Centre for Internet and Society

CCTV plays Sherlock

praskrishna — 2016-04-24T04:51:04Z

Whether it's the Mercedes hit-and-run in Delhi or the antics of the chaddi baniyan gang in Mumbai, police are increasingly relying on CCTV footage to solve crimes. Sunday Times looks at how the small picture is getting bigger. .

The article by Raj Shekhar, Arun Dev, V Narayan & A Selvaraj with inputs from Sindhu Kannan and Somreet Bhattacharya was published by the Times of India on April 24, 2016. Pranesh Prakash was quoted.

In case after high-profile case, cameras have been the big stars of Delhi police investigations in recent months. After the Civil Lines hit-and-run case, where a 17-year-old driving a Mercedes was caught on camera speeding away from his victim, reliable witness to the crime came from a nearby CCTV. A few weeks ago, in the Vikaspuri lynching on Holi eve that threatened to take on communal colours, it was CCTV footage that clinched the case.

Across India, police officials reel off cases where CCTVs have made all the difference in identifying offenders and speeding up investigations. "Petty crimes like snatchings have been brought down by 50% in areas like Chandni Chowk since 2014," estimates Madhur Verma, DCP (north), Delhi Police. "Even if the face cannot be fully recognised, the timing shown on the CCTV grabs, and proof of the accused being present at the spot, can be useful corroborating evidence for the court," says DCP Dhananjay Kulkarni, explaining how CCTV helped nail the infamous "chaddi baniyan gang" in Borivli, Mumbai.

CCTV cameras have proliferated across our public spaces in the last few years, mutely observing our movements. It's not just the police; shops, companies and individuals install them too, and these come in handy for law enforcement. For instance, Delhi has about 1,79,000 CCTV cameras installed around the city, out of which 4,000 have been placed by the Delhi government, and the rest by private agencies who collaborate with the Delhi Police under its 'Eyes and Ears' scheme. "Cameras are a fact of life around the world, there's no going back for the police or for anyone else," says N Ramachandran, a former IPS officer, now president of the Indian Police Academy think-tank.

Whether London, Boston or Bengaluru, it is often a terrorist attack that shocks a city into ramping up its CCTV network. After the Church Street attacks, the police got cracking on surveillance, using crime-mapping techniques and shortlisting vantage points. While they currently use 300 cameras, the police believe the figure must be taken up to 2,500 to keep a better eye on the city.

But does CCTV control crime? To that question, there is only one unsatisfying answer — it depends. The debate is torn between those who see CCTVs as the embodiment of an eerie Orwellian warning, and those who believe that the more cameras there are, the less crime there will be. Studies, though, suggest that CCTV has specific and narrow uses.

Obviously, it helps catch people who have committed an offence, after the event. CCTV networks, though, have no noticeable impact on crime rates according to several reviews in the US and UK. The UK is the most monitored nation in the world, but as a Home Office study in 2005 concluded, there was no statistically significant reduction in crime, once other variables like seasonal and national trends, and other police initiatives, were factored in.

While CCTVs are not easy to isolate as a determining factor in crime control, they are demonstrably effective in some contexts. They can reduce some kinds of disorder and petty crime, particularly in car parks and public transit. Micro-level analyses of aspects like environmental features, camera line-of-sight, enforcement activity, and camera design suggest that the power to deter crime depends greatly on how the CCTV sites are chosen, and police operations designed.

The downsides are well known. The more mundane footage there is, the harder it is for police to sift through. There is often a displacement effect — the presence of a camera pushes the crime off-stage into other areas, or prompting criminals to change tactics in pursuit of the same ends (ie, rather than carry out a drug transaction on the street, arrange online and deliver). What's more, CCTVs can be gamed. In Mumbai, the police has found out that criminals apply toothpaste or flash a torchlight at the lens, or cover up with helmets and burqas, or even steal the digital video recorder in the CCTV. These cameras have to be constantly maintained. "Many believe that CCTV installation is a one-time investment, but it needs to be serviced to yield results," says S. David, who runs an electronics shop and sells CCTV cameras in Chennai's Ritchie Street.

If there is no overwhelming impact on crime prevention, why are India's security forces investing so heavily in CCTVs, and is it worth the inevitable tradeoff with privacy? More worryingly, it is doing so without any comprehensive regulation on their use.

Before this technology of databases and recording, "we seldom had situations where a police official or private detective was trailing you all day, recording your movements, which is more or less the situation with CCTVs now," says Pranesh Prakash of the Centre for Internet and Society. "Yes, you're in a public space, but that doesn't denude you of privacy".

But as Farhad Manjoo, a prominent tech blogger in the US, pointed out, the benefits outweigh our fears about privacy. "When you weigh cameras against other security measures, they emerge as the least costly and most effective choice. In the aftermath of 9/11, it's impossible for you to get into tall buildings, airports, many museums, concerts, and even public celebrations without being subjected to pat-downs and metal detectors. When combined with competent law enforcement, surveillance cameras are more effective, less intrusive, less psychologically draining, and much more pleasant than these alternatives," wrote Manjoo in Slate.

What we need is public oversight over the surveillance apparatus — in other words, we need to watch how they watch us. If there is clear respect for the principles of proportionality, accountability and transparency, "there need not be a conflict between ethical and effective use of these cameras," says Ramachandran.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-raj-shekhar-arun-dev-v-narayan-a-selvaraj-cctv-plays-sherlock

CCTV in Universities

merlin — 2011-09-01T09:50:09Z

Basic Closed Circuit Television (CCTV) Infrastructure is used to observe movements from a central room, and consists of one or more video cameras that transmit video and audio images to a set of monitors or video recorders.

A Brief History of CCTV's

Video surveillance as a means of policing gained prominence in the 1950s when the UK police installed two pan-tilt cameras on traffic lights to monitor traffic near the Parliament. Since then the United Kingdom has become the country with the most number of surveillance cameras.[1]

The proliferation of CCTVs has been attributed to the growing radicalization of human behaviour wherein organized groups terrorized entire nations and threatened their internal security. The 1985 terror attack on the then Prime Minister of Britain by the IRA and many such instances thereafter have led many countries to adopt CCTV as a means of policing. In India, terror attacks on the Mumbai stock market and successive instances have pushed the Indian Government to install CCTVs in prominent public areas so that it is possible to monitor suspicious movements.[2]

CCTVs and Public Perspective

Since the 1950'sCCTVs have become ubiquitous and ever present, monitoring our daily movements, and infringing into our personal space. Though governments believe CCTVs are essential security instruments, the public is less convinced. The early anxiety to be safe from an unseen danger has given way to a new unease amongst the people, that of constantly being watched by an unseen eye.

CCTVs in Educational Institutions

CCTVs are typically used by the government or private agencies for surveillance in areas frequented by the public that need monitoring. Recently though, universities across the length and breadth of the country have resorted to the use of CCTVs for policing campus activities and to keep the students in check and under control. Huge budgets are set to wire campuses with CCTV infrastructure, t causing students to protest as well as laud the initiative by the administration. The debate on CCTVs has gained momentum in recent years with students staging huge rallies both in support of and against it.

Example 1:

The most prominent of the agitations against CCTVs was staged by the students of Jadavpur University in Kolkata on the administration’s decision to install 16 CCTVs on the four main exit points of the campus and other strategic locations.[3] The installation cost Rs.20 lakh. The students protested loudly against the decisions and ‘gheraoed’ the office of the vice chancellor for 52 hours. The students claimed that the administration was curbing their individual freedom and robbing the campus of it’s democratic atmosphere. The administration refused to remove the cameras, and claimed that the move was necessitated for the security of the students and to prevent any unforeseen incident.

Example 2:

The girl’s residing in the Women’s Hostel of The University of Pune protested against the setting up of CCTV cameras’ in the entrances of the hostel to check for unauthorized visits from boyfriends and friends. The girl’s vandalized the camera and claimed that they were an infringement to their privacy. The hostel authorities insisted that the cameras did not infringe on the privacy of the women, and were only installed at the entrance gates to keep a tab on visitors.[4] The authorities claimed that this step was taken in congruence with the hostel’s policy of not allowing visitors to stay the night.

Example 3:

The girls of the Churchgate’s Government Law College succeeded in getting the CCTV camera removed from the Girl’s Common Room, as it was seen as an infringement to their privacy. The MNS stepped up the agitation in favor of the students which led the college administration to finally take notice and remove the camera from the common room.[5]

The Flip Side

The issue of CCTVs in campuses takes an interesting turn when the students support the move to install cameras in campuses.

