-profit organisation that defends and promotes the right to privacy across the world.

Privacy in the Common Law and in India

Because privacy is a multi-faceted concept, it has rarely been singly regulated. A taxonomy of privacy yields many types of individual and social activity to be differently regulated based on the degree of harm that may be caused by intrusions into these activities.[1]

The nature of the activity is significant; activities that are implicated by the state are attended by public law concerns and those conducted by private persons inter se demand market-based regulation. Hence, because the principles underlying warranted police surveillance differ from those prompting consensual collections of personal data for commercial purposes, legal governance of these different fields must proceed differently. For this and other reasons, the legal conception of privacy — as opposed to its cultural construction – has historically been diverse and disparate.

Traditionally, specific legislations have dealt separately with individual aspects of privacy in tort law, constitutional law, criminal procedure and commercial data protection, amongst other fields. The common law does not admit an enforceable right to privacy.[2] In the absence of a specific tort of privacy, various equitable remedies, administrative laws and lesser torts have been relied upon to protect the privacy of claimants.[3]

The question of whether privacy is a constitutional right has been the subject of limited judicial debate in India. The early cases of Kharak Singh (1964)[4] and Gobind (1975)[5] considered privacy in terms of physical surveillance by the police in and around the homes of suspects and, in the latter case, the Supreme Court of India found that some of the Fundamental Rights “could be described as contributing to the right to privacy” which was nevertheless subject to a compelling public interest. This inference held the field until 1994 when, in the Rajagopal case (1994),[6] the Supreme Court, for the first time, directly located privacy within the ambit of the right to personal liberty guaranteed by Article 21 of the Constitution of India. However, Rajagopal dealt specifically with a book, it did not consider the privacy of communications. In 1997, the Supreme Court considered the question of wiretaps in the PUCL case (1996)[7] and, while finding that wiretaps invaded the privacy of communications, it continued to permit them subject to some procedural safeguards.[8] A more robust statement of the right to privacy was made recently by the Delhi High Court in the Naz Foundation case (2011)[9] that de-criminalised consensual homosexual acts; however, this judgment is now in appeal.

Attempts to Create a Statutory Regime

The silence of the common law leaves the field of privacy in India open to occupation by statute. With the recent and rapid growth of the Indian IT and BPO industry, concerns regarding the protection of personal data to secure privacy have arisen. In May 2010, the European Union ("EU") commissioned an assessment of the adequacy of Indian data protection laws to evaluate the continued flow of personal data of European data subjects into India for processing. That assessment made adverse findings on the adequacy and preparedness of Indian data protection laws to safeguard personal data.[10]

Conducted amidst negotiations for a free trade agreement between India and the EU, the failed assessment potentially impeded the growth of India’s outsourcing industry that is heavily reliant on European and North American business.

Consequently, the Department of Electronics and Information Technology of the Ministry of Communications and Information Technology, Government of India, issued subordinate legislation under the rule-making power of the Information Technology Act, 2000 ("IT Act"), to give effect to section 43A of that statute. These rules – the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("Personal Data Rules")[11] — were subsequently reviewed by the Committee on Subordinate Legislation of the 15^th Lok Sabha.[12] The Committee found that the Personal Data Rules contained clauses that were ambiguous, invasive of privacy and potentially illegal.[13]

In 2011, a draft privacy legislation called the ‘Right to Privacy Bill, 2011’, which was drafted within the Department of Personnel and Training ("DoPT") of the Ministry of Personnel, Public Grievances and Pensions, Government of India, was made available on the internet along with several file notings ("First DoPT Bill"). The First DoPT Bill contained provisions for the regulation of personal data, interception of communications, visual surveillance and direct marketing. The First DoPT Bill was referred to a Committee of Secretaries chaired by the Cabinet Secretary which, on 27 May 2011, recommended several changes including re-drafts of the chapters relating to interception of communications and surveillance.

