Centre for Internet and Society

The War for India's Internet

praskrishna — 2012-06-14T09:12:34Z

Why is the world's biggest democracy cracking down on Facebook and Google? Rebecca Mackinnon's article was published in Foreign Policy on June 6, 2012.

"65 years since your independence," a new battle for freedom is under way in India -- according to a YouTube video uploaded by an Indian member of Anonymous, the global "hacktivist" movement. With popular websites like Vimeo.com blocked across India by court order, the video calls for action: "Fight for your rights. Fight for India." Over the past several weeks, the group has launched distributed denial-of-service attacks against websites belonging to Internet service providers, government departments, India's Supreme Court, and two political parties.

Street protests are being planned for this coming Saturday, June 9, in as many as 18 cities to protest laws and other government actions that a growing number of Indian Internet users believe have violated their right to free expression and privacy online. A lively national Internet freedom movement has grown rapidly across India since the beginning of this year. The most colorful highlight so far was a seven-day Gandhian hunger strike, otherwise known as a "freedom fast," held in early May on a New Delhi sidewalk by political cartoonist Aseem Trivedi and activist-journalist Alok Dixit. Trivedi's website was shut down this year in response to a police complaint by a Mumbai-based advocate who alleged that some of Trivedi's works "ridicule the Indian Parliament, the national emblem, and the national flag."

Escalating political and legal battles over Internet regulation in India are the latest front in a global struggle for online freedom -- not only in countries like China and Iran where the Internet is heavily censored and monitored by autocratic regimes, but also in democracies where the political motivations for control are much more complicated. Democratically elected governments all over the world are failing to find the right balance between demands from constituents to fight crime, control hate speech, keep children safe, and protect intellectual property, and their duty to ensure and respect all citizens' rights to free expression and privacy. Popular online movements -- many of them globally interconnected -- are arising in response to these failures.

Only about 10 percent of India's population uses the web, making it unlikely that Internet freedom will be a decisive ballot-box issue anytime soon. Yet activists are determined to punish New Delhi's "humorless babus," as one columnist recently called India's censorious politicians and bureaucrats, in the country's media. Grassroots organizers are bringing a new generation of white-collar protesters to the streets to defend the right to use a technology that remains alien to the majority of India's people.

The trouble started with the 2008 passage of the Information Technology (Amendment) Act, whose Section 69 empowers the government to direct any Internet service to block, intercept, monitor, or decrypt any information through any computer resource. Company officials who fail to comply with government requests can face fines and up to seven years in jail. Then, in April 2011, the Ministry of Communications and Information Technology issued new rules under which Internet companies are expected to remove within 36 hours any content that regulators designate as "grossly harmful," "harassing," or "ethnically objectionable" -- designations that are open to a wide variety of interpretations and that free speech advocates argue have opened the door to abuse. It is thanks to these rules that the website of the hunger-striking cartoonist, Trivedi, was taken offline. Also thanks to the 2011 rules, Facebook and Google are facing trial for having failed to remove objectionable content. If found guilty, the companies could face fines, and executives could be sentenced to jail time.

Saturday's protesters are calling for annulment of the 2011 rules and the repeal of part of the 2008 act. They are also calling for Internet service companies to reverse the wholesale blocking of hundreds of websites, including the file-sharing services isoHunt and The Pirate Bay, as well as the video-sharing site Vimeo and Pastebin, which is primarily used for the sharing of text and links. Internet service providers were responding to a court order from the Madras High Court demanding the blockage, which is aimed at preventing the online distribution of pirated versions of one particular film. The Internet companies, fearing that they would not be able to catch every individual instance on every possible site they host, instead chose to block entire services along with all of their content -- which had nothing to do with the film in question.

Such "John Doe" orders, named because they are directed against unknown potential offenders in the present and future, are characterized "by their overly broad and sweeping nature," argue lawyer Lawrence Liang and researcher Achal Prabhala, which extends "to a range of non-infringing activities as well, thus catching a whole range of legal acts in their net." More broadly, as Delhi-based journalist Shivam Vij wrote in a recent essay: "The current mechanisms of internet censorship in India -- blocking, direct removal requests to websites, intermediary rules -- are draconian and unconstitutional. They need to be replaced with a new set of rules that are fair, transparent and accessible for public scrutiny. They should not be amenable to misuse by the powers-that-be for their own private interests."

Not only are the rules abused, but researchers find that they are causing extralegal censorship by companies that overcompensate in order to err on the side of caution. Last year, the Bangalore-based Centre for Internet and Society performed an experiment in which it sent "legally flawed" takedown demands to seven companies that provide a range of online services, including search, online shopping, and news with user-generated comments. The legal flaws in the notices were such that the companies could have rejected them without being in breach of the law. Yet "of the 7 intermediaries to which takedown notices were sent, 6 intermediaries over-complied with the notices, despite the apparent flaws in them," reads the Centre for Internet and Society report.

Despite the growing public opposition, a motion to annul the 2011 rules was defeated by voice vote in the upper house of Parliament last month. Yet the criticism was sufficiently sharp that Communications Minister Kapil Sibal announced that he will hold consultations with all members of Parliament, representatives of industry, and other "stakeholders" to discuss the law's problems and how it might be revised. Many of the law's critics, however, are skeptical that this will eliminate the law's deep flaws and loopholes for abuse, especially given the government's failure to listen so far. Comments on the 2011 rules submitted last year by the Centre for Internet and Society were not even acknowledged as having been received by the Ministry of Communications and Information Technology. "Sibal uses the excuse of national security and hate speech," says the center's director, Sunil Abraham, "but that is not what is happening."

Abraham worries that what is really happening is a government effort at Internet "behavior modification" through a process akin to an experiment involving caged monkeys, bananas, and ice water. Put four monkeys in a cage and hang a bunch of bananas on the ceiling. Every time one of them climbs up to reach the bananas, you drench all of them with ice water. Soon enough, the monkeys will start policing themselves -- attacking anybody who tries to reach the bananas, making it unnecessary for their masters to deploy the ice water. "This is why the government is being so aggressive so early on, with only 10 percent of India's population online," says Abraham. "If you start the drenching early on, by the time you get to 50 percent [Internet penetration], every one will be well-behaved monkeys." Companies will act as private Internet police for fear of legal punishment before the government is called upon to step in and enforce the law. If it works, Indian politicians could have fewer reasons to worry about online critiques or mockery, because companies fearing prosecution will proactively delete speech that could potentially be designated "harassing" or "grossly harmful."

India is not China or Iran, however. Its politicians may be corrupt, and most of its voters may not understand why Internet freedom matters because they've never used the Internet. But it still has an independent press and boisterous civil society that are not going to give up their critiques and protests anytime soon. India also has a strong, independent judiciary, with a record of ruling against censorship and surveillance measures when a strong case can be made that they conflict with constitutional protections of individual rights. "On free speech I have high faith in the Indian judiciary," says Abraham. "There is a good chance to launch a constitutional challenge."

If Google and Facebook lose at their impending trial -- now scheduled for July -- they will most certainly appeal, which activists hope could provide just such an opportunity to prevent the sort of "behavior modification" process that Abraham warns against. Now India's burgeoning Internet freedom movement needs its own reverse "behavior modification" strategy -- imposing consistent and regular doses of political and legal ice water upon India's bureaucrats, politicians, and companies whenever they do things that threaten to corrode the rights of India's Internet users. Saturday's protest is just the beginning.

Sunil Abraham is quoted in this article. Read the original here

For more details visit https://cis-india.org/news/war-of-india-internet

Internet opens doors to trillions more Net addresses with IPv6

praskrishna — 2012-06-14T05:12:25Z

The global Internet industry reached a key milestone on June 6 when a group of Web sites, Internet service providers (ISPs) and router manufacturers banded together to participate in the World IPv6 Launch.

This blog post by Aaron Tan was published in techgoondu. Nishant Shah is quoted in this.

Google, Facebook and Yahoo have flipped the switch to the new Internet addressing system, while ISPs such as Japan’s KDDI and India’s HNS will permanently enable IPv6 for a significant portion of their residential wireline subscribers. Home networking equipment manufacturers will also turn on IPv6 by default in home router products.

The World IPv6 Launch was organised by the Internet Society as part of its mission to ensure that the Internet remains open and accessible for everyone, including five billion people who have yet to connect to the Internet.

“The support of IPv6 from these thousands of organizations delivers a critical message to the world: IPv6 is not just a ‘nice to have’; it is ready for business today and will very soon be a ‘must have’,” said Leslie Daigle, chief Internet technology officer of Internet Society in a statement Wednesday.

Last April, Asia-Pacific became the first region in the world to run out of IPv4 addresses. Europe will deplete its allocation of IPv4 addresses later this year, followed by the U.S. in 2013, and Latin America and Africa in 2014. With IPv6, the Internet can now support over 340 trillion, trillion, trillion addresses compared with 4.3 billion addresses for IPv4.

“Understanding the importance of IPv6, some governments in Asia Pacific have committed to enable IPv6 in their internal networks with set deadlines and, given that they run such large networks, having them on IPv6 is a big step in itself,” said Rajnesh Singh, regional director of the Internet Society’s Asia-Pacific bureau.

The Singapore Government, for instance, has spearheaded an initiative to make e-government services accessible via IPv6. The Infocomm Development Authority (IDA) has also started an IPv6 transition programme that offers grants and information for companies that intend to implement IPv6 on their networks.

With the launch of IPv6, consumers can expect to see applications and services that take advantage of IPv6′s features. Microsoft’s upcoming Windows 8 operating system will also favour IPv6 connectivity over IPv4.

According to Nishant Shah, research director at the Bangalore-based Centre for Internet and Society, IPv6 has an in-built security protocol called IPSec, which authenticates and secures all IP data. The data carrying capacity of IPv6 networks is also going to be higher.

“This means that more devices with more features will be able to work seamlessly through these networks. Despite the larger load of information, IPv6 packets are easier to handle and route, just like postcards with pincodes in their addresses are easier to deliver than those without”, Shah said in a joint statement with Tata Communications.

As an example, every aspect of the Beijing Olympics – from security surveillance to managing vehicles and media coverage – was done over IPv6. “The Chinese government, in fact, has already launched a ‘China Next Generation Internet’ project to build IPv6 networks which are going to radically change the face of high-speed internet in the country,” Shah revealed.

With all these benefits, why does IPv6 only command two percent of the world’s Internet traffic? Shah offers two clear reasons:

The first one is that of costs and infrastructure. The IPv6 platforms do not communicate easily with the IPv4 networks. We have the choice of a mammoth transition of all IPv4 websites and networks to new IPv6 protocols. This idea of abandoning IPv4 and moving to a new protocol is not only redundant; it is also futile, because IPv4 is already running the largest network in human history quite efficiently.

What we need are translators which will be able to speak to both the different versions and help our devices work through them seamlessly. Older, more successful technologies have been able to do this. So, television, for instance, whether it receives terrestrial data, satellite images or data transferred via cable, is able to translate and render them into images and sounds which we can consume with ease. However, the translators for the IPv4 – IPv6 are still expensive and we need more resources diverted towards making them affordable.

The second reason is linked to the first. In order for IPv6 to become popular, it needs a minimum threshold of service providers and users riding that network. As long as the deployment remains nascent, there will be no concentrated energy to actually try and make the bridges between versions 4 and 6. While global technology organisations like Tata Communications are ready for the transition, we are going to need a systemic change among all stakeholders to make IPv6 a reality, towards a faster, safer and more robust Internet.

For more details visit https://cis-india.org/news/internet-opens-doors-to-trillions-more-net-addresses

Anonymous India’s Takedowns Could Be Counterproductive

praskrishna — 2012-06-18T06:05:13Z

Nikhil Pahwa's blog post was published in Medianama on June 6, 2012.

As I write this, Anonymous India has apparently taken down MTNL’s website, citing the ISPs decision to block sites, without apparently being quite aware why it is doing that. Last night, the collective claimed to have taken down the website of the ISPAI, India’s ISP Association. Last Saturday, there were discussions on the groups IRC to take down the website for the Ministry of Company Affairs. So far, it has taken down websites for the Andhra Pradesh Power Generation Corporation Limited, All Indian Trinamool Congress (AITMC), as well as several websites related to the Mizoram government, apart from accessing and publishing server logs from Reliance Communications.