Example 1:

Delhi University installed CCTV cameras in their campuses after the Delhi Police issued an advisory for the same. They claimed that the advisory issued was to monitor the instances of on campus ragging. The Delhi Police also helped fund the setting up of CCTVs in the college. This move was lauded by the students, and the colleges took instant measures to wire their campuses.[6]

Example 2:

Recently, after the murder of a Delhi University student named Radhika Tanwar in broad day light, many student union groups assembled for a candle light vigil. They demanded CCTV cameras near the Satya Niketan bus stop where Radhika was killed which is an isolated stretch of a road. The massive agitation of almost a week brought the National Commission of Women into the foray who seconded the demand put forth by the student body.[7]

Example 3:

The recent instance of an RTI exposing inflated bills for setting up CCTVs in the Punjab University Campus also throws light on an interesting facet to this debate as the students do not mind the CCTVs in their campus. The student’s union of the university demanded the authorities to look into the discrepancies of the budget, and also expressed anger as the CCTVs installed did not work. The students claimed that the rising violence in the campus is because of disinterested security men and non working CCTV cameras.[8]

Conclusion

The decisions to use CCTVs as a means of surveillance evokes mixed responses. On one side of the debate they are seen as a deterrent to crime while on the other side of the debate they are seen as beinggross infringements on privacy. CCTV surveillance remains as a bone of contention amongst students. If they feel that their personal space is being invaded by these cameras then it needs to be addressed by the administration in a manner which appeases their fear. Universities randomly adopt the policy of CCTV surveillance, disregarding any voice of dissent. Kashmir University put up CCTVs in it’s campus to shoo away lovebirds and the Aligarh Muslim University has installed 57 CCTV cameras in it’s campus to keep a check on students. The rise of the CCTVs in colleges relates to not the actual crime but to the fear of crime. Therefore, CCTVs have become a tool of re-assurance [9]which feeds a notion of safety and security to the authority in charge.

There is no black and white regarding the implementation of CCTVs in universities. A policy can only benefit both sides when decisions are taken with the students, and not on behalf of them. Indian Universities have no guidelines and policies regarding the implementation of CCTVs and students remain unaware of any decisions in this regard. The Universities should clearly spell out their take on CCTVs including:

University policy regarding CCTVs policies
The reasons for introducing CCTVs
The proposed uses of CCTV infrastructure
Which areas in the campus will be kept under surveillance
How will the data collected be stored
How long will the data be retained
How will the data be deleted[10]

The Universities should address all these issues to dispel fear from the minds of the students, and the student unions should be included in the discussions regarding the implementation of CCTVs.

Notes

[1].Webster,William; CCTV policy in the UK: Reconsidering the evidence base; sueveillanceandsociety.org.

[2].Norris, Clive;MC Cahill, Mike;Wood, David; The Growth of CCTV: A Global Perspective on the international diffusion of video surveillance in publically accessible space; surveillance-and-society.org.

[3].Timesnow.tv/jadavpuruniversity, www.haata.com.

[4].http://www.ndtv.com/article/cities/female-hostellers-damage-cctv-cameras-to-protect-privacy-83889, http://toostep.com/debate/is-it-right-to-install-a-cctv-in-girls-hostel-to-stop-unauth.

[5].http://www.mumbaimirror.com/index.aspx?page=article§id=2&contentid=201101212011012104560935753ecb888, http://ibnlive.in.com/news/cctv-cameras-in-hostel-rob-pune-women-of-freedom/142681-3.html.

[6].http://www.expressindia.com/latest-news/after-delhi-police-advisory-du-to-install-cctv-cameras/761421/.

[7].http://www.indianexpress.com/news/women-constables-cctv-cameras-in-girl-stude/766083/.

[8].http://www.punjabcolleges.com/5526999-itemdisplay-Misappropriation-of-funds-on-CCTV,-RTI-exposed-it-Chandigarh.htm.

[9].www.surveillance-and-society.org/ojs/index.php/journal/article/view/prozac/prozac.

[10].www.ucl.ac.uk/estates/security/documents/cctvpolicy.doc, http://www.wustl.edu/policies/cctv-monitoring-and-recording.html.

For more details visit https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities

Capturing Gender and Class Inequities: The CCTVisation of Delhi

Aayush Rathi and Ambika Tandon — 2019-09-27T15:24:10Z

Ambika Tandon and Aayush Rathi generated empirical evidence about the CCTV programme well underway in Delhi. The case study was published by Centre for Development Informatics, Global Development Institute, SEED, in the Development Informatics working paper series housed at the University of Manchester.

Abstract

Cityscapes across the global South, following historical trends in the North, are increasingly being littered by closed-circuit television (CCTV) cameras. In this paper, we study the wholesale implementation of CCTV in New Delhi, a city notorious for incredibly high rates of crime against women. The push for CCTV, then, became one of many approaches explored by the state in making the city safer for women.

In this paper, we deconstruct this narrative of greater surveillance equating to greater safety by using empirical evidence to understand the subjective experience of surveilling and being surveilled. By focussing on gender and utilising work from feminist thought, we find that the experience of surveillance is intersectionally mediated along the axes of class and gender.The gaze of CCTV is cast upon those already marginalised to arrive at normative encumbrances placed by private, neoliberal interests on the urban public space. The politicisation of CCTV has happened in this context, and continues unabated in the absence of any concerted policy apparatus regulating it. We frame our findings utilising an analytical data justice framework put forth by Heeks and Shekhar (2019). This comprehensively sets out a social justice agenda that situates CCTV within the socio-political contexts that are intertwined in the development and implementation of the technology itself.

Click to download the full research paper

For more details visit https://cis-india.org/internet-governance/blog/development-informatics-paper-number-81-aayush-rathi-and-ambika-tandon-capturing-gender-and-class-inequities

Can India Trust Its Government on Privacy?

pranesh — 2013-07-15T10:35:33Z

In response to criticisms of the Centralized Monitoring System, India’s new surveillance program, the government could contend that merely having the capability to engage in mass surveillance won’t mean that it will. Officials will argue that they will still abide by the law and will ensure that each instance of interception will be authorized.

Pranesh Prakash's article was published in the New York Times on July 11, 2013.

In fact, they will argue that the program, known as C.M.S., will better safeguard citizens’ privacy: it will cut out the telecommunications companies, which can be sources of privacy leaks; it will ensure that each interception request is tracked and the recorded content duly destroyed within six months as is required under the law; and it will enable quicker interception, which will save more lives. But there are a host of reasons why the citizens of India should be skeptical of those official claims.

Cutting out telecoms will not help protect citizens from electronic snooping since these companies still have the requisite infrastructure to conduct surveillance. As long as the infrastructure exists, telecom employees will misuse it. In a 2010 report, the journalist M.A. Arun noted that “alarmingly, this correspondent also came across several instances of service providers’ employees accessing personal communication of subscribers without authorization.” Some years back, K.K. Paul, a top Delhi Police officer and now the Governor of Meghalaya, drafted a memo in which he noted mobile operators’ complaints that private individuals were misusing police contacts to tap phone calls of “opponents in trade or estranged spouses.”

India does not need to have centralized interception facilities to have centralized tracking of interception requests. To prevent unauthorized access to communications content that has been intercepted, at all points of time, the files should be encrypted using public key infrastructure. Mechanisms also exist to securely allow a chain of custody to be tracked, and to ensure the timely destruction of intercepted material after six months, as required by the law. Such technological means need to be made mandatory to prevent unauthorized access, rather than centralizing all interception capabilities.

At the moment, interception orders are given by the federal Home Secretary of India and by state home secretaries without adequate consideration. Every month at the federal level 7,000 to 9,000 phone taps are authorized or re-authorized. Even if it took just three minutes to evaluate each case, it would take 15 hours each day (without any weekends or holidays) to go through 9,000 requests. The numbers in Indian states could be worse, but one can’t be certain as statistics on surveillance across India are not available. It indicates bureaucratic callousness and indifference toward following the procedure laid down in the Telegraph Act.

In a 1975 case, the Supreme Court held that an “economic emergency” may not amount to a “public emergency.” Yet we find that of the nine central government agencies empowered to conduct interception in India, according to press reports — Central Board of Direct Taxes, Intelligence Bureau, Central Bureau of Investigation, Narcotics Control Bureau, Directorate of Revenue Intelligence, Enforcement Directorate, Research & Analysis Wing, National Investigation Agency and the Defense Intelligence Agency — three are exclusively dedicated to economic offenses.