Aware of the need for personal data protection laws to enable economic growth, the Planning Commission constituted a Group of Experts under the chairmanship of Justice Ajit P. Shah, a retired Chief Justice of the Delhi High Court who delivered the judgment in the Naz Foundation case, to study foreign privacy laws, analyse existing Indian legal provisions and make specific proposals for incorporation into future Indian law. The Justice Shah Group of Experts submitted its Report to the Planning Commission on 16 October 2012 wherein it proposed the adoption of nine National Privacy Principles.[14] These are the principles of notice, choice and consent, collection limitation, purpose limitation, disclosure of information, security, openness, and accountability. The Report recommended the application of these principles in laws relating to interception of communications, video and audio recordings, use of personal identifiers, bodily and genetic material, and personal data.

Criminal Procedure and Special Laws Relating to Privacy

While the Kharak Singh and Gobind cases first brought the questions of permissibility and limits of police surveillance to the Supreme Court, the power to collect information and personal data of a person is firmly embedded in Indian criminal law and procedure. Surveillance is an essential condition of the nation-state; the inherent logic of its foundation requires the nation-state to perpetuate itself by interdicting threats to its peaceful existence. Surveillance is a method by which the nation-state’s agencies interdict those threats. The challenge for democratic countries such as India is to find the optimal balance between police powers of surveillance and the essential freedoms of its citizens, including the right to privacy.

The regime governing the interception of communications is contained in section 5(2) of the Indian Telegraph Act, 1885 ("Telegraph Act") read with rule 419A of the Indian Telegraph Rules, 1951 ("Telegraph Rules"). The Telegraph Rules were amended in 2007[15] to give effect to, amongst other things, the procedural safeguards laid down by the Supreme Court in the PUCL case. However, India’s federal scheme permits States to also legislate in this regard. Hence, in addition to the general law on interceptions contained in the Telegraph Act and Telegraph Rules, some States have also empowered their police forces with interception functions in certain cases.[16] Ironically, even though some of these State laws invoke heightened public order concerns to justify their invasions of privacy, they establish procedural safeguards based on the principle of probable cause that surpasses the Telegraph Rules.

In addition, further subordinate legislation issued to fulfil the provisions of sections 69(2) and 69B(3) of the IT Act permit the interception and monitoring of electronic communications — including emails — to collect traffic data and to intercept, monitor, and decrypt electronic communications.[17]

The proposed Privacy (Protection) Bill, 2013 and Roundtable Meetings

In this background, the proposed Privacy (Protection) Bill, 2013 seeks to protect privacy by regulating (i) the manner in which personal data is collected, processed, stored, transferred and destroyed — both by private persons for commercial gain and by the state for the purpose of governance; (ii) the conditions upon which, and procedure for, interceptions of communications — both voice and data communications, including both data-in-motion and data-at-rest — may be conducted and the authorities permitted to exercise those powers; and, (iii) the manner in which forms of surveillance not amounting to interceptions of communications — including the collection of intelligence from humans, signals, geospatial sources, measurements and signatures, and financial sources — may be conducted.

Previous roundtable meetings to seek comments and opinion on the proposed Privacy (Protection) Bill, 2013 took place at:

New Delhi: April 13, 2013 (http://bit.ly/17REl0W) with 45 participants;
Bangalore: April 20, 2013 (http://bit.ly/162t8rU) with 45 participants;
Chennai: May 18, 2013 (http://bit.ly/12ICGYD) with 25 participants.
Mumbai, June 15, 2013 (http://bit.ly/12fJSvZ) with 20 participants;
Kolkata: July 13, 2013 (http://bit.ly/11dgINZ) with 25 participants; and
New Delhi: August 24, 2013 (http://bit.ly/195cWIf) with 40 participants.

The roundtable meetings were multi-stakeholder events with participation from industry representatives, lawyers, journalists, civil society organizations and Government representatives. On an average, 75 per cent of the participants represented industry concerns, 15 per cent represented civil society and 10 per cent represented regulatory authorities. The model followed at the roundtable meetings allowed for equal participation from all participants.

[1]. See generally, Dan Solove, “A Taxonomy of Privacy” University of Pennsylvania Law Review (Vol. 154, No. 3, January 2006).