Anonymous India’s activities do help: they increase awareness of India’s war on the Internet, both by the government through legislation and censorship, and by movie producers and copyright owners through takedown notices and John Doe orders. There still remain citizens online who aren’t aware of why they aren’t able to access legitimate content – last night, someone from the books publishing industry asked me why she wasn’t able to access the video in this post on ‘Designing for the Future Book‘ on her Airtel connection. The video is hosted on Vimeo, which remains blocked in India. Now she knows why.

Anonymous India has also shed light on what all is being blocked by sharing what are allegedly Reliance Communications’ logs on blocks. These logs suggest that ISPs were going beyond the mandate given to them by the courts and the government. It’s also clear that ISPs aren’t protecting the rights of their customers, and are implementing blocks either in a ham-handed manner, or in a manner that suits them or their related companies. They are as much to blame as those getting the orders issued, and so there is undoubtedly some schadenfreude in seeing both government and ISP websites taken down by Anonymous India.

Still, you have to wonder about how the powers that be will react to this situation: no government will show that it is bucking under what it perceives to be cyber terrorism: it’s not just an ego thing; there is also a legitimate fear that if the government is seen as buckling under such attacks, it would lead to cyber attacks whenever there is something that warrants a protest. The attacks by Anonymous could be counterproductive for two other reasons: firstly, because the natural reaction to any kind of attack is to increase spending and changes in laws. While India is already spending on surveillance and identification, cyberattacks will justify these spends, make the case for more, and lead to more changes in government policy.

The second reason is that these attacks could lead to the undoing of a lot of work done by activists for Internet freedom. The Software Freedom Law Center, Centre For Internet and Society, Avaaz, Change.org, The Internet Democracy Project, and many many others have spent many months reaching out to and educating parliamentarians and the lawmakers of the country on issues related to the draconian IT Rules. The IT Rules have resulted in websites and ISPs censoring content online when they have been send unfair and flawed takedown notices, and they need to be changed. The cyberattacks could once again be used by the Home Ministry and those at CERT-IN to justify continuing with such draconian rules, and especially since many MP’s are not aware of the nuances of the potential for misuse; some MPs (I’ve observed) appear to be choosing to be on the fence on this, either on account of lack of interest or lack of depth of understanding.

Activities that bring more information on the blocks to light help strengthen the case for more specificity in court orders by highlighting misuse by copyright owners and ISPs, and also for modification in the IT Rules. Taking down sites weakens it.

Click to read the original here

For more details visit https://cis-india.org/news/anonymous-indias-takedowns-could-be-counterproductive

IPv6: The Transition Challenge

nishant — 2012-06-13T09:59:27Z

The future of our connected networks is Internet Protocol version 6 (IPv6). Not only is it more efficient and faster than IPv4 which we are currently working with, it is also more reliable and secure.

The IPv6, for instance, has an in-built security protocol called IPSec, which authenticates and secures all IP data. The data carrying capacity of IPv6 networks is also going to be higher. This means that more devices with more features will be able to work seamlessly through these networks. Despite the larger load of information, IPv6 packets are easier to handle and route, just like postcards with pincodes in their addresses are easier to deliver than those without.

We have already seen great examples of successful implementation during the 2008 Beijing Olympics. Every aspect from the security surveillance to managing vehicles and the coverage of the Olympic events was done over IPv6, including live streaming of the events over the Internet. The Chinese government, in fact, has already launched a ‘China Next Generation Internet’ (CNGI) project to build IPv6 networks which are going to radically change the face of high-speed internet in the country. With all these benefits available to us in this next generation protocol, the question that remains is why only a meagre 2% of the world’s internet traffic is conducted through it? Why haven’t more ISPs shifted to IPv6?

There are two very clear reasons. The first one is that of costs and infrastructure. The IPv6 platforms do not communicate easily with the IPv4 networks. We have the choice of a mammoth transition of all IPv4 websites and networks to new IPv6 protocols. This idea of abandoning IPv4 and moving to a new protocol is not only redundant; it is also futile, because IPv4 is already running the largest network in human history quite efficiently. What we need is translators which will be able to speak to both the different versions and help our devices work through them seamlessly. Older, more successful technologies have been able to do this. So, television, for instance, whether it receives terrestrial data, satellite images or data transferred via cable, is able to translate and render them into images and sounds which we can consume with ease. However, the translators for the IPv4 – IPv6 still expensive and we need more resources diverted towards making them affordable.

The second reason is linked to the first. In order for IPv6 to become popular, it needs a minimum threshold of service providers and users riding that network. As long as the deployment remains nascent, there will be no concentrated energy to actually try and make the bridges between versions 4 and 6. While global technology organisations like Tata Communications are ready for the transition, we are going to need a systemic change among all stakeholders to make IPv6 a reality, towards a faster, safer and more robust Internet.

This communique is brought to you by Tata Communications and the Centre for Internet and Society.

Nishant Shah is Director-Research at the Bangalore based Centre for Internet and Society.

If you would like any further information on IPv6 at Tata Communications, please reach out to: divya.anand@tatacommunications.com

The above blog post was reproduced in MIS Asia, CIO Asia, Computer World Singapore, and Computer World Malaysia.

For more details visit https://cis-india.org/internet-governance/ip-v-6-the-transition-challenge

All India Privacy Symposium (File)

praskrishna — 2012-04-30T05:13:14Z

This is the file of the event organised in Delhi in February 2012.

For more details visit https://cis-india.org/internet-governance/all-privacy-symposium.pdf

Views | Why the Left may for once be right

praskrishna — 2012-04-25T11:48:50Z

The article by Pramit Bhattacharya was published in LiveMint on April 23, 2012.

India’s information technology (IT) minister, Kapil Sibal appears to be running into rough weather over IT rules framed last year, which curb freedom of expression on the internet. The rules have incensed India’s growing blogging community and piqued at least a few of his fellow parliamentarians.

On the opening day of the upcoming parliamentary session on Tuesday, the Rajya Sabha is set to vote on an annulment motion against the IT rules, moved by P. Rajeeve of the Communist Party of India (Marxist), a rediff.com report said. Ironically, the party that still treats Stalin as a hero (quoting him unfailingly in its political resolutions) has become the first to stand up for internet freedom.
Rajeeve is of course not the only parliamentarian to take exception to the rules. Jayant Choudhry, a member of parliament (MP) from the Rashtriya Lok Dal, was the first to draw attention to the draconian rules late last year, and MPs from other regional parties such as the Samajwadi Party and the Asom Gana Parishad criticized the rules in a parliamentary discussion in December.

Two sets of rules, one governing cyber cafes and the other relating to intermediaries have attracted most criticism. The rules relating to intermediaries such as internet service providers, search engines or interactive websites such as Twitter and Facebook are the most disturbing. Intermediaries are required under the current rules to remove content that anyone objects to, within 36 hours of receiving the complaint, without allowing content creators any scope of defence.

The criteria for deciding objectionable content, laid down in the rules, are subjective and vague. For instance, intermediaries are mandated to remove among other things, ‘grossly harmful’ content, whatever that may mean.

This is a unique form of ‘private censorship’ that will endanger almost all online content. In this age of easily offended sensibilities, it is virtually impossible to write anything that does not “offend” anyone. For instance, even this piece may be termed ‘grossly harmful’ to the CPI(M) party.

However far-fetched this may sound, this has already become a reality. A researcher working with the Bangalore-based Centre for Internet and Society (CIS) tried out such a strategy with several different intermediaries, and was successful in six out of seven times, always with frivolous and flawed complaints, Pranesh Prakash of CIS wrote in a January blog-post. It has become much easier in India to ban an e-book than a book, Prakash pointed out.

The rules regulating cyber cafes are no better. Cyber cafes are required to keep a log detailing the identity of users and their internet usage, which has negative implications for privacy and personal safety of users, analysis of the rules by PRS legislative research said.

Internet freedom in India has declined over time and is only ‘partly free’, a 2011 report on internet freedom by US-based think tank, Freedom House said. India has joined a growing club of developing nations where, “internet freedom is increasingly undermined by legal harassment, opaque censorship procedures, or expanding surveillance,” the report noted.

The only saving grace is that some of the IT rules are drafted in a language so arcane that anyone will find it hard to decipher them, leave alone implementing them. Sample this: “The intermediary shall not knowingly deploy or install or modify the technical configuration of computer resource or become party to any such act which may change or has the potential to change the normal course of operation of the computer resource than what it is supposed to perform thereby circumventing any law for the time being in force: provided that the intermediary may develop, produce, distribute or employ technological means for the sole purpose of performing the acts of securing the computer resource and information contained therein.”

The first task at hand for Sibal may be to explain to fellow lawmakers what the above rule is supposed to mean, before he defends such rules.

Click for the original, Pranesh Prakash is quoted in this article.

For more details visit https://cis-india.org/news/left-may-for-once-be-right

The All India Privacy Symposium: Conference Report

natasha — 2012-04-30T05:16:41Z

Privacy India, the Centre for Internet and Society and Society in Action Group, with support from the International Development Research Centre, Privacy International and Commonwealth Human Rights Initiative had organised the All India Privacy Symposium at the India International Centre in New Delhi, on February 4, 2012. Natasha Vaz reports about the event.

The symposium was organized around five thematic panel discussions:
Panel 1: Privacy and Transparency
Panel 2: Privacy and E-Governance Initiatives
Panel 3: Privacy and National Security
Panel 4: Privacy and Banking
Panel 5: Privacy and Health

Introduction

Elonnai Hickok (Policy Advocate, Privacy India) introduced the objectives of Privacy India. The primary objectives were to raise national awareness about privacy, do an in-depth study of privacy in India and provide feedback on the proposed ‘Right to Privacy’ Bill. Privacy India has reviewed case laws, legislations, including the upcoming policy and conducted state-level privacy workshops and consultations across India in Kolkata, Bangalore, Ahmedabad, Guwahati, Chennai, and Mumbai. India like the rest of the world is answering some fundamental questions about the powers of the government and citizen’s rights and complications that arise from emerging technologies. Through our research we have come to understand that privacy varies across cultures and contexts, and there is no one concept of privacy but instead several distinct core notions that serve as complex duties, claims and obligations.

Privacy and Transparency

Panelists: Ponnurangam K, (Assistant Professor, IIIT New Delhi), ), Chitra Ahanthem (Journalist, Imphal), Nikhil Dey (Social & Political Activist), Deepak Maheshwari (Director, Corporate Affairs, Microsoft), Gus Hosein (Executive Director, Privacy International, UK), and Prashant Bhushan, (Senior Advocate, Supreme Court of India).
Moderator: Sunil Abraham (Executive Director, Centre for Internet and Society, Bangalore)
Poster: Srishti Goyal (Law Student, NUJS)

Srishti Goyal provided the general contours, privacy protections, limits to privacy and loopholes of policy relating to transparency and privacy, specifically analyzing the Right to Information Act, Public Interest Disclosures Act, and the Official Secrets Act.

Nikhil Dey commented on the interaction between the right to privacy and the right to information (RTI). He referred to Gopal Gandhi, the former Governor of West Bengal, “we must ensure that tools like the UID must help the citizen watch every move of government; not allow the government watch every move of the citizen.” Currently, the RTI and the UID stand on contrary sides of the information debate. A privacy law could allow for a backdoor to curb RTI. So, utmost care has to be taken while drafting legislation with respect to right to privacy.

Data and information has leaked furiously in India and it has leaked to the powerful. A person who is in a position of power can access private information irrespective of any laws in place to safeguard privacy. It is necessary to look at the power dynamics, which exists in the society before formulating legislation on right to privacy. According to Nikhil Dey, there should be different standards of privacy with respect to public servants. A citizen should be entitled to information related to funds, functions and functionaries. The main problem arises while defining the private space of a public servant or functionaries.

The RTI Act has failed to address the legal protection for the right to privacy. Perhaps, rules regarding privacy can be added to the Act. It can be defined by answering the questions: (i) what is ‘personal information’? (ii) what is it’s relation to public activity or public interest? (iii) what is the unwarranted invasion of the privacy of an individual? and (iv) what is the larger public good? Expanding on these four points can provide greater legal protection for the right to privacy.