Suspicion of tax evasion cannot legally justify a wiretap, which is why the government said it had believed that Nira Radia, a corporate lobbyist, was a spy when it defended putting a wiretap on her phone in 2008 and 2009. A 2011 report by the cabinet secretary pointed out that economic offenses might not be counted as “public emergencies,” and that the Central Board of Direct Taxes should not be empowered to intercept communications. Yet the tax department continues to be on the list of agencies empowered to conduct interceptions.

India has arrived at a scary juncture, where the multiple departments of the Indian government don’t even trust each other. India’s Department of Information Technology recently complained to the National Security Advisor that the National Technical Research Organization had hacked into National Informatics Center infrastructure and extracted sensitive data connected to various ministries. The National Technical Research Organization denied it had hacked into the servers but said hundreds of e-mail accounts of top government officials were compromised in 2012, including those of “the home secretary, the naval attaché to Tehran, several Indian missions abroad, top investigators of the Central Bureau of Investigation and the armed forces,” The Mint newspaper reported. Such incidents aggravate the fear that the Indian government might not be willing and able to protect the enormous amounts of information it is about to collect through the C.M.S.

Simply put, government entities have engaged in unofficial and illegal surveillance, and the C.M.S. is not likely to change this. In a 2010 article in Outlook, the journalist Saikat Datta described how various central and state intelligence organizations across India are illegally using off-the-air interception devices. “These systems are frequently deployed in Muslim-dominated areas of cities like Delhi, Lucknow and Hyderabad,” Mr. Datta wrote. “The systems, mounted inside cars, are sent on ‘fishing expeditions,’ randomly tuning into conversations of citizens in a bid to track down terrorists.”

The National Technical Research Organization, which is not even on the list of entities authorized to conduct interception, is one of the largest surveillance organizations in India. The Mint reported last year that the organization’s surveillance devices, “contrary to norms, were deployed more often in the national capital than in border areas” and that under new standard operating procedures issued in early 2012, the organization can only intercept signals at the international borders. The organization runs multiple facilities in Mumbai, Bangalore, Delhi, Hyderabad, Lucknow and Kolkata, in which monumental amounts of Internet traffic are captured. In Mumbai, all the traffic passing through the undersea cables there is captured, Mr. Datta found.

In the western state of Gujarat, a recent investigation by Amitabh Pathak, the director general of police, revealed that in a period of less than six months, more than 90,000 requests were made for call detail records, including for the phones of senior police and civil service officers. This high a number could not possibly have been generated from criminal investigations alone. Again, these do not seem to have led to any criminal charges against any of the people whose records were obtained. The information seems to have been collected for purposes other than national security.

India is struggling to keep track of the location of its proliferating interception devices. More than 73,000 devices to intercept mobile phone calls have been imported into India since 2005. In 2011, the federal government asked various state governments, private corporations, the army and intelligence agencies to surrender these to the government, noting that usage of any such equipment for surveillance was illegal. We don’t know how many devices were actually turned in.

These kinds of violations of privacy can have very dangerous consequences. According to the former Intelligence Bureau head in the western state of Gujarat, R.B. Sreekumar, the call records of a mobile number used by Haren Pandya, the former Gujarat home minister, were used to confirm that it was he who had provided secret testimony to the Citizens’ Tribunal, which was conducting an independent investigation of the 2002 sectarian riots in the state. Mr. Pandya was murdered in 2003.

The limited efforts to make India’s intelligence agencies more accountable have gone nowhere. In 2012, the Planning Commission of India formed a group of experts under Justice A.P. Shah, a retired Chief Justice of the Delhi High Court, to look into existing projects of the government and to suggest principles to guide a privacy law in light of international experience. (Centre for Internet and Society, where I work was part of the group). However, the government has yet to introduce a bill to protect citizens’ privacy, even though the governmental and private sector violations of Indian citizens’ privacy is growing at an alarming rate.

In February, after frequent calls by privacy activists and lawyers for greater accountability and parliamentary oversight of intelligence agencies, the Centre for Public Interest Litigation filed a case in the Supreme Court. This would, one hopes, lead to reform.

Citizens must also demand that a strong Privacy Act be enacted. In 1991, the leak of a Central Bureau of Investigation report titled “Tapping of Politicians’ Phones” prompted the rights groups, People’s Union of Civil Liberties to file a writ petition, which eventually led to a Supreme Court of India ruling that recognized the right to privacy of communications for all citizens as part of the fundamental rights of freedom of speech and of life and personal liberty. However, through the 2008 amendments to the Information Technology Act, the IT Rules framed in 2011 and the telecom licenses, the government has greatly weakened the right to privacy as recognized by the Supreme Court. The damage must be undone through a strong privacy law that safeguards the privacy of Indian citizens against both the state and corporations. The law should not only provide legal procedures, but also ensure that the government should not employ technologies that erode legal procedures.

A strong privacy law should provide strong grounds on which to hold the National Security Advisor’s mass surveillance of Indians (over 12.1 billion pieces of intelligence in one month) as unlawful. The law should ensure that Parliament, and Indian citizens, are regularly provided information on the scale of surveillance across India, and the convictions resulting from that surveillance. Individuals whose communications metadata or content is monitored or intercepted should be told about it after the passage of a reasonable amount of time. After all, the data should only be gathered if it is to charge a person of committing a crime. If such charges are not being brought, the person should be told of the incursion into his or her privacy.

The privacy law should ensure that all surveillance follows the following principles: legitimacy (is the surveillance for a legitimate, democratic purpose?), necessity (is this necessary to further that purpose? does a less invasive means exist?), proportionality and harm minimization (is this the minimum level of intrusion into privacy?), specificity (is this surveillance order limited to a specific case?) transparency (is this intrusion into privacy recorded and also eventually revealed to the data subject?), purpose limitation (is the data collected only used for the stated purpose?), and independent oversight (is the surveillance reported to a legislative committee or a privacy commissioner, and are statistics kept on surveillance conducted and criminal prosecution filings?). Constitutional courts such as the Supreme Court of India or the High Courts in the Indian states should make such determinations. Citizens should have a right to civil and criminal remedies for violations of surveillance laws.

Indian citizens should also take greater care of their own privacy and safeguard the security of their communications. The solution is to minimize usage of mobile phones and to use anonymizing technologies and end-to-end encryption while communicating on the Internet. Free and open-source software like OpenPGP can make e-mails secure. Technologies like off-the-record messaging used in apps like ChatSecure and Pidgin chat conversations, TextSecure for text messages, HTTPS Everywhere and Virtual Private Networks can prevent Internet service providers from being able to snoop, and make Internet communications anonymous.

Indian government, and especially our intelligence agencies, violate Indian citizens’ privacy without legal authority on a routine basis. It is time India stops itself from sleepwalking into a surveillance state.

For more details visit https://cis-india.org/internet-governance/blog/new-york-times-july-11-2013-can-india-trust-its-government-on-piracy

Call for submissions: The Surveillance Industry and Human Rights.pdf

karan — 2019-02-20T10:46:58Z

For more details visit https://cis-india.org/internet-governance/resources/the-surveillance-industry-and-human-rights.pdf

Call for Researchers: Welfare, Gender, and Surveillance

ambika — 2020-02-13T15:05:37Z

We are inviting applications for two researchers. Each researcher is expected to write a narrative essay that interrogates the modes of surveillance that people of LGBTHIAQ+ and gender non-conforming identities and sexual orientations are put under as they seek sexual and reproductive health (SRH) services in India. The researchers are expected to undertake field research in the location they are based in, and reflect on lived experiences gathered through field research as well as their own experiences of doing field research. Please read the sections below for more details about the work involved, the timeline for the same, and the application process for this call.

Call for Researchers: Download (PDF)

Description of the Work

Each researcher is expected to author a narrative essay that presents and reflects on lived experiences of people of LGBTHIAQ+ and gender non-conforming identities and sexual orientations as they seek sexual and reproductive health (SRH) services in India. We expect the essay to contribute to a larger body of knowledge around the increasing focus on data-driven initiatives for public health provision in the country and elsewhere. Accordingly, the researcher may respond to any one or more than one of the following questions, within the context of the geographical focus as specified by the researcher:

What are the modes of surveillance, especially in terms of generation and exploitation of digital data, experienced by people of marginalised gender identities and sexual orientations in India, as they avail of sexual and reproductive healthcare?
How are the lived experiences of underserved populations, such as people of marginalised gender identities and sexual orientations, shaped by gendered surveillance while accessing sexual and reproductive services?
What are the modes of governance and gender ideologies that have mediated the increasing datafication of such provision?