[2]. Wainwright v. Home Office [2003] UKHL 53.

[3]. See A v. B plc [2003] QB 195; Wainwright v. Home Office [2001] EWCA Civ 2081; R (Ellis) v. Chief Constable of Essex Police [2003] EWHC 1321 (Admin).

[4]. Kharak Singh v. State of Uttar Pradesh AIR 1963 SC 1295.

[5]. Gobind v. State of Madhya Pradesh AIR 1975 SC 1378.

[6]. R. Rajagopal v. State of Tamil Nadu AIR 1995 SC 264.

[7]. People’s Union for Civil Liberties v. Union of India (1997) 1 SCC 30.

[8]. A Division Bench of the Supreme Court of India comprising Kuldip Singh and Saghir Ahmad, JJ, found that the procedure set out in section 5(2) of the Indian Telegraph Act, 1885 and rule 419 of the Indian Telegraph Rules, 1951 did not meet the “just, fair and reasonable” test laid down in Maneka Gandhi v. Union of India AIR 1978 SC 597 requisite for the deprivation of the right to personal liberty, from whence the Division Bench found a right to privacy emanated, guaranteed under Article 21 of the Constitution of India. Therefore, Kuldip Singh, J, imposed nine additional procedural safeguards that are listed in paragraph 35 of the judgment.

[9]. Naz Foundation v. Government of NCT Delhi (2009) 160 DLT 277.

[10]. The 2010 data adequacy assessment of Indian data protection laws was conducted by Professor Graham Greenleaf. His account of the process and his summary of Indian law can found at Graham Greenleaf, "Promises and Illusions of Data Protection in Indian Law" International Data Privacy Law (47-69, Vol. 1, No. 1, March 2011).

[11]. The Rules were brought into effect vide Notification GSR 313(E) on 11 April 2011. CIS submitted comments on the Rules that can be found here – http://cis-india.org/internet-governance/blog/comments-on-the-it-reasonable-security-practices-and-procedures-and-sensitive-personal-data-or-information-rules-2011.

[12]. The Committee on Subordinate Legislation, a parliamentary ‘watchdog’ committee, is mandated by rules 317-322 of the Rules of Procedure and Conduct of Business in the Lok Sabha (14^th edn., New Delhi: Lok Sabha Secretariat, 2010) to examine the validity of subordinate legislation.

[13]. See the 31^st Report of the Committee on Subordinate Legislation that was presented on 21 March 2013.

[14]. See paragraphs 7.14-7.17 on pages 69-72 of the Report of the Group of Experts on Privacy, 16 October 2012, Planning Commission, Government of India.

[15]. See, the Indian Telegraph (Amendment) Rules, 2007, which were brought into effect vide Notification GSR 193(E) of the Department of Telecommunications of the Ministry of Communications and Information Technology, Government of India, dated 1 March 2007.

[16]. See, inter alia, section 14 of the Maharashtra Control of Organised Crime Act, 1999; section 14 of the Andhra Pradesh Control of Organised Crime Act, 2001; and, section 14 of the Karnataka Control of Organised Crime Act, 2000.

[17]. See, the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data and Information) Rules, 2009 vide GSR 782 (E) dated 27 October 2009; and, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 vide GSR 780 (E) dated 27 October 2009.

For more details visit https://cis-india.org/internet-governance/blog/national-privacy-roundtable-meetings

e - DIRAP Google+ Hangout: Open Government

Christine Apikul — 2013-09-18T10:43:30Z

The e-DIRAP Hangout on Open Government was held on Thursday, 25 July 2013. It brought together nine professionals from Australia, India, Indonesia, Japan, Malaysia and the Philippines to discuss the wide spectrum of issues surrounding open government.

See the original published in Digital Review Asia here

The idea of open government has been around for hundreds of years but the contemporary use of the term is influenced by the rapid advancement of ICTs and by the open source movement. "Just as open source software allows users to change and contribute to the source code of their software, open government now means government where citizens not only have access to information, documents and proceedings, but can also become participants in a meaningful way."[1] There is now increasing pressure for governments to be more open with their digital documents and processes, and to interact with citizens.