Gus Hosein described the intersection and interaction of the right to information and the right to privacy. He referred to a petition filed by Privacy International requesting information on the expenses of members of parliament. Privacy and transparency of the government are compatible in the public interest. Gross abuse of the public funds by MPs was revealed by this particular petition such as pornography or cleaning of moats of MPs homes. Privacy advocates are supporters of RTI, however, it cannot be denied that there is no tension between transparency and privacy. In order chalk out the differences, there is a need of a legal framework. According to Gus Hosein, in many countries the government office that deals with right to information also deals with cases related to right to privacy.

Mumbai and New Delhi police have started using social media very aggressively, encouraging citizens to take photographs of traffic violations and upload them to Facebook or Twitter. In reference to this, Ponnurangam described the perceptions of privacy and if it agreed or conflicted with his research findings. Ponnurangam has empirically explored the awareness and perspective of privacy in India with respect to other countries. He conducted a privacy survey in Hyderabad, Chennai and Mumbai. People are very comfortable in posting pictures of others committing a traffic violation or running a red light. Ironically, many people have posted pictures of police officers committing a traffic violation such as not wearing a helmet or running a red light.

Chitra Ahanthem described the barriers and challenges of using RTI in Manipur. There are more than 40 armed militia groups, which are banned by the central and state government. The central government provides economic packages for the development of the north-east region. However, the state government officials and armed groups pocket the economic packages. These armed groups have imposed a ban on RTI. Furthermore, Manipur is a very small community. If people try and access information through RTI they risk getting threatened by the Panchayat members and being ostracized from the community or their clan.

People are apprehensive about filing RTI because they believe that these procedures are costly and the police and government may also get involved. Officials use the privacy plea to avoid giving out information. Since certain information are private and not in the public domain, government officials, use the defense of privacy to hide information. In addition, the police brutality prevalent in the area deters people to even have interactions with government officials.

According to Deepak Maheshwari, the open data initiative is a subset within the larger context of open information. There is an onus on the government to publish information, which is in the public domain. As a result, one does not necessarily have to go through the entire process of filing an RTI to get information, which is already there in the public domain. Moreover, if it is freely available in public domain, then one can anonymously access such information; this further strengthens the privacy aspects of requesting information and facilitating anonymity with respect to access to such information in the public domain. It has also to be noted that it is not sufficient to put data out in the public domain but it should also disclose the basis of the data for example, if there is representation of a data on a pie chart, the data which was used to arrive at the pie chart should also be available in the public domain. The main intention of releasing data to the public domain or having open data standards should not only be to provide access to such data but also should be in such a fashion so as to enable people to use the data for multiple purposes.

Prashant Bhushan noted that one of the grounds for withholding information in the RTI Act is privacy. An RTI officer can disclose personal information if he feels that larger public interest warrants the disclosure, even if it is personal information, which has no relationship to public activity or interest. This raises the important question, “what constitutes personal information?” He referred to the Radia Tapes controversy. Ratan Tata has filed a petition in the Supreme Court on the grounds that the Nira Radia tapes contained personal information and that the release of these tapes into the public domain violated his privacy. The Centre for Public Interest Litigation has filed a counter petition on the grounds that the nature of the conversations was not personal but in relation to public activity. They were between a lobbyist and bureaucrats, journalists and ministers. Prashant Bhushan stressed the importance of releasing these tapes into the public domain to show glimpses of all kinds of fixing, deal-making and show how the whole ruling establishment functions. It is absurd for Ratan Tata to claim that this is an invasion of privacy. Lastly, he felt when drafting a privacy law, clearly defining and distinguishing personal information and public is extremely important.

One of the interesting comments made during the panel was on the assumption that data is transparent. Transparency can be staged; questions have to be asked around whether the word is itself transparent.

Privacy and E-Governance Initiatives

Panelists: Anant Maringanti, (Independent Social Researcher), Usha Ramanathan, (Advocate & Social Activist), Gus Hosein, (Executive Director, Privacy International, UK), Apar Gupta, (Advocate, Supreme Court of India), and Elida Kristine Undrum Jacobsen (Doctoral Researcher, The Peace Research Institute Oslo).
Moderator: Sudhir Krishnaswamy (Centre for Law and Policy Research)
Poster: Adrija Das (Law Student, NUJS)

Adrija Das discussed the legal provision relating to identity projects and e-governance initiatives in India. The objective of any e-governance project is to increase efficiency and accessibility of public services. However, a major problem that arises is the linkage of the data results in the creation of a central database, accessible by every department of the government. Furthermore, implementing data protection and security standards are very expensive.

Sudhir Krishnaswamy highlighted the default assumptions surrounding e-governance initiatives: e-governance initiatives solve governance problems, increase efficiency, increase transparency and increase accountability. It is important to analyze the problems that arise from e-governance initiatives, such as privacy.

Usha Ramanathan described the increased number and vastness of e-governance initiatives such as UID, NPR, IT Rules and NATGRID. There are also many burdens on privacy that emanate from the introduction and existence of electronic data management systems. Electronic data management systems have allowed state to collect, store and use personal information of individual. Currently, the DNA Profiling Bill is pending before the Parliament. It is important to question the purpose and need for the government to collect such personal information. It is also to be noted that, there are certain laws such as Collection of Statistics Act, 2008 that penalize individuals if they do not comply with the information requests of the government.

Anant Maringanti discussed the limitations of data sharing that once existed. Currently, data can move across space in a very short time. He analyzed the state and market rationalities involved in e-governance initiatives, which raise the question “who can access data and at what price?”. Data may seem to be innocent or neutral, but data in the hands of wrong people becomes very crucial due to abuse and misuse. For example, Andhra Pradesh was praised as the model state for UID implementation. However, during the process of collecting data for UID a company bought personal information and sold the data to third parties.

Apar Gupta discussed the dilemmas of e-governance. Generally information in the form of an electronic record is presumed to be authentic. The data which government collects is most often inaccurate and wrong. So the digital identity of a person can be totally different from the real identity of that particular person. The process for correcting such information is also very inconvenient and sometimes impossible.
Under the evidence law any electronic evidence is presumed to be authentic and admissible as evidence. The Bombay High Court decided a case involving the authenticity of a telephone bill generated by a machine. The judgment said that since it is being generated by a machine, through and automated process, there is no need to challenge the authenticity of the document, it is presumed to true and authentic. The main danger in such case is that one does away with the process of law and attaches certain sanctity to the electronic record and evidence.

It should be also observed that how government maintains secrecy as to the ways in which it collects data. For example, the Election Commission has refused to disclose the functioning and design of electronic voting machines. The reason given for such secrecy is that if such information is put in the public domain then the electronic voting machines will be vulnerable and can be tampered with. But we, who use the voting machines, will never find out its vulnerabilities.

According to Gus Hosein, politicians generally have this wrong notion that technology can solve complex administrative problems. Furthermore, the industry is complicit; they indulge in anti-competitive market practice to sell these technologies as a solution to problems. However, such technology does not solve any problems rather it gives rise to problems.

Huge amount of government funds is associated with collection of personal data but such data is rendered useless or rather misused, because the government does not have clue as to how to use the data for development and security purposes. The UK National Health Records project estimated to cost around twelve to twenty billion pounds. However, a survey carried out by a professor in University College London showed that the hospital and other health institutions do not use the information collected by the National Health Records. Similarly, the UK Identity Card scheme was estimated to cost 1.3 billion pounds and finally it was estimated to cost five billion pounds. The identity cards are rendered obsolete, the sole department interested in the identity card was the Home Office Department, no other department intended on using it.

Technology should be built in such a manner that it empowers the individual. Technology should allow the individual to control his identity and as well as access all kinds of information available to the government and private bodies on that individual.

According to Elida Kristine Undrum Jacobsen, technology is regarded in this linear manner. It is increasingly being naturalized and as an all-encompassing solution. The use of biometric systems in the UID raises three areas of concern: power, value and social relationships.

With regards to power, there is a difference between providing documentation and information for identification. However, problems arise when the mode of identification becomes one’s body. It also leads to absolute reliance on technology, if the machine says that this is an individual’s identity then it is considered to be the absolute truth and it does not matter even if the individual is someone else. It becomes furthermore problematic with biometric system because it is generally used for forensic purposes.

The other component of UID or any national identification scheme is the question of consent and its relationship to privacy. In the case of UID project, people are totally unaware about how their information will be used and what purposes can it be used or misused for. Therefore, there is no informed consent when it comes to collection of biometric data under the UID project.

On the issue of social value it is to be noted that the value of efficiency becomes the most important value, which is valued. Many of the UIDAI documents state that the UID will provide a transactional identity. However, at the same time it takes away societal layers, which is inherently part of one’s identity. In addition, it makes it possible for the identity of a person to become a commodity to be sold. This also means that the personal information has economic value and players in the market such as insurance companies, banks can buy and sell the information.

When there is identification projects using biometrics it gives the State a lot of power; the power to determine and dictate one’s identity irrespective of the difference in real identity. Moreover, when such identifications projects are carried out at a national level it also gives rise to problem related to exclusion and inclusion of people or various purposes. The classification of the society based on various factors becomes easy and there is a huge risk involved with such classification.

The issues, which came out from the Q&A session, were:

The interplay between fairness and lawfulness in the context of privacy and data collection. There has to be a question asked as to why certain information is required by the State and how is it lawful.
In the neo-liberal era corporations are generally considered to be private. This has to be questioned and furthermore the difference between what is private and what is public. There are also concerns about corporations increasingly collaborating with the State. Can it be still considered as private?

Privacy and National Security

Panelists: PK Hormis Tharakan (Former Chief of Research and Analysis Wing, Government of India), Saikat Datta (Journalist), Menaka Guruswamy, (Advocate, Supreme Court, New Delhi), Prasanth Sugathan, (Legal Counsel, Software Freedom Law Center), and Oxblood Ruffin, (Cult of the Dead Cow Security and Publishing Collective).
Moderator: Danish Sheikh (Alternative Law Forum)
Poster: Suchitra Menon (Law Student, NUJS)

Suchitra Menon discussed the legal provisions for national security in relation to privacy. Specifically, she described the guidelines and procedural safeguards with respect to phone tapping and interception of communication decisional jurisprudence.

In the year 2000, the Information Technology Act (IT Act), 2000 was enacted, this Act had under section 69 allowed the State to monitor and intercept information through intermediaries. Prasanth Sugathan described how the government has been trying to bypass the procedural safeguard laid down by the Supreme Court in the PUCL case by using Section 28 of the IT Act, 2000. The provision deals with certifying authority for digital signatures. The certifying authority under the Act also has the authority to investigate offences under the Act. The provision mainly deals with digital signature but it is used by the government to intercept communication without implementing the procedural safeguards laid down for such interception. Furthermore, the IT Rules which was notified by the government in April, 2007 allows the government to intercept any communication with the help of the intermediaries. The 2008 amendment to the IT Act was an after effect of the 26/11 attacks in Mumbai. The legislation has become draconian since then and privacy has been sacrificed to meet the ends of national security.

Oxblood Ruffin read out his speech and the same is reproduced below.

“The online citizenry of any country is part of its national security infrastructure. And the extent to which individual privacy rights are protected will determine whether democracy continues to succeed, or inches towards tyranny. The challenge then is to balance the legitimate needs of the state to secure its sovereignty with protecting its most valuable asset: The citizen.

It has become trite to say that 9/11 changed everything. Yet it is as true for the West as it is for the global South. 9/11 kick started the downward spiral of individual privacy rights across the entire internet. It also ushered in a false dichotomy of choice, that in choosing between security and privacy, it was privacy that had adapted to the new realities, or so we’ve been told.

Let’s examine some of the fallacies of this argument.

The false equation which many argue is that we must give up privacy to ensure security. But no one argues the opposite. We needn’t balance the costs of surveillance over privacy, because rarely banning a security measure protects privacy. Rather, protecting privacy typically means that government surveillance must be subjected to judicial oversight and justification of the need to surveillance. In most cases privacy protection will not diminish the state’s effectiveness to secure itself.

The deference argument is that security advocates insist that the courts should defer to elected officials when evaluating security measures. But when the judiciary weighs privacy against surveillance, privacy almost always loses. Unless the security measures are explored for efficacy they will win every time, especially when the word terrorism is invoked. The courts must take on a more active role to balance the interests of the state and its citizens.

For the war time argument security proponents argue that the war on terror requires greater security and less privacy. But this argument is backwards. During times of crisis the temptation is to make unnecessary sacrifices in the name of security. In the United States, for example, we saw that Japanese-American internment and the McCarthy-era witch-hunt for communists was in vain. The greatest challenge for safeguarding privacy comes during times when we are least inclined to protect it. We must be willing to be coldly rational and not emotional during such times.