We expect the researchers to draw on a) the Indian Supreme Court’s framing of privacy in India, as a fundamental right, and its implications; and b) apply and/or build on feminist conceptualisations of privacy. Further, we expect the researchers to respond to the uncertain landscape of legal rights accessible to people of LGBTHIAQ+ and gender non-conforming identities and sexual orientations, especially in the current context shaped by The Transgender Persons (Protection of Rights) Act, 2019.

The researchers will undertake field research in locations of their choice, conduct interviews and discussions with people of LGBTHIAQ+ and gender non-conforming identities and sexual orientations seeking such services, and conduct formal and informal interviews with officials and personnel associated with public and private sector agencies involved in the provision of SRH services.

Eligibility and Application Process

We specifically encourage people of LGBTHIAQ+ and gender non-conforming identities and sexual orientations to submit their applications for this call for researchers.

We are seeking applications from individuals who:

Are based in the place where field study is to be undertaken, for the duration of the study;
Are fluent in the main regional language(s) spoken in the city where the study will be conducted, and in English (especially written);
Preferably have a postgraduate degree (current students should also apply) in social or technical sciences, journalism, or legal studies (undergraduate degree-holders with research or work experience should also apply); and
Have previous research and writing experiences on issues at the intersection of sexual and reproductive health, gender justice and women’s rights, and health informatics or digital public health.

Please send the following documents (in text or PDF formats) to raw@cis-india.org by Friday, January 24 to apply for the researcher positions:

Brief CV with relevant academic and professional information;
Two samples of academic/professional (published/unpublished) writing by the applicant; and
A brief research proposal (around 500 words) that should specify the scope (geographical and conceptual), research questions, and motivation of the essay to be authored by the applicant.

All applicants will be informed of the selection decisions by Friday, January 31.

Timeline of the Work

February 3-7 CIS research team will have a call with each researcher to plan out the work to be undertaken by them

February - March Researchers are to undertake field research, as proposed by the researchers and discussed with the CIS research team

March 27 Researchers are to submit a full draft essay (around 3,000 words)

March 30 - April 3 CIS research team will have call with each researcher to discuss the shared draft essays and make plans towards their finalisation

May 15 Researchers are to submit the final essay (around 5,000 words, without footnotes and references)

As part of this project, CIS will organise two discussion events in Bengaluru and New Delhi during April-June (tentatively). Event dates are to be decided in conversation with the researchers, and they will be invited to present their works in the same.

Remuneration

Each researcher will be paid a remuneration of Rs. 1,00,000 (inclusive of taxes) over two equal installments: first on signing of the agreement in February 2020, and second on submission of the final essay in May 2020.

We will also reimburse local travel expenses of each researcher upto Rs. 10,000, and translations and transcriptions expense (if any) incurred by each researcher upto Rs. 10,000. These reimbursements will be made on the basis of expense invoices shared by the researcher.

Description of the Project

Previous research conducted by CIS on the subject of sexual and reproductive health (SRH) services in India observes that there is a complex web of surveillance, or ‘dataveillance’, around each patient as they avail of SRH services from the state. In this current project, we are aiming to map the ecosystem of surveillance around SRH services as their provision becomes increasingly ‘data-driven’, and explore its implications for patients and beneficiaries.

Through this project, we are interested in documenting the roles played by both the public and the private sector actors in this ecosystem of health surveillance. We understand the role of private sector actors as central to state provision of sexual and reproductive health services, especially through the institutionalisation of data-driven health insurance models, as well as through extensive privatisation of public health services. By studying semi-private, private, and public medical establishments including hospitals, primary/community health centres and clinics, we aim to develop a comparative analysis of surveillance ecosystems across the three establishment types.

This project is led by Ambika Tandon, Aayush Rathi, and Sumandro Chattapadhyay at the Centre for Internet and Society, and is supported by a grant from Privacy International.

Indicative Reading List

We are sharing below a short and indicative list of readings that may be useful for potential applicants.

Aayush Rathi, Is India's Digital Health System Foolproof? (2019)

Aayush Rathi and Ambika Tandon, Data Infrastructures and Inequities: Why Does Reproductive Health Surveillance in India Need Our Urgent Attention? (2019)

Ambika Tandon, Feminist Methodology in Technology Research: A Literature Review (2018)

Ambika Tandon, Big Data and Reproductive Health in India: A Case Study of the Mother and Child Tracking System (2019)

Anja Kovacs, Reading Surveillance through a Gendered Lens: Some Theory (2017)

Lindsay Weinberg, Rethinking Privacy: A Feminist Approach to Privacy Rights after Snowden (2017)

Nicole Shephard, Big Data and Sexual Surveillance (2016)

Sadaf Khan, Data Bleeding Everywhere: A Story of Period Trackers (2019)

For more details visit https://cis-india.org/jobs/researchers-welfare-gender-surveillance-call

Call for Essays: Offline

sneha-pp — 2018-08-20T06:58:05Z

Who is offline, and is it a choice? The global project of bringing people online has spurred several commendable initiatives in expanding access to digital devices, networks, and content, and often contentious ones such as Free Basics / internet.org, which illustrate the intersectionalities of scale, privilege, and rights that we need to be mindful of when we imagine the offline. Further, the experience of the internet, for a large section of people is often mediated through prior and ongoing experiences of traditional media, and through cultural metaphors and cognitive frames that transcend more practical registers such as consumption and facilitation. How do we approach, study, and represent this disembodied internet – devoid of its hypertext, platforms, devices, it's nuts and bolts, but still tangible through engagement in myriad, personal and often indiscernible ways. The researchers@work programme invites abstracts for essays that explore dimensions of offline lives.

Offline

Does being offline necessarily mean being disconnected? Beyond anxieties such as FOMO, being offline is also seen as disengagement from a certain milieu of the digital (read: capital), an impediment to the way life is organised by and around technologies in general. However, being offline is not the exception, as examples of internet shutdown and acts on online censorship illustrate the persistence and often alarming regularity of the offline even for the ‘connected’ sections of the population.

State and commercial providers of internet and telecommunication services work in tandem to produce both the “online” and the “offline” - through content censorship, internet regulation, generalised service provision failures, and so on. Further, efforts to prioritise the use of digital technologies for financial transactions, especially since demonetisation, has led to a not-so-subtle equalisation of the ‘online economy’ with the ‘formal economy’; thus recognising the offline as the zones of informality, corruption, and piracy. This contributes to the offline becoming invisible, and in many cases, illegal, rather than being recognised as a condition that necessarily informs what it means to be digital.

Call for Essays

We invite abstracts for essays that explore social, economic, cultural, political, infrastructural, or aesthetic dimensions of the "offline". Please submit the abstracts by Sunday, September 02.

We will select 10 abstracts and announce them on Wednesday, September 05. The selected authors are expected to submit the first draft of the essay (2000-4000 words) by Friday, October 05. We will share editorial suggestions with the authors, and the final versions of the essays will be published on the researchers@work blog from November onwards. We will offer Rs. 5,000 as honourarium to all selected authors.

Please submit the abstracts (300-500 words) as a text file via email sent to raw@cis-india.org, with the subject line of "Offline".

The essays, for example, may explore one or more of the following themes:

Geographies of internet access: Infrastructural, socio-political, and discursive forces and contradictions
Terms, objects, metaphors, and events of the internet and their offline remediation and circulation
Minimal computing, maker cultures, and digital collaboration and creativity in the offline
Offline economic cultures and transition towards less-cash economy
Offline as democratic choice: the right to offline lives in the context of global debates on privacy, surveillance, and data justice
Methods of studying the "offline" at the intersections of offline and online lives

Please note that the scope of essays need not be limited to the topics mentioned above but may address other dimensions of offline lives.

For more details visit https://cis-india.org/raw/call-for-essays-offline

C.I.S Responds to Privacy Approach Paper

elonnai — 2012-03-21T10:08:10Z

A group of officers was created to develop a framework for a privacy legislation that would balance the need for privacy protection, security, sectoral interests, and respond to the domain legislation on the subject. Shri Rahul Matthan of Tri Legal Services prepared an approach paper for the legal framework for a proposed legislation on privacy. The approach paper is now being circulated for seeking opinions of the group of officers and is also being placed on the website of the Department of Personnel and Training for seeking public views on the subject. The Privacy India team at C.I.S responded to the approach paper and has called for the need for a more detailed study of statutory enforcement models and mechanisms in the creation of a privacy legislation.