To assess whether your government is open, a good starting point is the Open Government Partnership minimum eligibility criteria that has four key areas:[2]

Fiscal transparency related to open budget system
Access to information, e.g. an access to information law that guarantees the public’s right to information and access to government data.
Disclosures related to elected or senior public officials, e.g. public disclosure of their income and assets.
Citizen engagement.

The panelists discussed open government initiatives in their respective countries, the challenges they face, and open source tools for open government.

Open Government Initiatives

India
The Government of India has decided to use royalty free open standards for all e-government data. The government has also shortlisted a number of open standards. India’s data portal, data.gov.in was recently launched and the number of datasets has been increasing. In January 2013 there were 89 datasets and in half a year,this has increased to over 3,000 datasets. Forty-five government departments are involved in this initiative and six apps have been created. The Planning Commission recently had a hackathon participated by about 1,900 people.

Indonesia
Indonesia is one of the founding governments of the Open Government Partnership.[3] along with the Philippines and six other countries. The emphasis of open government in Indonesia is not only the "supply side" (i.e. government providing access to data and information). It is also looking at generating demand for open government by empowering citizens to access and analyse data and information, voice their concerns and advocate for openness in government. To empower citizens, the Government of Indonesia has a number of projects such as "Satu Layanan"[4] or "One Service", a web portal where citizens can find government information and services; “One Map”, to promote collaboration between different government ministries and agencies, and also civil society in integrating datasets; and "Lapor"[5] that allow citizens to report wrongdoings in public services using SMS, Twitter or through the website.

According to a research study conducted by the World Wide Web Foundation,[6] the Government of Indonesia is working on making public data available. Public data includes social - economic data, development data and census data held by the National Statistic Bureau, as well as information on how the data is obtained and measured.

The research report also found that that there is a low demand from civil society and citizens for open government and open data. Moreover, cooperation between civil society and government in the implementation of open government is not strong enough. Several donors in Indonesia have provided support to develop the capacity of civil society groups that are part of the Steering Committee of the Open Government Partnership. Hivos’ Southeast Asia Technology and Transparency Initiative[7] is working with both civil society and government in Indonesia and the Philippines to promote transparency and accountability in public institutions.

Japan
In Japan, the major focus is in the creation and launch of the open data portal this year. How much impact it will make and how it can be measured is a concern, and this is a worldwide challenge.

Malaysia
The Sinar Project[8] in Malaysia promotes transparency, governance and citizen involvement, and uses open source technology to make information accessible to Malaysian citizens. The project has learned that for countries with poor democracy like Malaysia, basic information about government is available but not easily accessible to the public. The government is not familiar with interacting with citizens especially online. Unlike places with advanced statistics and open data, open government in Malaysia is at a nascent stage and is about having information about government representatives online and what bills are being passed in parliament.

Philippines
In the Philippines, President Aquino announced that the Freedom of Information Bill will be a priority bill for Congress this year, but citizens are cynical about the passing of this bill because it has been under consideration for three years. The Office of the President has received support from the World Bank last year for an Open Data Project using CKAN and the open data portal will be at http://data.gov.ph. The Philippine Government Interoperability Framework was convened last week.

PhilHealth or the Philippine Health Insurance Corporation[9] attempted to open up data, however even though there was political will to open up data, this was insufficient. A clear policy framework and change management (particularly, removing the fear of openness among employees) was needed.

Moreover, PhilHealth did not have the capacity and competency to ensure that the health data released, that includes diagnosis and treatment procedures, will not be reverse engineered to identify people. Health data is particularly sensitive due to the social stigma of certain health disorders, for example, those with tuberculosis may be assumed to have HIV/AIDS. When data is opened up, there are security and privacy implications. Developing countries need help and it is important to work together to come up with policies, protocols and algorithms to protect the health privacy of citizens.