We are often told that if you have nothing to hide, you have nothing to fear. This is the most pervasive argument the average person hears. But isn’t privacy a little like being naked? We might not be ashamed of our bodies but we don’t walk around naked. Being online isn’t so different. Our virtual selves should be as covered as our real selves. It’s a form of personal sovereignty. Being seen should require our consent, just as in the real world. The state has no business taking up the role of Peeping Tom.

I firmly believe that the state has a right and a duty to secure itself. And I equally believe that its citizens are entitled to those same rights. Citizens are part of the national security infrastructure. They conduct business; they share information; they are the benefactors of democratic values. Privacy rights are what, amongst others, separate us from the rule of tyrants. To protect them is to protect and preserve democracy. It is a fight worth dying for, as so many have done before us.

PK Hormis Tharakan discussed the importance of interception communication in intelligence gathering. In the western liberal democracies, restrictions of privacy were introduced for the anti-terrorism campaigns and these measures are far restrictive than what the Indian legislations contemplate. Preventive intelligence is a major component in maintenance of national security and this intelligence is generated and can be procured through interception.

We do need laws to make sure that the power of interception is not excessive or out of proportion. But the graver issue is that the equipment used for interception of communication is freely available in the market at a cheap price. This allows private citizens also to snoop into others conversation. So, interception by civilians should be the main concern.

Menaka Guruswamy discussed the lack of regulation of Indian intelligence agencies that creates burdens on privacy. When there is a conflict between individual privacy and national security, the court will always rule in favour of the national security. Public interest always takes precedence over individual interest.

When there is a claim right to privacy vis-à-vis national security, generally these claims are characterized by dissent, chilling effects on freedom of expression and government accountability. In India, privacy is fragile and relatively a less justifiable right. Another challenge to privacy is that, when communication is intercepted, which part of the conversation can be considered to be private and which part cannot be considered so.

Saikat Datta described his experience of being under illegal surveillance by an unauthorized intelligence agency. When a person is under surveillance, he or she is already considered to be suspect. If the State commits any mistake as to surveillance, carrying surveillance, who is not at all a person of interest in such case upon discovery, there is no penalty for such discrepancy.
He warned of the dangers of excessive wiretapping, a practice that currently generates such a “mountain” of information that anything with real intelligence value tends to be ignored until it is too late, as happened with the Mumbai bombings in 2008. It is clear that the Indian government’s surveillance and interception programmes far exceed what is necessary for legitimate law enforcement.

The issues, which came during the Q&A session was:

In case of national security vis-à-vis privacy in heavily militarized zone, legislations such as Armed Forces Special Powers Act actually give authority to the army to search and seizure on mere suspicion? This amounts gross violation of privacy.

Privacy and Banking

Panelists: M R Umarji, (Chief Legal Advisor, Indian Banks Associations), N A Vijayashankar, (Cyber Law Expert), Malavika Jayaram, (Advocate, Bangalore)
Moderator: Prashant Iyengar (Associate Professor, Jindal Law University)
Poster: Malavika Chandu (Law Student, NUJS)

Prashant Iyengar highlighted how privacy has been a central feature in banking and finance. Even before the notion of privacy came into existence, banks had developed an evolved notion of secrecy and confidentiality, which was fairly robust. Every legislation dealing with banking and finance generally have a clause related to privacy and confidentiality. It might seem that it would be easy to implement privacy in banking and finance given the long relationship between banking and secrecy and confidentiality. However, this is not the case in the contemporary times. Specifically, with the growth in issues related to national security, transparency and technology, the highly regarded notion of privacy seems to be slowly depleting.

Malavika Chandu described the data protection standards that govern the banking industry. As part of the know-you-customer guidelines, banks are required to provide the Reserve Bank with customer profiles and other identification information. Lastly, she described case laws in relation to privacy with respect to financial records.

N A Vijayashankar noted that the confidentiality and secrecy practices in the banking sector emanate from the banker-customer relationship. In the present context, secrecy and privacy maintained by the banks should be analyzed from the perspective of the right of the customer to safeguard his or her information from any third party. Generally, banks and other financial institutions protect personal information as a fraud control measure and not as duty to protect the privacy of a customer.

There has been a paradigm shift in banking practices from traditional banking practices to more efficient but less secure banking practice. Some of the terms and conditions of internet banking are illegal and do not stand the test of law. In contemporary times, banking institutions use confidentiality to cover up problems and data breach rather than protecting the customer. But the banks are not ready to disclose data breach as it apprehends that it will result in public losing faith in the system. The Reserve Bank of India, has recently notified that protection which is provided to the customers in banking services should also be extended to e-banking services. However, the banks have not properly implemented this.

M R Umarji highlighted fourteen laws related to banking which carries confidentiality clauses. In India, public sector banks dominate the market. These banks are created under a statute and such statute governs them. Therefore, they are duty bound to maintain secrecy and confidentiality. Private banks and cooperative banks are not bound by any statute. They do not have any obligations to maintain secrecy, but they do strictly observe confidentiality as a form of banking practice.

Banks are not allowed to reveal any personal information of an individual unless it is sought by some authority that has a legitimate right to claim such information. There has been a constant erosion of confidentiality due to various laws which empowers authorities to seek confidential information from the banks. Recently, in the light of the growing national security concerns, banks also have an obligation to report suspicious transactions. These have caused heavy burdens on right to privacy of an individual.

Under the Right to Information Act, 2005 public sector banks are considered to be public authorities. By the virtue of the Statute, any person can access information from banks. For example, in a recent case an information officer directed Reserve Bank of India, to disclose Inspection Reports. These reports generally contain information regarding doubtful accounts, non-performing account, etc. There is a need that banks should be exempted from the Right to Information Act, 2005. Since they are not dealing with public funds there is no need to apply transparency law to the banks.

Malavika Jayaram described the major conflicts and tensions with respect to privacy vis-à-vis banking and financial systems and financial data. Other privacy and transparency issues include: the publication of online tax information and income data.

Surveillance is built in the design of banking system, so it is capable of tracking personal information and activity. There is a need to implement more privacy friendly and privacy by design systems in the banking sector. Customers are generally ignorant about privacy policies and this influences informed consent and furthermore marketing institution may influence customers to behave in a particular manner. In this context privacy by design becomes very important.

Data minimization principles should be applied; since the more data collected the more there is a risk of data breach and misuse. In case of data retention it is necessary that person giving such data should know how much proportion of the data is being retained and for how long it is stored and also what is the scope of the data and for what purpose will it be used.

Personal information and data, which was previously collected by the government, are gradually being outsourced to private bodies. On one hand it is a good thing that private sector get their technology and security measures right as compared to the government agencies but it comes with the risk that it can be sold out by private bodies as commodities in the market. Private bodies that are harvesting the data can also be forced by the government to disclose it under a particular law or statute without taking into consideration the consent of the individual whose personal information is sought for.

There is multiplicity of documentation for identification, which makes transactions less efficient. This has attracted customers to more convenient systems such as one-access point systems, but people tend to forget the issues related to privacy, in using such a system. What is portrayed as efficient for the consumer is a tool for social control and who has access and authority to use such information.

Often the reason given for collecting information is that it will help the service provider to combat fraud. However, studies have shown people more often fake situation rather than identity. The other concerns are that of sharing of information and lack of choice with respect to such sharing. There should be check as to sharing of personal information as the data belongs to the individual and not the bank or any other institution which requires furnishing personal information in lieu of services. This gives rise to a binary choice to the user; either the individual has to provide information to avail the service or else one cannot avail the services.

There is supposed to be market for privacy. The notion of personal information is subjective and varies from person to person. For example, one might be comfortable to share certain information. However, others might not be.

The issues that came out of the Q&A sessions are:

The default settings are generally put at the low protection settings. Unless the user is aware of the privacy protection setting, he or she is prone to breach of privacy. Should the default privacy setting be set to maximum security and option can be given to the user to change it according to his or her preference?
Is there any system in the banks, which allows the customers of bank to know about which all third parties the bank has shared his or her personal information with?

Health Privacy

Panelists: K. K. Abraham, (President, Indian Network for People with HIV), Dr. B. S. Bedi, (Advisor, CDAC & Media Lab Asia), and Raman Chawla, (Senior Advocacy Officer, Lawyers Collective).
Moderator: Ashok Row Kavi (Journalist and LGBT Activist)
Poster: Danish Sheikh (Researcher, Alternative Law Forum)

Danish Sheikh outlined the possible health privacy violations. These included the disclosure of personal health information to third parties without consent, inadequate notification to a patient of a data breach, the purpose of collecting data is not specified and improper security standards, storage and disposal. The disclosure of personal health information has the potential to be embarrassing, stigmatizing or discriminatory.

Subsequently, Danish Sheikh examined the status of sexual minorities’ vis-à-vis the privacy framework. Culling out some real life examples based on various studies, media reports and judgments from the Supreme Court and the High Courts of Delhi and Allahabad, he also described privacy violations committed by both individuals as well as state authorities.

Ashok Row Kavi recounted how privacy was very contextual when debating section 377 in the LGBT community. The paradigm upon which they were going to fight the anti-sodomy law was that it was consenting sex between two adults in private space. However, this paradigm was not well received by women, as women did not see private space as safe space, due to domestic violence. Perceptions of privacy are very subjective and it differs from person to person.

Raman Chawla recounted the history of the Draft HIV/AIDS Bill. In 2002, the need for law related to HIV/AIDS was realized in order to protect right to consent, right against discrimination and right to confidentiality of HIV patients. The bill was finalized in the year 2006. Alarmingly, it is yet to be tabled before the Parliament.

The privacy provisions in the HIV bill clearly state that no person can be tested, treated or researched for HIV without the consent of the patient. It also casts that in a fiduciary relationship the health care provider must maintain confidentiality, however if the patient provides written consent then their status may be disclosed. The HIV condition of the patient can also revealed by the doctor if there is a court order demanding such disclosure. The doctor may disclose the status of the patient to his or her partner but he has to follow a particular protocol. The doctor should have sufficient belief that his or her partner is at risk of contracting HIV. The person who is infected will be asked for his/her views and counseled before his/her partner is informed. However, there are doubts as to the implementation and enforcement of this protocol.

Conclusion

Natasha Vaz (Policy Advocate, Privacy India) brought the symposium to a close by thanking the partners, the panelists, the moderators and the participants for their sincere efforts in making the All India Privacy Symposium a grand success. In India, a public discussion regarding privacy has been long over due. The symposium provided a platform for dialogue and building greater awareness around privacy issues in health, banking, national security, transparency and e-governance. Using our research, expert opinions, personal experiences, questions and comments various facets of privacy were explored.

Press Coverage

The event was featured in the media as well:

India needs an independent privacy law, says NGO Privacy India, Economic Times, February 2, 2012
New Bill to decide on individual’s right to privacy, Tehelka, February 6, 2012
Lack of strong privacy law in healthcare a big worry, Daily News & Analysis, February 13, 2012
Privacy concerns grow in India, Washington Post, February 3, 2012

Click to download the Agenda and Profile of Speakers (PDF, 1642 Kb)

Download the PDF (555 Kb)
Follow the webcast of the event

For more details visit https://cis-india.org/internet-governance/all-india-privacy-delhi-report

The High Level Privacy Conclave — Conference Report

natasha — 2012-04-30T09:46:12Z

Privacy India, the Centre for Internet and Society and the Society in Action Group, with support from IDRC and Privacy International, have spent 18 months studying the state of privacy in India, and conducting consultations across India in Kolkata, Bangalore, Ahmedabad, Guwahati, Chennai, and Mumbai. On February 3, 2012, a high-level conclave was held in New Delhi with representatives from government, industry, media, and civil society participating in the event. At the conclave the discussions were focused on Internet Privacy, National Security & Privacy, and the future of Privacy in India.

Rajan Gandhi, CEO, Society in Action Group, opened the conference with an explanation of the mandate of Privacy India, which is to raise awareness, spark civil action, and promote democratic dialogue around privacy challenges and violations in India. He raised the question of whether Indians are concerned about privacy, while citing examples of banking institutions and telecom service providers, who ask for information more than required, such as marital status, financial status, etc. Lastly, he stressed the need for legislation and awareness about right to privacy.