1. What is privacy?

a) In the approach paper, the definition of privacy is not consistent and the meanings are used interchangably. It is variously referred to as a right and an expectation. Also, we find that no real distinctions are being made between privacy, data protection, and security. As a result, the paper lays out an approach to a data protection legislation masquerading as a privacy legislation. Thus, we find that there is a need to define and make consistent in the document, the language used to define privacy.

b) CIS, drawing upon the definition of privacy used in the European Union, understands privacy as the right of an individual to be free from unauthorised intrusion and the ability of that individual to control and disseminate information that identifies or characterizes the individual. We thus believe privacy is operative in these contexts:

1. Physical - physical space, body, home, car, etc.

2. Informational - Digital as well as Non-Digital (Information gathering, storage, retrieval, usage, transfer, disposal, etc).

3. Intellectual - Right to make decisions pertaining to oneself, to enjoy one's perspective and ideas. A violation in any of these contexts should be construed as a breach of privacy.

2. Is there a need for privacy protection?

a) We agree that there is a pressing need for privacy protection in the context of the enhanced technological opportunities that have arisen in the past two decades for the exploitation of personal data.

b) As the approach paper rightly concludes, these threats to privacy are magnified by initiatives that interlink databases – such as the UID project.

c) However, we believe that privacy is not limited to data protection and would invite the Committee to consider ways in which it may broaden the ambit of its investigation.

3. Is there a need for such legislation?

a) We reject the “hybrid” approach being offered here. Previous experiences with Self Regulatory Organisations (SROs) in India (for eg. AMFI, MFIN) leaves us with little cause for optimism that they will be an effective guarantor of as sensitive a right as privacy. Curiously, the approach paper itself does not mention this “hybrid” aspect anywhere else in the document.

b) We endorse the attempt to arrive through statute, at a minimal, though robust, horizontal guarantee of privacy that operates across sectors. Just as the parameters of the right to life and liberty are broad guidelines on one hand but have specific and intentional meanings, so should the right to privacy.

4. Legislative Competence:

We agree.

5. Is there a constitutional right to privacy?

a) We agree that the Supreme Court has derived a constitutional right to privacy from Article 21 of the Constitution.

b) However, the approach paper is factual incorrect in its assertion that “all available cases have been decided in the context of government action”. There is by now a sizeable amount of consumer case law which deals with the issue of privacy between private individuals/entities.

c) Most frequently, this issue has arisen the context of hospital/patient relationships and the courts have held the right to privacy as one that is not unqualified.

d) Other common “non-government” arenas where courts have elaborated on the right to privacy include banking and telephony services.

e) We feel that the Committee ought to inform itself more thoroughly about the developing jurisprudence on the right to privacy in India – both in the context of government and non-government actions.

6. Existing legislation:

a) In addition to the IT Act, there are several statutes and subordinate legislation which safeguard an individual’s privacy in specified sectors such as banking, insurance, telephony etc.

b) By neglecting them wholesale, we feel that the approach paper deprives itself of valuable contextual elaborations of the right to privacy in India. The case for a horizontal right to privacy in India can be derived not merely from the inadequacies of the IT Act, but from the cumulative failings of all these numerous dispersed provisions.

c) We agree that ITA does not provide sufficient protection to privacy, and that there is a need for specific legislation that addresses all aspects of privacy, but we would go much further than the current proposal.

d) We suggest that in addition to the requirements listed for data security, a full-fledged privacy legislation needs to include specific regulations on: gathering, retention, access, transfer, security, data quality, and individuals’ consent.

e) Furthermore, the data protection component of the privacy legislation needs to include redress for breaches of data, and the individual must be informed when a data breach takes place and given access to sufficient information to identify who breached the privacy and how – as well as information about what data were compromised and ways to limit or undo the improper disclosure..

f) Generally speaking, a privacy regime should work towards: 1. Increasing the protection of tangible and intangible possessions as well as personal data; 2. Increasing knowledge of privacy and empowering people to make informed choices; 3. Making organizations more accountable for protecting privacy; 4. Compelling (through audits, sanctions, etc) organisations to improve security standards; 5. Increasing individuals’ confidence in privacy laws and the organisations protecting privacy.

7. Potential Conflicts between Data Protection Legislation and other Laws:

We find that it would be useful if the laws that conflict with the data protection legislation are referenced in each section.

7.1 Data Protection and the Right to Information

a) The argument that a privacy legislation would conflict with the RTI is somewhat overstated.

b) Where the government has collected data from individual citizens, that information needs to be exempt from RTI disclosure unless an overriding public interest is demonstrated – which is the current position under the RTI Act.

c) We believe, on the other hand, that public officials ought to be subject to scrutiny by virtue of the public office they hold and that they should be subject to transparency about certain aspects of their life which would not be applicable to the common man. Information about tax filings, credit history, and financial records can help root out corruption, for example.

d) The kinds of personal data that are broadcast in the transparency bulletins should be limited with specifics shared if need be on a case by case basis.

e) As the approach paper itself mentions, the RTI Act is extremely sensitive to the issue of privacy and privacy is one of the most frequent grounds of refusal of data by public bodies.

f) Rulings by various information appellate bodies under the RTI Act have done an admirable job of balancing issues of privacy against the public interest and the proposed privacy legislation ought not to disturb this careful balance.

g) We recommend that the proposed privacy legislation contain a non-obstante clause that subordinates it to the provisions of the RTI Act.

7.2 Data Protection and Credit Verification

a) We agree with the statement but believe the privacy issues that would come up are not limited to just credit verification.

b) All aspects of data collection and handling for the financial sector should be looked into and statutes developed to deal with the sensitive nature of the data.

c) This may include limitations on marketing efforts and disclosure to third-parties.

7.3 Data Protection and Private Investigative Agencies

a) We believe that the private investigators should undergo licensure, and that the PI agencies should be regulated so that any kind of surveillance must comply with privacy protection laws.

b) Judicial oversight should be required in order to take certain kinds of action (access to records, surveillance, monitoring, etc) by these agencies.

7.4 Data Protection and National Security

a) We understand the conflict between the need for a government to ensure the security of its population with the need to protect privacy.

b) We find the most effective resolution is for judicial oversight for some activities (monitoring, surveillance, access to personal records by law enforcement, etc) to be required.

7.5 Data Protection vs. Transparency in Government

a) We feel that this section engages very sloppily with the issue of transparency/corruption in India.

b) It completely ignores the history of the various struggles for transparency in government fought across India, that were aimed precisely at prodding the government out of its secretive shell.

c) In doing so the approach paper risks retarding, at one stroke, all the advances made by these several movements over the past fifty years.

d) The publication of lists of recipients/beneficiaries of schemes has been one of the most hard won, and potent tools that has been used to mobilize collective action by locals against corrupt officials.

e) We empathise with the approach paper’s aspiration that the government “rethink its approach to transparency”, but are skeptical that a new privacy law would, of all things, prompt such a transformative rethinking. We advise caution and certainly greater sensitivity in handling this issue.

8.0 Privacy legislation in other countries:

a) We agree with the recommendations, but would include notification of breach: how, when, what and who.

b) We believe that the auditing of companies is an important security and transparency mechanism that needs to be included, along with the ability to sanction offenders and methods of redressal for aggrieved parties.

9.0 Proposed Framework for Privacy Legislation:

a) Although India lacks a horizontal law of privacy, various sectoral laws currently function to provide a degree of protection. For instance, sectoral regulatory agencies such has TRAI, RBI and SEBI have periodically issued guidelines on privacy which are enforceable through tribunals and ombudsmen under the respective enactments. Professional bodies like the Medical Council and the Bar Council prescribe privacy and confidentiality norms which members of these bodies must adhere to.

b) In this context, the approach paper’s suggestion of a “framework” followed by sectoral guidelines would appear to be no more than a duplication through statute of the extant state of affairs.

c) We would recommend instead, the provision in the act of a robust, general “right to privacy” which would provide a threshold level of protection to the individual. Sectoral guidelines on privacy could then be framed to operate in addition to existing sectoral norms, thereby raising the bar of privacy in that particular sector.

d) We also find the framework primarily targeted toward digital data protection alone, and it needs to address all forms of information and include personal and intellectual contexts.

9.1 Applicability

We endorse the approach paper’s recommendation that the proposed legislation apply both to private and public entities. However, we feel that this does not exhaust the issue of ‘applicability’. Specifically we invite the Committee’s attention to the following issues:

a) We believe that the data and the private information that are already in the possession of the government and public/private companies should come under the ambit of the legislation. I.e. it should be applicable to all data collected by any entity, regardless of the fact that such data is otherwise publicly obtainable.

b) We invite the Committee’s consideration on whether it would be wise to limit the applicability of the act to regulating the organized, systematic collection of large amounts of personal data by entities, however incorporated. This would, as the approach paper suggests, exempt from the purview of this Act, private and domestic collection of information. In addition it would exempt marginal collectors such as hobbyist website designers, academic researchers etc from the scope of this act. Remedies against these users would still remain, as they have thus far in Tort law.