Melbourne, Australia
In Melbourne, Australia, local government efforts to engage with citizens more fully through online and offline platforms include experimenting with wiki-based policy development, smart cities initiatives and digital strategies. Through conversations with policymakers, some key themes were identified. First, openness is not the same as participation, and encouraging effective participation is a challenge. Public spaces need to be “programmed” to support participation, and opening up data is not sufficient. It is necessary to develop strategies for outreach to a diverse group and encourage substantive participation particularly from those who are not online and not as competent in data management.

Secondly, because many telecommunications platforms that make data available are privately owned, there is a tension between commercial interest for secrecy and public demand to make data open. It is also a challenge for government to engage with citizens over an infrastructure that is privately owned, e.g. Facebook, Twitter and Google that place constraints on how citizens can be engaged.

Malaysia, Singapore and Thailand with high levels of digital broadband penetration and online users are not part of the Open Government Partnership despite the fact that most of the government departments and data are online. This is because these countries do not meet the minimum eligibility criteria for Open Government Partnership. For instance, they do not have freedom of the press and without it media and civil society cannot make use of the data for reporting for fear of prosecution.

There is also a lack of political will to disclose assets of public officials and procurement decisions.

Challenges
Open data is often associated with open government, but opening up data does not make a government open. Making data open has a set of challenges, but open government also has an important civil society component to create demand for open government and make meaningful use of the open data. There is also a private sector component that needs to be considered, particularly related to the mechanisms public participation over privately owned telecommunications infrastructure.

Challenges are faced at both the supply and demand sides. From the government side, many countries do not have the capacity to interact effectively with citizens. From the citizens’ side, many countries face the low demand for open government. Yet, in the case of Malaysia, even if public demand for open government is high, the missing component is a strong and large enough civil society base that can handle and analyse data independently and question policy. Dealing with the demand when data is open is another challenge. The challenges of opening up data If the original data is not digitized, how do we ensure that it becomes part of open data as defined by the Open Knowledge Foundation.[10] For countries such as Iraq that are simultaneously introducing e-government systems and open government, implementation is hampered by the lack of e-government data standards for specific domains such as human resources management or financial management.

Privacy

Privacy is one of the biggest concerns that the open data and open government movements faces.

Lack of exposure to privacy issues: Some open data activists are not aware that privacy should be an exception in disclosure requirement of government open data policies. If no public interest is served through disclosing personal information then there is no need to infringe upon the rights of individuals.

Privacy only for the individual: There is often a western notion of what constitutes privacy in which people worry about privacy infringement only at the level of the individual. But in India, if the open dataset showed HIV/AIDS prevalence at the village level that could result in stigma and discrimination of particular villages. The privacy problem exists not only at the individual level, but also at the level of family, community and geographical unit.

Underestimating re-identification research: Today we deal with the privacy challenge by using techniques like anonymization and obfuscation, but the problem is that re-identification research is getting more sophisticated and the more datasets that people have access to and are able to overlay upon one another, the more likely it is to re-identify anonymous or obfuscated data. This is an issue that the open data movement should take seriously.

Conflict with the transparency movement: The open data movement has not fully adopted principles from the transparency movement. This can be clearly seen in some countries where freedom of information activists are being killed or assaulted, but open data activists are usually safe because they are focused on analyzing the data that the governments have opened up. The provision of large quantities of data by government may be a distraction strategy that takes away what is important for civil society and democracy. Moreover, open data should not be the means to legitimize and increase the levels of surveillance occurring at the bottom of the pyramid. Instead, we need to encourage more eyes to watch the top of the pyramid because single actions there can have dramatic consequences for public interest.

For public participation in local government, FixMyStreet[11] is an open source software first developed by MySociety in the UK that allows the public to report on issues on a map. MySociety has also developed a number of other tools to help with government’s engagement with citizens.

OpenSpending[12] is used to visualize budget data and how tax money is being spent. This is a useful tool for transparency developed by the Open Knowledge Foundation.

CKAN[13] is an open source data portal platform that many countries have used for their open data portal. This is also an Open Knowledge Foundation project.

The Sunlight Foundation[14] and Code for America[15] are organizations that develop a number of open source tools that can be re-used and adapted by countries in Asia and the Pacific.