Panel 1: National Security and Privacy

Malavika Jayaram (Advocate, Bangalore) moderated the first panel discussion on “National Security and Privacy”. The panel comprised of Manish Tewari (Member of Parliament, Ludhiana), PK Hormis Tharakan (Former Chief of Research and Analysis Wing, Government of India), Gus Hosein (Executive Director, Privacy International, UK), Vakul Sharma (Advocate, Supreme Court), Eric King (Human Rights and Technology Advisor, Privacy International, UK), Amol Sharma (Journalist, Wall Street Journal).

Malavika Jayaram started the discussion by posing the question as to what in their view is ‘national security’ and when can it be cited by the government to intrude upon our privacy? In response, the panel gave multiple views while agreeing that it is an abstract term. Gus Hosein, in response said that national security does not only mean protecting the national border of a nation, but also protecting the rights of the citizen. He also noted that national security is always implemented in a top-down manner. Thus, unfortunately national security has become the stick, which is used to beat down on people’s right.
PK Hormis Tharakan defined national security as the security of people and property. National security includes all the efforts of the government to raise poor above the poverty line. He also stated that anything that hinders the process of alleviating poverty is a matter of ‘national security’.

Manish Tewari stated that there is a need for legislation to address the various issues of violation of privacy. Specifically, he addressed the need of an independent oversight committee to put a check on the unrestricted powers of the law enforcement and intelligence agencies and the practice of intercepting communications on the grounds of national security. He pointed out that the rules, formulated by the Supreme Court in PUCL v. Union of India on interception of communication, are rarely implemented, and the guidelines are implemented more as an exception rather than a rule. The interception of communication by intelligence agencies should be regulated for a larger national interest.

Manish Tewari also observed that there is a nationwide lack of understanding about new technologies and judges are very rarely technologically literate. This has created a situation in which the government's efforts to fight crime and terrorism by intercepting communications has horribly backfired. By building backdoors into communications systems to allow lawful access, and by restricting cryptography to a 40-bit limit, the authorities have created serious vulnerabilities in India's communications system that can be easily exploited by any malicious third party or foreign government.

Privacy Protection

The panel discussion then moved on to the various tools for protecting privacy such data encryption. Amol Sharma referred to the process followed in the USA for interception of communication. Surveillance in the United States can be carried out by government agencies only on the basis of a court order or a warrant. He noted that in the US regime there is at least an independent body that gives orders of interception of communication. In comparison, in India, the power to authorize wiretaps lies with the government.

Amol Sharma also pointed out that, there are at least 5000-7000 interception requests from the government, out of which only three to five per cent requests for interception of communication are for white-collar crime. He cited the example of the government asking Research in Motion to provide their encryption keys and also provide a room in their offices for the purpose of interception of communication. He stated that he was very skeptic that terrorists will be using Blackberry services for communication, considering that there are many more convenient and untraceable means available to them such as Skype. He asserted that there is need of legislation for regulation and restricting invasion of privacy. He said, “National security is not a free ticket for any kind of wiretap”.

Concerns about Third Party Intrusion

Eric King noted that national security exists so that individuals can protect themselves from any kind of intrusion. Interception of communication is not only limited to government, equipment for interception of mobile phone calls are easily available and also affordable. So any individual can intercept calls. The notion that interception is only limited to the state is not true, it can be carried out by individuals as well. Heavily criticizing the restriction on encryption in India, he said that the people should be given the power to protect their own privacy. He also harped on the possibility that not only citizens are at risk also government high officials and military personnel can be targeted due to the low level of encryption.

Contributing to the conversation, Manish Tewari pointed out that while trying to intercept the mobile phone calls of an individual, the State could listen in to anyone’s conversation within the vicinity; hence there are gross privacy violations.

Gus Hosein added that the problem lies at a more basic level. Governments generally order telecom companies to build back door for the purposes of interception. These vulnerabilities in the system are not only used by the government, but also may be misused by third parties. He cited an incident in Greece, where the government asked a telecom service provider to build backdoors into the system. A third party was able to access the back door, during the Athens Olympics, when security was of utmost importance. He also said, “If you build a system that allows the state to listen in to communications, you build national security vulnerability”. This was followed by a Question & Answer session. The issues raised during the Q&A session were:

Nature of consent given by the user to the telecom service provider. Taking into consideration that service providers have a duty to disclose the user data to the government on request. A situation which gives rise to a binary choice, either use the services or do not use it at all.
At the wake of breaches in cyber-security, the use of general consumer e-mails by high government officials causes serious threat to nation’s security.
Lack of technical know-how among the government officials.
If government is inept in handling technology, then are there any concerns about public private partnership and outsourcing of governmental duties. (For example, UID).
Collection and collation of information by organizations such as NATGRID. Are they vulnerable to misuse?

In the concluding statement of the first panel discussion, Gus Hosein, made the argument that there cannot be a balance between right to privacy and national security, as the former is an individual right and the latter a community right. Community interest will always take precedence over individual right. National security is always the excuse given by government for invading individual privacy.

Panel 2: Internet and Privacy

Sunil Abraham (Executive Director, The Centre for Internet and Society, Bangalore) moderated the second panel discussion on “Internet and Privacy”. The panel comprised of Deepak Maheshwari (Director, Corporate Affairs, Microsoft), Amitabh Das (General Counsel, Yahoo! India), Ramanjit Singh Chima (Sr. Policy Analyst, Google), Talish Ray (Board Member, Software Freedom Law Center), and Vinayak Godse (Director- Data Protection, DSCI).

Defining Privacy

Sunil Abraham asked the panel questions with respect to defining privacy in the context of physical privacy and spatial privacy. In response, Amitabh Das said that the right to privacy of individuals should be protected in a similar fashion online, as it is protected offline. Referring to safeguards under PUCL v. Union of India (SC, 1996), he observed that communication and behavior on the Internet should be free from monitoring and interception. The procedural safeguards offline should be also present online.

Key Escrow Regime

Deepak Maheshwari talked about the inconsistencies in the encryption standards in India. For example, in case of ISP licensees, there is a 40-bit restriction (symmetric key). In case of adopting higher-level encryption, the ISP has to take permission from the government and deposit both the keys to the government.

He also pointed that online railway ticket booking services use 128-bit encryption. RBI mandates 128-bit encryption for online banking transaction. SBI recommends 64-128 bit encryption. The multiple regulations make it impossible to abide by the rules.

Anonymity and Pseudonymity

Sunil Abraham, while setting the context to India, where the government has taken stringent measures to cut down on anonymity and pseudonymity, asked the question whether such a step is welcomed by the internet users as well as intermediaries. Ramanjit Singh Chima, in reply said that for any business, it is necessary to give what the user wants. Real identity provides a better platform for discussion. He also discussed the choices provided by Google, mainly search without login, encrypted searches so it gives the user to be anonymous. He also noted that there are legal as well as technical restraints as to anonymity on the Internet. He also cited the example of Korea, where the government mandated real name verification process for posting comments on the Internet. Google was not able to comply with this request and had to disable comment section in Korea.

Data Privacy

Vinayak Godse analyzed the issue of data privacy in detail. He stressed upon the need of data privacy law in the country for the outsourcing industries. The European Union (EU) data protection laws govern most of the clients of firms that outsource. EU considers India is not a data safe country due to lack of data privacy legislation. He suggested that the data privacy law should be pragmatic, light touch and should allow industry self-regulation.

Conclusion

The High Level Privacy Conclave discussed various issues related to Internet and privacy and national security and privacy. The various concerns raised by the stakeholders were helpful in understanding the problems related to privacy. The main concerns raised by the first panel were about the interaction and relation of national security to privacy. The major concerns around national security and privacy were of data encryption vis-à-vis surveillance by the State and third party intrusion. There was also an attempt made to understand and define national security in the context of its ambit and when can it be used by the State to access private information. The second panel discussed various aspects of privacy on the Internet. The panel included discussions on anonymity and data privacy on the Internet.

We thank the moderators, panelists and participants for making High Level Privacy a constructive and a fruitful session on privacy and it also gave us insight to understand the problems related privacy and a way forward for possible solutions.

Download the PDF (195 Kb)

Click for the agenda and speakers profile.

For more details visit https://cis-india.org/internet-governance/high-level-privacy-report

Two Tales of Transparency!

sunil — 2012-04-11T12:09:01Z

In a single week, two global Internet giants announce transparency efforts that have direct implications for privacy and free speech.

One, Google replaces 60 odd privacy policies with a single one across its products apparently to provide a unified experience for consumers, advertisers and law enforcement agencies. Google says that it is trying to make its privacy policy more accessible and transparent to its users and that nothing has changed. This is indeed true, as the respective privacy policies were modified when Google acquired these products. Google spent USD 1.9 billion acquiring 79 companies in 2011. This year's company filings state "we expect our current pace of acquisitions to continue.” Their multi-year acquisition spree has spawned 60 odd products that collect personal information. And beyond Google core offerings like Search, News, YouTube and Orkut – their advertising networks Adsense and Double Click keep tabs on you as you visit millions of other websites. This advertiser cum share-holder sweet spot has been created by centrally storing 9 months of comprehensive logs tied to IP address and other device details for all accounts. A blanket surveillance dream-come-true for rogue state actors. Even in most democratic regimes this far exceeds legally mandated data retention requirements. Fans will point out that Google's transparency record on user information requests, data retention and data portability is unmatched across the industry. But that is just saying that you are less evil than Microsoft and Facebook. In June 2007, Google reduced data retention from 24 to 18 months and in a letter to the European Commission privacy regulators it said “we ... firmly reject any suggestions that we could meet our legitimate interests in security, innovation and anti-fraud efforts with any retention period shorter than 18 months.” But come August 2008, Google reduces data retention from 18 months to 9 months in what it called an attempt to address regulatory concerns. Like Europeans, Indian citizens could also benefit if our law makers were to enact horizontal privacy statute and establish the office of the privacy commissioner. In an ideal world, a pro-consumer or pro-citizen Indian privacy commissioner would create evidence based policy and reduce data retention to say 6 weeks. If unfortunately, we go by the precedent set by multi-tiered blanket surveillance provisions in the IT Act, it looks like policy-makers have bought the flawed “more is better” argument emerging from business press cheerleaders of the global surveillance industry.

Two, Twitter announces technical capabilities to censor tweets using geo-location to be in compliance with legal orders from different jurisdictions. Again very little has changed. Twitter has in the past complied with legal orders. In terms of transparency – Twitter has adopted pretty high standards. It will notify the author about the removal and other users from that country with message stating that the tweet has been withheld. Which some predict will precipitate a Streisand effect. In addition, Twitter has expanded its partnership with ChillingEffects.org to publicly archive these legal orders. Some activists wonder if Twitter's role in the Arab Spring would have been undermined if it implemented legal orders from the Mubarak regime. Unfortunately for Twitter, initial praise for this comes from China's state-run newspaper and from the Thai government. But to be fair, unlike Google above, Twitter is sticking to absolute legal minimum. The use of the US jurisdiction in the past, as a free speech haven did benefit activists in authoritarian regimes but perhaps SOPA and PIPA signals the end of that. In India, given the draconian IT Act this could result in blocking of heavy metal tweets on account of them being “blasphemous” or Twitpics of Cartoons against Corruption for being an “annoyance”. Both offenses which are significant dilutions from the previous standards of “incitement of hatred” or “defamation”. There are two part to the solution here, one, Twitter giving the best fight it can to protect free speech and two, Indian citizens petitioning their MPs for the amendment of the IT Act.

For more details visit https://cis-india.org/internet-governance/two-tales-of-transparency

Global Censorship Conference

praskrishna — 2012-03-30T11:34:07Z

The Abrams Institute for Freedom of Expression at Yale Law School is holding a conference on global censorship from March 30 to April 1, 2012, at Yale Law School. The programme is sponsored by the Information Society Project at Yale Law School and Thomson Reuters.

"This conference is the first major event for the Abrams Institute for Freedom of Expression, and it brings together an exciting group of thinkers from law, political science, computer science, business and the non-profit sector to discuss the lessons of the past few years,” explained Yale Law Professor Jack Balkin, director of the Abrams Institute and the Information Society Project. “We think the study of free expression in the digital age should be international and interdisciplinary."[1]

Rishabh Dara, Google Policy Fellow who worked at CIS office in Bangalore on freedom of expression and internet-related policy issues is participating in the event as a speaker in the panel on Case Studies of Censorship. The panel will explore recent instances of censorship in the United States, Egypt, Syria, Brazil, and India and the common themes and important differences that emerged.