9.2 Data

While we acknowledge that certain kinds of information may be more sensitive than others, we feel that the approach paper has not adequately made use of this distinction in its later segments. Specifically we believe:

a) The distinction is useful to prescribe enahanced security precautions during the stage of data collection. For example, the collection of genetic data or HIV status of a person can be made subject to very stringent conditions compared to say, the collection of more mundane details like name, age.

b) However, we believe the distinction is not useful if is used, say, to provide differentiated access/data security standards for the two types of information. Eg. If the law stipulated a lesser penalty for the exposure of personal data as opposed to sensitive data. Or if the law prescribed a lesser security standard for personal data compared to personal sensitive data. The threat posed by information depends heavily on the context in which it is used, and in the tragic aftermath of Godhra, even a list of names (which the approach paper has not regarded as ‘sensitive’) could be used to lethal purposes.

9.3 Personal Data

We endorse the need expressed by the approach paper for a multilateral definition of the way in which information may identify a person

9.4 Personal Sensitive Data

See comments at 9.2 above

9.5 Data Collection

a) We feel that while informed consent ought to be mandatory in all situations the mandatory requirement of informed ‘written’ consent could be confined only to collection of sensitive information and any information that is likely to be stored for longer durations than say, a week.

b) This would exempt benign uses such as by academic researchers or hobbyist website designers or photographers who inadvertently collect small quantities of ‘personal data’.

c) Simultaneously, more ‘industrial’ collectors of personal information such as telephone and insurance companies would be required to obtained written consent. Note that this would not exempt them from the requirement of observing standards of data security, but only free them of the obligation of having obtained written consent.

d) It is important that this requirement would be in addition to but not diminish consent requirements under existing law. For instance, various judicial decisions and the NHRC have stipulated guidelines governing the administration of the polygraph test to an accused. These include the provision of legal assistance and the requirement that consent be recorded before a judge. The simple requirement of “Informed written consent” under the privacy act should not override more other rigorous judicial guidelines.

e) As a overriding safeguard, we think that where “balancing interests” come into play, such interest must first seek and obtain judicial approbation.

9.6 Data Processing

a) We agree with the need to fix primary responsibility for data security on the data controller, however,

b) it may be in the interest of the citizen/victim to stipulate that in the event of a breach by the data processor, she may prefer her remedy against either the data processor or the data controller.

c) We reject the approach paper’s view that concessions need to be made “considering the population of India”. After all, considering this population, the very necessity of a privacy legislation itself may also have to “be considered”.

9.7 Data Storage

a) We concur that data should be stored only until the time the purpose for which it was collected is achieved.

b) Further, the Committee could consider introducing a presumption that in all cases, unless demonstrated otherwise, the purpose of data collection would be deemed to have been served within, say, 6 months from the date of collection.

c) We believe that this could be strengthened by placing the onus on the data controller, in the event of any dispute, to prove that the stated purpose has not yet been achieved. Any data that are required for national security or for archival, etc should come under the scrutiny of the judiciary.

d) We endorse the approach paper’s conservative stance on linking of databases.

9.8 Data Security

a) We invite the Committee to explore the possibility of gradated data security standards depending on the size of the data collection and the sensitivity of the information held.

b) This would ensure that different security standards would apply to, on the one hand, academic researchers and hobbyist website designers who collect marginal data in small ephemeral collections, and on the other hand large insurance companies which maintain large perpetual data warehouses of personal information.

9.9 Data Access

a) We agree that data subjects ought to have a ‘moral right’ that guarantees the integrity of data collected and maintained about them.

b) We believe that the proposed legislation should provide a clear and speedy mechanism to activate this right.

9.10 Cross Border Applicability and Transfer

a) We would argue that India does need comprehensive legislation and strong enforcement. Population size is not a reason for loose legislation. To the contrary, it buttresses the argument for urgent action to be taken, since the stakes are exponentially greater in a country where a billion people stand to lose their privacy compared to countries with populations numbering in the trifling millions.

b) Furthermore, the benefits to international trade should be taken into consideration when determining the stringency of a data protection regime, and this should inform the terms of the statutes that are enacted.

9.11 Exemptions

a) We believe that exemptions to the legislation should be carefully worded and where possible, permitted only through judicial oversight.

b) Care must be taken to see that exemptions under the proposed legislation do not end up widening the scope of intrusion than allowable under existent law. eg. An exemption in the Privacy act on grounds of ‘national security’ should not permit wiretapping agencies to circumvent the due procedure requirements under the Telegraph Act or to violate principles of natural justice.

9.12 Automated Decision Making

a) We agree but we think that there is a present need for automated decision related laws since the technology is already in use in India and other countries.

b) In particular, we would endorse the incorporation of provisions which would compel disclosure of the fact that automated decision making algorithms are being employed along with a synopsis of the logic of such algorithms.

9.13 Regulatory Set Up

We believe that effective regulation and inexpensive, speedy redress are critical for the success of the proposed right to privacy legislation. We believe the approach paper, while admirable in the scope of the subject it covers, deals with this issue rather inadequately under the overbroad heading of “Regulatory Set up” .

a) At the outset we believe that standards-setting functions could be and ought to be separated from adjudicatory functions. This is a model that has proven successful in various other domains in India in the recent past (eg. TRAI/TDSAT and SEBI/SAT. ) and could be usefully imported in the present context

b) Secondly, we we believe that the approach paper is not clear enough on whether civil or criminal penalties are intended. We believe that a judicious mix of both would be necessary in order to minimize the risk of individuals being needlessly harassed by enforcement agencies, whilst simultaneously dealing firmly with corporations and other entities whose violations of privacy threaten the greatest harm. We believe that the proposed legislation could be modeled along the lines of the Workmen’s Compensation Act, the Motor Vehicles Act and similar legislations which provide a minimum assured relief immediately upon the establishment of a claim.

c) Lastly, we firmly reject the approach paper’s proposal to merge the functions of the data regulator under the Privacy legislation with those of the Information Commissioners under the Right to Information Act. We believe that the Right to Information Act is a landmark legislation which has, in a short while, become a critical tool of empowerment in the hands of the citizens and civil service organizations. One of the most frequently cited reasons by which government departments refuse access to information under the RTI is on grounds of ‘privacy’. In most cases these turn out to be delaying tactics to shield the actions of a few corrupt officials from public scrutiny. The success of the RTI Act hinges on its interpretation and promulgation by officers who believe in the peremptory importance of openness of information in the public interest. The right to privacy demands an opposite orientation and the merging of the two in one officer would lead to an unsatisfactory implementation of both. We believe, as indicated above, that privacy claims that conflict with a citizen’s exercise of her right to information are being resolved satisfactory by the information commissioners under the RTI Act at present and the proposed Privacy legislation should not disturb this.

Conclusion

We commend the drafters of the approach paper for their having skillfully woven together the best international practices related to privacy, with an eye to specifics of the Indian situation. However we also feel that the Committee could have been better served by a more detailed study of statutory enforcement models and mechanisms that have succeeded in expanding the reach of remedies to Indians eg. the Consumer Protection Act, Motor Vehicles Act etc.

Approach Paper: 121KB

For more details visit https://cis-india.org/internet-governance/blog/privacy/c.i.s-responds-to-privacy-approach-paper

C-DoT's surveillance system making enemies on internet

praskrishna — 2014-04-04T09:45:37Z

Reporters Without Boundaries says it gives unbridled power to law- enforcement agencies to snoop on citizens.

The article by Krishna Bahirwani was published in DNA on March 21, 2014. Sunil Abraham is quoted.

The Central Monitoring System (CMS) developed by the Centre for Development of Telematics (C-DoT) has come under fire from a France based non-profit organisation, which claims the system has the capacity to directly snoop on all forms of communications over phone and internet, without involving telecom operators.

The NGO's Reporters Without Boundaries report 2014, 'Enemies Of The Internet' has equated C-DoT with Government Communications Headquarters (GCHQ) in the UK, and the US's National Security Agency (NSA), which recently came under criticism for spying on citizens.

CMS, India's mass electronic surveillance system, was rolled out in 2013.

Before the CMS, tapping was done by the telecom operators, but not before taking prior permission. The CMS gives direct access to C-DoT employees and law-enforcement agencies.

CMS has created an automated front containing central and regional databases, which central and state government agencies can use to intercept and monitor any landline, mobile or internet connection in India.

Minister of state for information technology Milind Deora said, "The new data collection system will actually improve citizens' privacy because telecommunications companies would no longer be directly involved in the surveillance."