A free de-identification software for automated location and removal of protected health information in free text from medical records has been developed by PhysioNet.[16]

The Strategic Alliance Against Impoverishment (SAPA) provides poverty data on their website and maps the location of their projects.[17]

Final Words for the Way Forward

Make open government an election issue and elect officials that are open.

Demands for engagement may conflict with political goals of representatives in terms of the election cycle. Perhaps these open government issues need a third space to insulate them from political forces.

For people interested in implementing technical solutions, it is important to also look into non-technical issues raised by the Open Government Partnership and the Declaration on Parliamentary Openness.[18]

Make data available based on the needs of citizens and provide a platform for citizens’ feedback to inform the kinds of data to open up.

Open government should be relevant to citizens and result in improving the welfare of citizens.

Improve citizens’ data literacy and use open data in decision-making.

Openness is only a means and in the end we need governments that are accountable, that protect the public interest, that protect the weakest members of society, and they are not automatically guaranteed through open government. We should not fetishize the means and forget the ends.

At the top we need political leadership with strong inclination and will, and on the ground we need close coordination between civil society and government so that government does understand what is needed and sense what impact they can make by opening themselves up to their society or to their own operations. In the long term the key is how much the government can transform itself in terms of its own operations, and how much data they can produce in a reusable format and how much data they can use from other agencies to improve their operations.

The core of open government is about partnership between government, civil society and the private sector, and this is not easy.

Panelists

Danny Butt, Research Fellow in Participatory Public Space, University of Melbourne, Australia
Sunil Abraham, Executive Director, Centre for Internet and Society, India
Venkatesh Hariharan, Director, Knowledge Commons, India (previously, Head of Public Policy at Google India)
Maryati Abdullah, National Coordinator, Publish What You Pay, Indonesia (also Steering Committee Member of Open Government Partnership)
Yanuar Nugroho, Director and Expert Adviser to the Head of the President's Delivery Unit for Development Monitoring and Oversight (UKP4), Indonesia – to be confirmed
Tomoaki Watanabe, Executive Research Fellow, Centre for Global Communications, International University of Japan (also Executive Director of Common Sphere - the host of Creative Commons Japan, and Co-founder of Open Knowledge Foundation Japan)
Shita Laksmi, Program Manager, Southeast Asia Technology and Transparency Initiative, Hivos Regional Office Southeast Asia
Alvin B. Marcelo, Co-chair, Asia eHealth Information Network

Moderator: Khairil Yusof, Co-founder, Sinar Project, Malaysia (also e-DIRAP team member)

e-DIRAP Hangout Coordinator: Christine Apikul

[1]. See 20 Basics of Open Government, http://basics.open4m.org/

[2]. http://www.opengovpartnership.org/eligibility

[3]. http://www.opengovpartnership.org

[4]. http://satulayanan.net

[5]. http://lapor.ukp.go.id; See also http://www.techinasia.com/lapor-deeper-indonesias-newest-anticorruption-weapon/

[6]. “Even though the Law on Freedom of Information has been in place for five years and while some ministries and agencies have made data available online, it is often difficult to obtain and make use of the data due to bureaucratic procedures, charging requirements, copyright restrictions or a general reluctance to provide access to government data to external users.” World Wide Web Foundation, Open Government Data: Readiness Assessment Indonesia, 28 June 2013, http://www.webfoundation.org/2013/06/new-research-open-data-in-indonesia/

[7]. http://seatti.org

[8]. http://sinarproject.org

[9]. http://www.philhealth.gov.ph

[10]. http://okfn.org/opendata/

[11]. http://www.fixmystreet.com

[12]. http://openspending.org

[13]. http://ckan.org

[14]. http://sunlightfoundation.com/tools

[15]. http://codeforamerica.org/apps/

[16]. http://www.physionet.org/physiotools/deid/

[17]. http://www.sapa.or.id/

[18]. http://www.openingparliament.org/declaration

For more details visit https://cis-india.org/openness/blog-old/digital-review-asia-pacific-christine-apikul-e-dirap-google-hangout-open-government