This conference will consider how censorship has changed in a networked world, exploring how networks have altered the practices of both governments and their citizens. Panels will include discussions of how governments can and do censor and how speakers can command technical and legal tools to preserve their ability to speak. The conference will conclude with a discussion of new controversies in censorship, including laws designed to prevent online bullying and intellectual property infringement.

Agenda

Friday March 30, 2012

2:00	Begin Registration
3:15 – 4:45	The Means of Change, Familiar and New (co-sponsored by Sponsored by the Orville H. Schell, Jr. Center for International Human Rights) In the popular story of the political upheavals in the Middle East and North Africa, information technology stands out as the new factor that was critical to rapid mass mobilization for demanding change. The media have been credited with making popular demands for change contagious. Enthusiasts for the potential of technology to foster progressive change have labeled these apparently sudden developments a Facebook revolution. Governments responded by seeking to curtail the use of mobile phones and the Internet. What role has technology played in igniting, sustaining and shaping recent political changes in the Arab world? Anupam Chander, Professor of Law, University of California, Davis and Director, California International Law Center Rebecca MacKinnon, Bernard L. Schwartz Senior Fellow, New America Foundation John Pollock, journalist
5:00– 6:30	Keynote Lecture (co-sponsored by Sponsored by the Orville H. Schell, Jr. Center for International Human Rights) Irwin Cotler, Canadian Parliament, former Attorney General of Canada
6:30– 9:00	Reception for Panelists of the Global Censorship Conference

Saturday March 31, 2012

9:00 – 10:00	Registration and Breakfast
10:00– 11:30	Panel One: Old and New Forms of Censorship Years ago, activists met in person to plan protests and quietly shared subversive texts. Now, events can be planned over social networking sites, and arguments for change are posted online. How have governments responded to these changes? How have activist practices and governments’ reactions changed the way we conceptualize censorship? Jack Balkin, Yale Law School Yochai Benkler, Harvard Law School Navid Hassanpour, Yale Political Science Deptartment Rebecca MacKinnon, Bernard L. Schwartz Senior Fellow, New America Foundation
11:45 – 1:15	Panel Two: Technical Architectures of Censorship There are a number of choke points across the Internet and a number of different censorship mechanisms that can be deployed at various points across the network. Censorship can be executed at the router level, the Internet Service Provider (ISP) level, the Internet Content Provider (ICP) level, or the device level. Additionally, countries can employ a number of different technologies at each level. This panel will explore the many technical options for censorship and the strategic value of different choices. Laura DeNardis, Associate Professor of Communication at American University, and Affiliated Fellow, Information Society Project at Yale Law School Nagla Rizk, American University in Cairo Hal Roberts, Fellow at Berkman Center for Internet & Technology Ashkan Soltani, Independent Researcher and Consultant on Privacy and Security
1:15 – 2:15	Lunch
2:15 – 3:45	Panel Three: Case Studies of Censorship In the wake of censorship both domestically and abroad, many questions emerged about how the censorship was executed, what effects it had, if and how activists were able to route around the it, and how, if it all, it was eventually stopped. This panel will explore recent instances of censorship in the United States, Egypt, Syria, Brazil, and India and the common themes and important differences that emerged. Sherwin Siy, Deputy Legal Director and the Kahle/Austin Promise Fellow at Public Knowledge Lina Attalah, Journalist, Managing Editor of Al-Masry Al-Youm Anas Qtiesh, Blogger, Editor of Global Voices Carlos Affonso Pereira de Souza, Vice-Coordinator of the Center for Technology & Society (CTS) at the Fundação Getulio Vargas (FGV) Law School Rishabh Dara, Researcher at Indian Institute of Management, Ahmedabad
4:00 – 5:30	Panel Four: Technical Methods of Circumventing Censorship New technology may provide governments with new tools to censor, but it also creates opportunities for speakers and “hactivists” everywhere. How can individuals evade identification online and access blocked content? Can activists circumvent attempts to shut down the internet during periods of political unrest? What new methods are being developed to preserve free speech online? Roger Dingledine, The Tor Project Peter Fein, Telecomix Alex Halderman, University of Michigan, Dept. of Computer Science Sascha Meinrath, Open Technology Initiative Director, New America Foundation Wendy Seltzer, Senior Fellow, Information Society Project at Yale Law School
6:00 – 9:00	Dinner for Speakers

Sunday, April 1, 2012

9:00 – 9:30	Breakfast
9:30 – 11:00	Panel Five: Legal Solutions to Censorship Given the way censorship technologies have slowly crept into acceptable use because of concerns like piracy, child pornography, or national security, there is much debate about the role and capacity of law in combatting these new, digital forms of government censorship, domestically and internationally. This panel will discuss if and how legal solutions to censorship can be deployed most effectively. Derek Bambauer, Brooklyn Law School Jim Dempsey, Vice President of Public Policy at the Center for Democracy and Technology Molly Land, New York Law School Linda Lye, ACLU Northern California Jillian York, Director for International Freedom of Expression at the Electronic Frontier Foundation
11:15 – 12:45	Panel Six: New Controversies in Censorship Does new technology change the appropriate scope of free expression rights? Can policing intellectual property infringement burden free speech interests? Does surveillance ever have a censoring effect? This panel will wrestle with whether a variety of government activities constitutes inappropriate censorship or necessary actions to protect the public interest. Rebecca Bolin, Fellow at Information Society Project, Yale Law School Mark MacCarthy, Vice President for Public Policy, Software and Information Industry Association; Adjunct Professor, Communication, Culture and Technology Program, Georgetown University Preston Padden, Senior Fellow at the Silicon Flatirons Center and an Adjunct Professor at the University Of Colorado's Law School and Interdisciplinary Telecommunications Program David Post, Temple University, Beasley School of Law Christopher Soghoian, Graduate Fellow, Center for Applied Cybersecurity Research, Indiana University
12:45	Bagged Lunch Available

[1].Global Censorship Conference to be Held March 30-April 1 at Yale Law School | Yale Law School, last accessed on March 30, 2012, http://www.law.yale.edu/news/15140.htm

Read the original posted in Yale Law School website

For more details visit https://cis-india.org/internet-governance/global-censorship-conference

Data protection experts slam state for sending mass SMSes

praskrishna — 2012-03-27T03:46:00Z

Experts in the field of data protection, privacy law and media have criticised the West Bengal government's mass SMS sent to individuals, companies and media houses through private mobile networks last Friday. Lara Choksey reports this in an article published in the Statesman on March 25, 2012.

The government's use of private data in order to spread political messages is ethically dubious and dangerous, say some. The SMS indirectly refers to The Telegraph's publication of the Poonam Pandey tweet, warning against the transmission of “provocative and indecent photographs for hurting the religious sentiments of people and disrupting communal harmony.” It urges recipients to “frustrate the designs of … unscrupulous people and maintain peace and communal harmony,” and is signed by “Mamata Banerjee, Chief Minister”.

Speaking to The Statesman on Saturday, Mumbai-based media lecturer Ms Geeta Seshu identified two issues with the government sending out political messages through mobile phone networks.

Firstly, from an ethical standpoint, the unchecked freedom of mobile phone companies to hand out private data is “completely wrong”, she said.

Secondly, the use of government funds for such dissemination needs to be transparent. If the state government has used public funds to distribute its message through a mobile phone network, then this information should be readily available, said Ms Seshu.

The Telecom Regulation Authority of India's (Trai) unsolicited commercial communications regulations allow unsolicited advertising through mobile phone networks.

Mr Apar Gupta, partner of Delhi-based law firm Advani and Co., explained, “The regulations are not wide enough to prohibit communications from a political party.” He observed, “Using SMS messages is a very efficient propaganda tool because so many people have access to mobile phones.”

Mobile phone networks such as Vodafone make it clear in their privacy policies that the personal data of its customers “may be used for inclusion in any telephone or similar directory or directory enquiry service provided or operated by us or by a third party” (source Vodafone website).

Any third party ~ governmental or corporate ~ can therefore access the company's directory of private mobile numbers at the discretion of the network in question.

It is not yet clear which government department coordinated the SMS, or what funds were used to cover the costs. Representatives from the ministry of information and cultural affairs were not able to shed a light on the matter. “I know that a message was sent out,” said the I & CA director Umapada Chatterjee, "But it was not sent from this department. I do not know that information.”

Some commentators did not condemn the government's SMS. Delhi High Court lawyer and cyber law expert, Mr Praveen Dalal, criticised the publication of the Poonam Pandey tweet on the grounds of it violating the due diligence guidelines of the Cyber Law of India. He commented, “If casual and careless publications … continue, there would be no other option left for the government but to regulate their affairs in a more intrusive manner.”

However, executive director of the Centre for Internet and Society, Mr Sunil Abraham, called the state government's use of unsolicited SMS a “clear abuse of the powers afforded by elected office.” Mr Abraham explained that elected representatives would be justified in such measures, and in utilising public funds, in the event of a disaster, or when public order, public health or national security are compromised.

“However in this case, the government is abusing the provisions of the law and using this incident as a pretext to threaten media professionals with surveillance and to intimidate for the purposes of reigning in free speech,” he told The Statesman. The chief minister was unavailable to make a comment on the matter.

Read the original published in the Statesman

For more details visit https://cis-india.org/news/data-protection-experts-slam-state-for-sending-mass-smses

Locating the Mobile: An Ethnographic Investigation into Locative Media in Melbourne, Bangalore and Shanghai

Larissa Hjorth and Genevieve Bell — 2015-10-24T13:41:47Z

From Google maps, geoweb, GPS (Global Positioning System), geotagging, Foursquare and Jie Pang, locative media is becoming an integral part of the smartphone (and shanzhai or copy) phenomenon. For a growing generation of users, locative media is already an everyday practice.

The transition from the analogue to the digital, from dial-up to broadband internet access was dramatic in how it changed our notions of space, catalysing new ways of thought and practice. In the case of locative media the uptake is more accelerated with it already engaging more than ten times those involved in the analogue-digital transition. The spread and usage of locative media is fast and promises to produce an even more dramatic transformation as the net becomes portable and pervasive.

As yet we know little about the impact locative media is having, and will have upon people’s livelihoods and identity, or on public policy around privacy, identity, security and cultural production. Discourse in the field has opened up questions of art, innovation and experimentation (de Souza e Silva & Sutko 2009; Hjorth 2010, 2011). However, there remains a dearth of nuanced research on locative media that provides in-depth, contextual accounts of its socio-cultural and political dimensions. Little work has been conducted into locative media as it migrates from art and into the ‘messy’ (Dourish & Bell 2011) area of the everyday.

Locating the Mobile seeks to address this knowledge gap by undertaking close studies of locative media in three locations—Bangalore, Melbourne and Shanghai. We aim to capture and analyse the multiplicities of locative media practice emerging in both developed and developing contexts.

These three locations have relatively high smartphones (or copies like shanzhai) usage and are indicative of twenty-first century migration, diaspora and transnational practices. As one of the leading regions for mobile media innovation (Hjorth 2009; Bell 2005; Miller & Horst 2005), the various contested localities in the Asia-Pacific provide a rich and complex case study for mobile media as it moves into locative media. The three locations also show how the presence of digital and internet technologies is ‘flattening’ the globalised landscape and bringing about dramatic changes in the ways in which these cities shape and develop (Shah 2010). We consider how place informs locative media practices and how, in turn, these practices are shaping new narratives of place.

Locating the Mobile seeks to collect and analyse some of the emergent, tacit, innovative and ‘making-do’ practices informing the rise, and resistance to, locative media. Drawing on pertinent issues for the present and future of locative media, Locating the Mobile aims to:

Pioneer and develop models and templates for comprehending the implications of locative media.
Develop a nuanced and situated understanding of locative media as part of cultural practice.
Provide, through multi-site analysis, new insights into the impact of locative media upon narratives of place and belonging.
Develop socio-cultural understandings of the role locative media plays in notions of intimacy and privacy.

By bringing together an expert team that represent a commitment to probing the social, cultural and community dimensions of technological innovation, Locating the Mobile will develop methodologies that capture the dynamic and mundane features of this emergent media practice. By doing so, Locating the Mobile will move beyond binary debates about surveillance and privacy or ‘parachute’ case studies of locative art towards nuanced and complex understandings of locative media and its implication for future cultural practices.