Asked what would prevent C-DoT employees, who would have access to data, from misusing it, Deora said, "There is a switching mechanism (that) diverts the call to law-enforcement agencies and eliminates layers. The existing surveillance and interception system is actually insecure as the operator, people from the home ministry and other government officials have access to the data. The CMS will erase such people from play."

"I want the people to know the design aspects and how the system is being used for lawful interceptions, so that they can shed their inhibitions We do not want to put power in the hands of the bureaucrats" he said.

Harold Dcosta, a cyber security expert who trains Maharashtra and Goa police, said, "It's possible that employees of CDoT/law enforcement agencies could use the information gathered by CMS for personal or political use although 43 and 43 A of the IT Act would protect people when something like that happens and will give the person compensation.

He said, "There should be more transparency with regard to CMS".

Sunil Abraham, executive director of Bangalore-based non-profit Centre for Internet and Society said the mistaken assumption in their thinking is technology will serve as a check and balance.

"Technology can always be compromised," he said. There is no way to find out about what is actually going on. If the CMS is abused it is very difficult to prove."

Deora said a privacy law is being drafted to address these issues. Last month, a parliamentary standing committee rejected the government claim that IT Act protects citizens' privacy. The committee, chaired by former Congress MP Rao Inderjit Singh, said, "The committee is extremely unhappy to note that the government is yet to institute a legal framework on privacy."

For more details visit https://cis-india.org/news/dna-march-21-2014-krishna-bahirwani-c-dots-surveillance-system-making-enemies-on-internet

Bumpy road ahead for RFID Tags in vehicles

praskrishna — 2016-12-10T04:31:11Z

The government plans to make digital tags in vehicles mandatory to ensure seamless passage at the toll booths, but the implementation of the proposed move may not be so smooth.

The article by Smriti Sharma Vasudeva was published in the Statesman on December 7, 2016. Pranesh Prakash was quoted.

On one hand, the digital tags stand to compromise the safety of the vehicle and the owners, while on the other, majority of automobiles manufacturing companies claim that the vehicles are being equipped with the digital tags since 2013 and it is the implementation of the order that has been grossly ineffective.

Post the recent demonetisation, as a part of the government’s efforts towards a cashless society, Economic Affairs Secretary Shaktikanta Das stated that the union government has advised the automobile manufacturers to provide a digital identity tag in all new vehicles, including cars, to enable electronic payment at all toll plazas and ensure seamless movement at check posts.

He said the provision of Electronics Product Code Global Incorporated (EPCG)-compliant Radio Frequency Identification (RFID) facility in all new vehicles will ensure payment of toll digitally and also avoid the waiting time, and the vehicles will move seamlessly without having to wait at check posts. “This will improve the functioning of toll plaza, digital payments,” Das said.

In fact, the move to mandate all the vehicles with RFID tags was first made in 2013 when the then government made it compulsory to install Radio Frequency Identification (RFID) tags on the medium and heavy motor vehicles through the proposed rule 138A of the Central Motor Vehicle Rules, 1989. However, the same could not be fully implemented for several reasons and was also opposed by public and advocacy groups alike.

In 2013, the Centre for Internet and Society (CIS), a non-profit organisation sent an open letter to the Society of Indian Automobile Manufacturers (SIAM) to urge them not to install RFID tags in vehicles in India as the legality; necessity and utility of RFID tags had not been adequately proven.

The letter stated that such technologies raise major ethical concerns, since India lacks privacy legislation, which could safeguard individual’s data. The letter added that the proposed rule 138A of the Central Motor Vehicle Rules, 1989, mandates that RFID tags are installed in all light motor vehicles in India.

However, section 110 of the Motor Vehicles Act (MV Act), 1988, does not bestow on the Central Government a specific empowerment to create rules in respect to RFID tags. Thus, the legality of the proposed rule 138A is questioned, and we urge you to not proceed with an illegal installation of RFID tags in vehicles until the Supreme Court has clarified this issue.

Speaking to The Statesman, Pranesh Prakash, Policy Director, Centre for Internet and Society said, “Our stand remains the same as it was three years ago when we spoke out against this move: mandating RFID tags in all vehicles is a terrible idea, and a privacy and security nightmare. “It is important to ensure that RFID tagging (and other similar technologies, like automated licence plate readers) do not end up as a means of engaging in mass surveillance and tracking, which would be contrary to the judgments of the Supreme Court in cases like Kharak Singh vs the Union Government.

“The government has not provided any safeguards — such as mandating non-storage of any vehicle-identifying data. The government has asked manufacturers of all vehicles to include trackers, not just for goods vehicles or mass transport vehicles.

“Nor has the government come up with any standards to ensure security of the RFID tags — to prevent unauthorized third parties from tracking you or deducting money from your account. In short, the government should immediately retract its advice to vehicle manufacturers, and should work with experts to fix these problems,” Prakash said.

For more details visit https://cis-india.org/internet-governance/news/statesman-december-7-2016-smriti-sharma-vasudeva-bumpy-road-ahead-for-rfid-tags-in-vehicles

Brindaalakshmi.K - Gendering of Development Data in India: Beyond the Binary

Brindaalakshmi.K — 2020-06-30T10:26:40Z

This report by Brindaalakshmi.K seeks to understand the gendering of development data in India: collection of data and issuance of government (foundational and functional) identity documents to persons identifying outside the cis/binary genders of female and male, and the data misrepresentations, barriers to accessing public and private services, and informational exclusions that still remain. Sumandro Chattapadhyay edited the report and Puthiya Purayil Sneha offered additional editorial support. This work was undertaken as part of the Big Data for Development network supported by International Development Research Centre (IDRC), Canada.

Part 1 - Introduction, Research Method, and Summary of Findings: Download (PDF)

Part 2 - Legal Rights and Enumeration Process: Download (PDF)

Part 3 - Identity Documents and Access to Welfare: Download (PDF)

Part 4 - Digital Services and Data Challenges: Download (PDF)

India has been under a national lockdown due to the global outbreak of the COVID-19 pandemic since late March 2020. Although transgender persons or individuals who do not identify with the gender of their assigned sex at birth, fall into the eligibility category for the relief measures announced by the State, the implementation of the relief measures has seen to be inefficient in different states [1] of the country [2]. Many transgender persons still do not have proper identification documents in their preferred name and gender that can help them with claiming any welfare that is available [3].

Historically, the situation of transgender persons in India has been so, even prior to the present pandemic. A qualitative research study titled Gendering of Development Data in India: Beyond the Binary was undertaken during October 2018 - December 2019, to understand the gendering of development data in India, collection of data and issuance of government (foundational and functional) identity documents to persons identifying outside the cis/binary genders of female and male, and the data misrepresentations, barriers to accessing public and private services, and informational exclusions that still remain.

The interviews for this study were conducted in late 2018 and this report was completed in the beginning of 2020, after India went through an extended national debate on and finally enactment of the Transgender Persons (Protection of Rights) Act during 2019. Three key observations from this study are presented in this blog post. Although these observations were made prior to the release of the draft rules of the new law, it is important to note that the law along with the draft rules in its present version will likely aggrevate the data and social exclusions faced by the transgender community in India.

Observation 1: The need for data has sidestepped the state’s responsibility to address the human rights of its people

The present global development agenda is to leave no one behind [4]. The effort to leave no one behind has shifted the focus of the state towards collecting data on different population groups. The design of and access to welfare programmes relies heavily on the availability of data. The impact of these programmes are again measured and understood as reflected by data. This shift in focus to data has led to further exclusion of already disenfranchised groups including the transgender community [5]. The problem with this lies in the framing of the development discourse as one that demands data as the prerequisite to access welfare benefits.

However, there are significant issues with the data on transgender persons that has been fed into different national and state-level databases, beginning with the census of 2011. For the first time, census of 2011 attempted to enumerate transgender persons. However, the enumeration of transgender persons for the census of 2011 has been severely criticised by the transgender community due to lack of

Clear distinction between sex and gender in the census data collection process,
Community consultation in designing the enumeration process, and
Inclusion of all transgender identities, among others.

However, this flawed data set is being used as the primary data for fund allocation across different states for transgender people’s inclusion, note respondents. Further, any person identifying outside the gender of their assigned sex at birth faces the additional burden of proving their gender identity to access any welfare benefit. However, cisgendered men or women are never asked to prove their gender identity. The need for data from a marginalised population group without addressing the structural problems has only led to further exclusion of this already invisible group of individuals, note respondents. Further, the Transgender Persons (Protection of Rights) Act, 2019 was passed despite the severe criticisms from the transgender community, human rights activist groups [6] and even opposition political parties [7] in India for several reasons [8].

Observation 2: Replication of existing offline challenges by digital systems in multiple data sources, continues to keep transgender persons excluded

Digitisation was supposed to remove existing offline challenges and enable more people centric systems [9]. However, digital systems seem to have replicated the existing offline challenges. In several cases, digitisation has added to the complexities involved.

The replication of challenges begins with the assumption that digital processes are the best way to collect data on transgender persons. Both level of literacy and digital literacy are low among transgender persons in India. According to a report by the National Human Rights Commission [10], nearly 50% of transgender persons have studied less than Class X. This has a significant effect on their access to different rights.

Access to mobile phones is assumed to bridge this access gap to online systems and services. However, observations from different respondents suggest otherwise. Additionally, due to their gender identity, transgender individuals face different set of challenges in procuring valid identification documents required to enter data systems, note respondents. This includes but not limited to:

Lack of standardised online or offline processes to aid in changing their documents and vary within each state in different documents.
Procuring any identification document in preferred name and gender requires existing identification documents in given name and assigned gender, in both online and offline processes. However, due to the stigma with their gender identity, transgender persons often run away from home with no identification document in their assigned name and gender.
With or without an existing ID document, individuals have to go through a tedious offline legal process to change their name and gender on different documents.
Information on such processes, digital or otherwise are usually available only to individuals who are educated or associated with a non-profit organisation working with the community. The challenges are higher for individuals with neither.

Observation 3: Private big data is not good enough as an alternative source of evidence for designing welfare services for transgender persons

Globally, public private partnerships for big data are being pushed through different initiatives like Data Collaboratives [11] and UN Global Pulse [12], among others. These private partnerships are being seen as key to using big data for official statistics, which can then aid in making welfare decisions [13]. However, the respondents note that the different private big data sources are not good enough to make welfare decisions for various reasons including but not limited to:

Dependency on government documents: Access to any private service system like banking, healthcare, housing or education by any individual requires verification using some proof of identity. The discrimination and challenges in procuring government issued identification documents impacts the ability of transgender persons to enter private data systems. This in turn impacts their access to services.
Misrepresentation in data: The dependency of private services on government issued documents / government recorded data, and hierarchy among such documents/data and the continued misrepresentation of transgender people, impacts the big data generated by private service providers. Due to the stigma faced, many transgender persons avoid using public healthcare systems for other medical conditions. The heavy dependency on private health care and lower usage of public health systems, results in insufficient big data on transgender persons, created by both public and private medical care and hence cannot be used to design health related welfare services.
Social media data issues: Different websites and apps also use social media login as the ID verification mechanism. Since not all transgender persons are out to their family and friends about their gender identity, they often tend to have multiple social media accounts with different names and gender to protect their identity. When open about their gender identity, harassment and bullying of transgender persons with violent threats or sexually lucid remarks are quite common on social media platforms. Online privacy therefore continues to be a serious concern for them. Disclosing their transgender status also enables the system to predict user patterns of a vulnerable group with potential for abuse, note respondents.

In conclusion, the present global pandemic has further amplified the inherent flaws in the present data-driven welfare system in the country and its impacts on a marginalised population group like transgender persons in the country. Globally, gender in development data is seen in binary genders of male and female, leaving behind transgender individuals or those who do not identify with the gender of their assigned sex at birth. So the dominant binary gender data conversation is in fact leaving people behind. With the regressive Transgender Persons (Protection of Rights) Act of 2019 and its rules, this inadequacy in the global development agenda related to gender equality is felt at an amplified scale.

Building on the work of Dr. Usha Ramanathan, a renowned human rights activist, I say that data collection and monitoring systems that tag, track, and profile transgender persons placing them under surveillance, have consequences beyond the denial of services, and enter into the arena of criminalising for being beyond the binary [14]. The vulnerabilities of their gender identity exacerbates the threat to freedom. With their freedom threatened, expecting people to be forthcoming about self-identifying themselves in their preferred name and gender, so as to ensure that they are counted in data-driven development interventions and can thus access their constitutionally guaranteed rights, goes against the very idea of sustainable development and human rights.

References

[1] Kumar. V (2020, May 13). In Jharkhand, a Mockery of 'Right to Food' as Lockdown Relief Measures Fail to Deliver. The Wire. Retrieved from: https://thewire.in/food/lockdown-jharkhand-hunger-deaths-corruption-food

[2] Manoj. C.K. (2020, April 24). COVID-19: Thousands pushed to starvation due to faulty biometric system in Bihar. DownToEarth. Retrieved from: https://www.downtoearth.org.in/news/food/covid-19-thousands-pushed-to-starvation-due-to-faulty-biometric-system-in-bihar-70681

[3] G. Ram Mohan. (2020, May 01). Eviction Fear Heightens as Lockdown Signals Loss of Livelihood for Transgender People. The Wire. Retrieved from: https://thewire.in/rights/transgender-people-lockdown-coronavirus

[4] UN Statistics (2016). The Sustainable Development Goals Report 2016. United Nations Statistics. Retrieved from: https://unstats.un.org/sdgs/report/2016/leaving-no-one-behind

[5] Chakrabarti. A (2020, April 25). Visibly Invisible: The Plight Of Transgender Community Due To India's COVID-19 Lockdown. Outlook. Retrieved from: https://www.outlookindia.com/website/story/opinion-visibly-invisible-the-plight-of-transgender-community-due-to-indias-covid-19-lockdown/351468

[6] Knight Kyle. (2019, December 05). India’s Transgender Rights Law Isn’t Worth Celebrating. Human Rights Watch. Retrieved from: https://www.hrw.org/news/2019/12/06/indias-transgender-rights-law-isnt-worth-celebrating

[7] Dharmadhikari Sanyukta. (2019). Trans Bill 2019 passed in Lok Sabha: Why the trans community in India is rejecting it. The News Minute. August 05. Retrieved from: https://www.thenewsminute.com/article/trans-bill-2019-passed-lok-sabha-why-trans-community-india-rejecting-it-106695

[8] Editorial. (2018, December 20). Rights, revised: on the Transgender Persons Bill, 2018. The Hindu. Retrieved from: https://www.thehindu.com/opinion/editorial/rights-revised/article25783926.ece

[9] Ministry of Electronics and Information Technology, Government of India. (2018). National e-Governance Plan. Retrieved from: https://meity.gov.in/divisions/national-e-governance-plan

[10] Kerala Development Society. (2017, February). Study on Human Rights of Transgender as a Third Gender. Retrieved from: https://nhrc.nic.in/sites/default/files/Study_HR_transgender_03082018.pdf

[11] Verhulst, S. G., Young, A., Winowatan, M., & Zahuranec, A. J. (2019, October). Leveraging Private Data for Public Good: A Descriptive Analysis and Typology of Existing Practices. GovLab, Tandon School of Engineering, New York University. Retrieved from: https://datacollaboratives.org/static/files/existing-practices-report.pdf

[12] Kirkpatrick, R., & Vacarelu, F. (2018, December). A Decade of Leveraging Big Data for Sustainable Development. UN Chronicle, Vol. LV, Nos. 3 & 4. Retrieved from: https://unchronicle.un.org/article/decade-leveraging-big-data-sustainable-development

[13] See [11].

[14] Ramanathan. U. (2014, May 02). Biometrics Use for Social Protection Programmes in India Risk Violating Human Rights of the Poor. UNRISD. Retrieved from: http://www.unrisd.org/sp-hr-ramanathan

For more details visit https://cis-india.org/raw/brindaalakshmi-k-gendering-development-data-india

Brindaalakshmi.K - Gendering of Development Data in India - Beyond the Binary #4

sumandro — 2020-06-30T10:34:03Z

For more details visit https://cis-india.org/raw/brindaalakshmi-k-gendering-of-development-data-in-india-beyond-the-binary-4

Brindaalakshmi.K - Gendering of Development Data in India - Beyond the Binary #2

sumandro — 2020-06-30T09:45:47Z

For more details visit https://cis-india.org/raw/brindaalakshmi-k-gendering-of-development-data-in-india-beyond-the-binary-2

Brindaalakshmi.K - Gendering of Development Data in India - Beyond the Binary #1

sumandro — 2020-06-30T09:42:55Z

For more details visit https://cis-india.org/raw/brindaalakshmi-k-gendering-of-development-data-in-india-beyond-the-binary-1

Breach Notifications

Admin — 2017-11-14T15:31:38Z

For more details visit https://cis-india.org/internet-governance/files/breach-notifications.pdf