Significance and Innovation

The nascent field of locative media is impacting upon cultural practice, place-making and policy in ways we can only imagine. While much analysis has been conducted in mobile media (Goggin & Hjorth 2009) and experimental forms of locative media/art (de Souza e Silva & Sutko 2009), the increased ubiquity of locative media through devices such as the smartphone will undoubtedly transform the way in which place and mobility is articulated. Locating the Mobile seeks to substantially expand and contextualise upon the burgeoning area of locative media through a variety of innovative and significant ways.

Locating the Mobile is original in its topic, method, outcomes and industry collaboration. Firstly, it is significant in that it brings depth and innovation to the emergent area of locative media, and its impact upon discourses around mobile media in ideas of mobility and place-making. In the face of parachute nature of many locative art research (de Souza e Silva & Sutko 2009), Locating the Mobile is one of the first studies internationally to explore locative media over time in specific locations. Secondly, it deploys a variety of methods (such as surveys, focus groups, interviews and diaries for scenario of use, overlaid with data-mining) across different devices (mobile phone, iPad) and platforms (Foursquare, Jie Pang) to analyse the local and socio-cultural dimensions of use. With its team of experts in mobile media (Hjorth, Bell and Horst), communication for development (C4D) (Tacchi and Shah), gaming (Hjorth), social networking (Shah, Zhou and Hjorth) as well as a range of methodologies, this three-year study will investigate and contextualise locative media in Bangalore, Melbourne and Shanghai. Despite its ubiquity in many locations in the Asia-Pacific region, much of the locative media literature remains Anglophonic or Eurocentric in focus. Thirdly, through multi-site analysis of locative media practices we will provide innovative ways in which to reflect upon narratives of place, belonging and transnationalism. Fourthly, by pioneering the first multi-site analysis of locative media over time, Locating the Mobile will develop the much missing socio-cultural understandings of locative media and how it impacts upon intimacy and privacy upon individual, group and policy levels. We will now detail these four key areas of significance and innovation. We will pioneer and develop models and templates for comprehending the implications of locative media. In these models we actively address locative media in the transnational context of contemporary feelings about belonging, possession, mobility, migration, and dislocation. As locative media becomes more pervasive, the power of its banality needs further understanding beyond ‘global’ generalisations (see www.pleaserobme.com). Like the rise of mobile media that was accompanied by the ‘subversive user’ (Hjorth 2009), we need to figure out the digital subject who is shaped—both historically and socio-culturally—through the pervasive spread of locative media. As Gabriella Coleman (2010) observes in her review of ethnographic approaches to digital media, there are three main overlapping categories: research on the relationship between digital media and the cultural politics of media; the vernacular cultures of digital media; the prosaics of digital media (and this attention to the commonplace, the unromantic, the quotidian). In the case of locative media, ethnographic approaches—emphasising the situated, vernacular and prosaic—are needed in order to understand the relocations of mobility across a variety notions: technological, electronic and psychological to name a few. Moreover, given the relatively high proportion of Indian and Chinese migrants in Melbourne—and migration in Bangalore and Shanghai—exploring locative media can provide new models for conceptualising the impact of migration, diaspora, and transnationalism on place.

We will develop a nuanced and situated understanding of locative media as part of cultural practice through methods that deploy both qualitative (ethnographic) and quantitative (datamining) approaches such as ‘ethno-mining’ (Anderson et al. 2009). With the emergence of ethnomining approaches—that is, data-based mining combined with ethnography—new models for analysing media and mobility can be found. Locating the Mobile addresses this need for innovative methodologies that capture the dynamic nature of locative media by situating it within three legacies: social, cultural and historical mediatisation. Further, Locating the Mobile seeks to frame locative media as evolving through the cultural precepts informing mobile media and urbanity LP120200829 (Submitted to RO) Dr Larissa Hjorth PDF Created: 16/11/2011 Page 8 of 123 discourses. Drawing upon case studies from a region renowned for divergent and innovative use of mobile media (Hjorth 2009) and gaming (Hjorth & Chan 2009)—the Asia-Pacific—Locating the Mobile seeks to understand the lived and local dimensions of locative media and how it can inform emergent and older forms of place-making, belonging and migration. By focusing upon this nascent but burgeoning area in global mobile media practice—locative media—Locating the Mobile not only places Australia as a forerunner in innovative, original, and challenging methodologies for new media, but also, by bringing together key industry partners, Intel, CIS and Fudan University,

Locating the Mobile seeks to contextualise the research in terms of industry and community outcomes. In this sense, Locating the Mobile clearly addresses the National Priority 3, Frontier Technologies (see below for more details).

We will provide, through multi-site analysis, new insights into the impact of locative media upon narratives of place and belonging through our three case study locations—Melbourne, Bangalore and Shanghai. Locative media can provide new models for conceptualising the impact of migration, diaspora, and transnationalism on place. Although place has always mattered to mobile media (Ito 2003; Bell 2005; Hjorth 2003), locative media both amplify, redirect and redefine practices around place, community and a sense of belonging—phenomenon that impacts upon cultural policy and media regulation (Goggin 2011). Along with the digital interfaces that overlay our physical experiences as we enter into a state of augmented reality (AR), the presence of these cartographic, geospatial locative platforms also changes the ways in which the cities and how we navigate with them (Shah 2010). With the rise of locative media like Google maps we are seeing new ways to frame and narrate a sense of place through various technological lenses overlaying the social with the informational. This phenomenon is especially the case with smartphones and their plethora of applications (apps) drawing heavily upon locative media—even most photo apps come with locative media. With locative media we see the arrival of increased accessibility to augmented
reality (AR). Instead of replacing the analogue with the digital, the physical with the virtual, they open up ‘hybrid realities’ (a term used by de Souza e Silva to describe AR mobile games) that need new conceptual tools and located frameworks to unravel the dynamics. We are no longer looking at just the technology mediated hypervisual digitality but also exploring what these locative media augment and simulate in everyday practices.

We will develop socio-cultural understandings of the role locative media plays in notions of intimacy and privacy and how we might comprehend locative media’s implications on individual and cultural practices, and regulation. In the second generation of locative media that sees it move increasingly into the mainstream, questions about security, privacy and identity—and how these are shaped by the local—come into focus (Dourish & Anderson 2006). For Dourish and Anderson (2006) locative media can been viewed as a form of ‘Collective Information Practice’ that have social and cultural implications upon how privacy and security are conceptualised. For others such as Siva Vaidhyanathan (2011) locative media like Google maps and street views are about a corporate surveillance. As a burgeoning field of media practice intersecting daily life, there is a need for in-depth situated accounts into locative media and their cultural-economic dimensions to understand the impact they will have on intimacy, privacy, identity and place-making. In Locating the Mobile, by developing and implementing new hybrid models for analysing locative media (Anderson et al. 2009), we consider the role locative media plays in how place shapes, and is shaped by, these practices and the future implications around cultural policy. The comparative dimension brings a rich data-set to bear on our understanding of locative media and the questions it may pose in the future. The outputs are significant not only for Australian mobile communication, gaming and internet studies—by providing a regional context for evaluating the socio-technologies—but also demonstrates internationally Australia’s lead in ground-breaking research into locative media (Priority 3, ‘frontier technologies’) in arguably the most significant sites for global ICTs production and consumption, the Asia-Pacific.

National Research Priorities: With the rise of smartphones becoming ubiquitous, location-based services have burgeoned. And yet, little is known about this area and its impact upon individuals, LP120200829 (Submitted to RO) Dr Larissa Hjorth PDF Created: 16/11/2011 Page 9 of 123 organisations and governments. Given this phenomenon, a comprehensive understanding of the impact upon locative media upon notions of privacy, identity and place-making is needed. In the twenty-first century, locative media will become an increasingly important part of everyday life—for individuals, communities, businesses and government agencies. Thus it is imperative that we have a robust comparative understanding of locative media in Australia and across the region. By conceptualising this impact within the context of the region, Locating the Mobile ensures Australia is at the frontier of new technologies and their impact upon future technological practices and policies. Such an understanding is fundamental to Australia’s technology and cultural sectors, thus contributing to National Research Priority 3 through one of the strongest currencies in twenty-first century global market, mobile media, as well as contributing to the broader long-term project of locating Australia in the region. By drawing on qualitative, cross-cultural longitudinal research into locative media, Locating the Mobile will document, analysis and provide future recommendations for how locative media is impacting upon people’s experience of place and identity. A study like this is important as it is innovative for not only pioneering methodologies to evaluate this media phenomenon but also to understand some of its long-term implications on how mobile media intervenes and even reconfigures experiences and perceptions of place which, in turn, impact upon cultural policy.

Collaborators: Larissa Hjorth (RMIT University, Melbourne), Genevieve Bell (Intel, Shanghai)

For more details visit https://cis-india.org/raw/digital-humanities/blogs/locating-mobile/locating-the-mobile

All India Privacy Symposium

Natasha Vaz — 2012-03-01T06:16:53Z

Are we citizens or subjects? Experts gather in Delhi for public symposium on privacy, transparency, e-governance and national security in India.

Following 18 months of research by Privacy India, the Centre for Internet and Society and the Society in Action Group, with support from London-based Privacy International, the groups today held an All India Privacy Symposium at the India International Centre in New Delhi. Speakers included Supreme Court Advocate Menaka Guruswamy, Microsoft Director of Corporate Affairs Deepak Maheshwari, social researcher and activist Usha Ramanathan, journalist Saikat Datta and former Chief of RAW Hormis Thorakan.

A few themes recurred across all five panels (Privacy and Transparency, Privacy and E-Governance Initiatives, Privacy and National Security, Privacy and Banking, and Privacy and Health). Perhaps the most prominent was the repeated allegation that the Indian government' technological illiteracy is putting its citizens at risk. One panelist described how an RTI request had recently revealed that the government had no idea how many of its own computers had been hacked or how much data had been stolen – even though this information has been in the public domain since the Wikileaks diplomatic cable releases.

The increased use of public-private partnerships and outsourcing was also a major cause for concern. Public money is being funneled into privately-held commercial enterprises – which, unlike public bodies, are not subject to RTI requests – and spent on e-governance initiatives like UID. Social researcher Anant Maringati spoke of a "hybrid world" in which government projects were fulfilled by completely unaccountable private actors. Advocate Malavika Jayaram remarked that, while private companies tend to have far greater technological expertise than government officials, they are ultimately motivated by profit rather than public benefit; we should therefore ask ourselves whether they can really be trusted with our information.

Government surveillance for the purposes of crime prevention also came under scrutiny, when Saikat Datta described how he himself had been put under illegal surveillance by an unauthorized intelligence agency. He warned of the dangers of excessive wiretapping, a practice that currently generates such a “mountain” of information that anything with real intelligence value tends to be ignored until it is too late, as happened with the Mumbai bombings in 2008. It is clear that the Indian government’s surveillance and interception programmes far exceed what is necessary for legitimate law enforcement.

Overall, panelists at the conference painted a vivid picture of India as a state that has made a habit of invading the privacy of individuals on a massive scale in the name of public benefit and law enforcement. Yet there is a clear sense that the benefits to society are not outweighing the costs to the individual. As Usha Ramanathan commented: “The question is, do we think of ourselves as citizens – or as subjects?”

See the webcast of the event here

For more details visit https://cis-india.org/internet-governance/all-india-privacy-symposium

New Bill to decide on individual’s right to privacy

praskrishna — 2012-02-07T07:19:07Z

A group of experts would identify issues relating to privacy and prepare a report to facilitate authoring the Privacy Bill. Vishwajoy Mukherjee's article was published in Tehelka on 6 February 2012.

American jurist William J Brennan once famously remarked, “If the right to privacy means anything, it is the right of the individual to be free from unwarranted governmental intrusion.” Now the Government of India is on the verge of formulating, for the first time, a Privacy Bill that will lay down a specific framework to adjudicate an individual’s right to privacy.

The Planning Commission has constituted a small group of experts under the chairmanship of Justice A P Shah, former Chief Justice of the Delhi High Court, to identify issues relating to privacy and prepare a paper to facilitate authoring the Privacy Bill. The group will be studying the privacy laws and related bills promulgated by other countries and will also be analysing the impact of various programmes being implemented by the government, from the perspective of their impact on privacy. A detailed report with suggestions and remarks will then be handed to the Planning Commission by 31 March.

In the run-up to the formulation of a new Privacy Bill in India, an All India Privacy Symposium was held on 4 February to discuss aspects of privacy in the context of transparency, national security and internet banking. One of the most vociferous oppositions to the idea of privacy becoming an enshrined right for individuals, has come from those who believe that national security is of paramount importance. “The notion that one has to choose between privacy and national security is a false dichotomy of choice… When the judiciary adjudicates between privacy and surveillance, privacy in almost all cases loses. Especially when the word terrorism is invoked,” said Oxblood Ruffin, a member of the Cult of the Dead Cow, an information security and publishing collective. Speaking at the conference Ruffin stressed on the idea that the State shouldn’t act as a “peeping Tom” but instead respect the “sovereignty of its people.”

One of the more stark examples, in recent years, of the State clamping down on individual rights, such as the right to privacy, on the pretext of national security, is the Patriot Act in America. The Patriot Act was passed in the United States of America in the immediate aftermath of the September 2001 attacks on the twin towers, and allowed the government to scrutinise everything from “suspicious” bank accounts to wire-tapping lines of communication. Menaka Guruswamy, a lawyer at the Supreme Court of India, believes that unlike America, India does not yet have a codified view on privacy. “Privacy is a vast, fragile, and an open space in the Indian justice system,” she told Tehelka.

Though India doesn’t have clearly defined laws dealing with the issue of privacy, it does have certain directives under which surveillance methods such as wire-tapping can be done. Wire-tapping, which is regulated under the Telegraph Act of 1885, saw a major overhaul in a 1996 Supreme Court judgment, which ruled that wire-taps are a "serious invasion of an individual's privacy." The Supreme Court (SC) recognised the fact that the right to privacy is an integral part of the fundamental right to life enshrined under Article 21 of the Constitution, and therefore laid down guidelines defining who can tap phones and under what circumstances. Only the Union Home Secretary, or his counterpart in the states, can issue an order for a tap, and the government is also required to show that the information sought cannot to be obtained through any other means. The SC mandated the development of a high-level committee to review the legality of each wire-tap.

“Interceptions and intrusions by the state have often gone on to help exonerate people who have been falsely accused, so I think it would be unfair to demonise wire-tapping in general. One does have to ensure though, that those who intercept exchanges do not exceed limits,” said a former chief of the Research and Analysis Wing (RAW).

Besides the dimension of privacy versus surveillance, another important aspect which comes under the scanner when privacy laws are discussed is Internet banking. Details of personal bank accounts and other highly sensitive information of individuals have been whizzing around the cyber space with the advent of E-banking. Everything from booking tickets for movies and flights, to transferring money between accounts is happening via computers, and is happening fast. This growing trend has sparked a major debate on how safe is our information on the web, and what can the government do to secure it? In May 2000, the government passed the Information Technology Act, which laid down a set of laws intended to provide a comprehensive regulatory environment for electronic commerce.

The Act also addressed computer crimes such as hacking, damage to computer source code, breach of confidentiality and viewing of pornography and created a Cyber Appellate Tribunal to oversee and adjudicate cyber crimes. However, at the same time, the legislation gave broad discretion to law enforcement authorities through several provisions, such as Section 69, allowing the interception of any information transmitted through a computer resource and mandates that users disclose encryption keys or face a jail sentence up to seven years. Section 80 of the Act allows deputy superintendents of police to conduct searches and seize suspects in public spaces without a warrant.

“Confidentiality between banker and customer is the golden rule of traditional banking, but with the coming of E-banking, banks are using confidentiality as an excuse for not putting out data that shows how vulnerable they are to cyber crimes like hacking,” said N Vijayashankar, an E-business consultant, and a front runner in raising awareness about cyber laws in India. He said, “When framing privacy laws one has to ensure that banks are mandated to disclose data on breach of Internet security. That is the only way to ensure that banks take the necessary steps to secure customer information.” Malavika Jairam, a lawyer who focuses on technology and intellectual property, believes that allowing private participation in what should essentially be a sovereign State function is a dangerous path to tread on. “Tesco, a major retail chain in England, is now into E-banking… There are numerous examples of such private banking entities sharing customer information with insurance policy firms. These details are often used as markers for the kind of premium that will be set for a person,” Jairam said.

With the current pace of technological advancements fast thinning the line between individual privacy and public content, it remains to be seen what kind of privacy laws India will frame to keep up.

The original was published by Tehelka, Malavika Jayaram, a Fellow at CIS is quoted in it.

For more details visit https://cis-india.org/news/new-bill-to-decide-on-individual2019s-right-to-privacy

Privacy, speech at stake in cyberspace

praskrishna — 2012-02-03T11:27:58Z

Internet censorship is becoming a trend, with many countries around the world filtering the Web in varying degrees, writes Leslie D’Monte in Livemint on February 3, 2012.

Privacy and freedom of expression are gradually being compromised in cyberspace, say advocacy groups, with social networking sites and Internet companies buckling under pressure from governments to monitor and block “objectionable” content.

Take the case of Twitter Inc., which on 26 January posted on its official blog that “...starting today, we give ourselves the ability to reactively withhold content from users in a specific country—while keeping it available in the rest of the world”. While Twitter reasoned that as it continues to grow internationally, it will have to deal with “countries that have different ideas about the contours of freedom of expression”, activists and bloggers cautioned that the new censorship policies could muffle online freedom.

“The decision of Twitter to censor its content based on the political masters’ wishes in each country is an indication that commercial interests are always higher than democratic interests for these companies. The move of the Indian government to arm-twist the major intermediaries is, therefore, expected to succeed in due course once the initial resistance wears off,” cautioned Na. Vijayashankar, a Bangalore-based e-business consultant and founder secretary of the Cyber Society of India.

In December, minister for communications and information technology (IT) Kapil Sibal said in New Delhi that the Centre had no option but to “evolve guidelines” to ensure that “blasphemous content on the Internet or television is not allowed”, since Internet and social networking sites such as Google Inc., Microsoft Corp., Twitter, Yahoo Inc., and Facebook Inc. failed “to respond to and cooperate with” the government’s request to keep “objectionable” content off their sites.

A few days later, Sibal clarified that “...this government (of the United Progressive Alliance) does not believe in censorship”. And in an interview to Mint on 1 February, Gulshan Rai—head of the elite Indian Computer Emergency Response Team and coordinator of a committee on cyberlaw—said, inter alia, “We value the freedom of speech. We do not interfere there.”

Internet censorship is a rising trend, with approximately 40 countries filtering the Web in varying degrees, including democratic and non-democratic governments. YouTube and Gmail (both from Google), BlackBerry maker Research In Motion Ltd, WikiLeaks, Twitter and Facebook have all been censored, at different times, in China, Iran, Egypt and other countries.

“The clampdown on online free speech and the roll-out of a multi-tiered blanket surveillance regime via the draconian IT Act and its associated rules in India is part of a global trend,” said Sunil Abraham, executive director of the Centre for Internet and Society. “Big brother tendencies with the government have found common cause with powerful rights-holders, who are keen to crack down on intellectual property rights infringements. This, combined with the dramatic growth of the surveillance industry, has resulted in civil liberties being undermined across the world for a variety of pretexts ranging from child porn, obscenity, hate speech, organized crime, terrorism and piracy.”

Transparency Report website—which logs content removal requests it receives from governments—the Internet company received 67 requests from the Indian government for the removal of 282 content items (such as videos critical of politicians) from YouTube and blogs during July-December 2010. Google said it complied with 22% of the requests. For the January-June 2011 (latest data available) period, Google received 68 content removal requests for 358 items from Indian government agencies. Google complied in 51% cases.

Entangling the user

Even as they face pressure from governments, companies such as Google and Facebook are tweaking their policies to allow for sharing of user data across multiple product offerings. They claim it will give their users a more “intuitive” experience, but advocacy groups say the policies are being altered to give advertisers more bang for the buck at the expense of user privacy.

Google, for instance, is making changes to its privacy policies and terms of service, which take effect from 1 March. “Regulators globally have been calling for shorter, simpler privacy policies—and having one policy covering many different products is now fairly standard across the Web,” said Alma Whitten, Google’s director of privacy, product and engineering, on the official company blog. Google has begun notifying users of these changes since 24 January.

For example, a search for restaurants in Mumbai may throw up Google+ posts or photos that people have shared with other users, or that are in their albums. Usability can be enhanced, for instance, by allowing memos from Google Docs to be read in Gmail, or adding a Gmail contact to a meeting in Google Calendar. Google, according to Whitten, does not sell personal information nor share it externally without permission “except in very limited circumstances like a valid court order”.

Facebook, on its part, introduced its “Timeline” feature in December, which digs up a user’s past and displays it, but does not allow opting out of the service. The feature is being introduced for all 800 million users, around 40 million of whom are in India. Those not accustomed to checking their privacy settings will have a hard time going through the hundreds of messages they’ve posted over the last few years (Facebook was founded in 2004).

The Electronic Privacy Information Center said the launch of Timeline forces more privacy setting changes on Facebook users, “which flies in the face of both privacy and a settlement reached between the firm and the US Federal Trade Commission (FTC)”. On 29 November, Facebook agreed to an FTC order that bars it from “deceiving” consumers about privacy practices and requires it to submit to monitoring for 20 years.

“Privacy is certainly a very serious concern for Internet users. Some of the big brands like Facebook and Google simply have access to too much information about the life of their users, and this information could easily be misused by the brand or wilfully by someone else. Our guidance to consumers and clients is that first and foremost, they should be very conscious of these privacy challenges. If we put out any communication on a social network, it is akin to broadcast communication. By default, choose the tightest privacy setting and then gradually loosen up instead of accepting the default privacy setting of Facebook or Google. Don’t give out information like cellphone number, date of birth...or even names of close relations on social networks,” said Hareesh Tibrewala, joint chief executive officer of Social Wavelength, a company that advises clients on social media strategies.

Mahesh Murthy, founder of digital marketing firm Pinstorm, acknowledged that “in reality, there is virtually no privacy online. Governments and companies try to assure apprehensive citizens about privacy, while at the same time doing everything to destroy it in reality”.

He advises marketers to be upfront about their data collection and management policies, and declare them prominently on their online properties. On an individual level, Murthy takes comfort “in the fact that I could just be one of those 3 billion+ Internet users worldwide with my data a small part of the swarm out there that no one might take a special interest in”.

Electronic police state?

India has a history of exerting pressure on companies for access to communications data. According to Cryptohippie Inc., a provider of communication security services, India ranked 26 among the most policed states in the world in 2010—“one in which every surveillance camera recording, every email sent, every Internet site surfed, every post made, every check written, every credit card swipe, every cellphone ping…are all criminal evidence, and all are held in searchable databases”, according to the company that discontinued the report in 2011, stating that “…most people are defending their ignorance; not much good will come from us repeating ourselves”.

Currently, the Indian Telegraph Act and the IT Act, 2008 (amendments introduced in the IT Act, 2000), give the government the power to monitor, intercept and even block online conversations and websites. Moreover, under section 79 of the IT Intermediary (Rules and Guidelines), 2011, intermediaries—telcos, Internet services providers, network services providers, search engines, cyber cafes, Web-hosting companies, online auction portals and online payment sites—are mandated to exercise “due diligence” and advise users not to share/distribute information violative of the law or a person’s privacy and rights. Intermediaries are expected to act on a complaint within 36 hours of receiving it, and remove such content when warranted. In case the intermediary doesn’t find the content objectionable, the matter will have to be contested in a court of law.

“The Indian government can, and should, monitor conversations and websites if it believes the content can harm the security, defence, sovereignty and integrity of the country,” maintained Pavan Duggal, a Supreme Court lawyer and a cyberlaw expert, but wondered how it would go about implementing the task of monitoring conversation on an unstructured Internet. “The intention is good, but the path is not clear,” said Duggal, who envisions a lot of cases being filed against misuse of these laws.

“While the affected party can lodge a complaint with the intermediary, removal has to follow a due process, which should include suitable documentary evidence placed by the party. There should be a process of examination through an ombudsman, a process of arbitration where the request is disputed or a court order as may be required on a case to case basis,” said Vijayashankar of the Cyber Society of India.

The original was published in Livemint on 3 February 2012. Sunil Abraham was quoted in it.

For more details visit https://cis-india.org/news/privacy-speech-at-stake-in-cyberspace-1