Centre for Internet and Society

Leveraging Web Application Vulnerabilities for Reconnaissance and Intelligence Gathering

Admin — 2019-07-22T01:39:14Z

Karan Saini gave a talk at the JSFoo Conference at the GRD College of Science in Coimbatore, Tamil Nadu on July 5, 2019. The event was organized by Has Geek.

Click to view Karan's presentation

For more details visit https://cis-india.org/internet-governance/news/leveraging-web-application-vulnerabilities-for-reconnaissance-and-intelligence-gathering

Kapil Sibal & Co shoot down motion to kill IT Rules: cite terrorism, drugs

praskrishna — 2012-05-24T09:45:43Z

The Information Technology (Intermediaries Guidelines) Rules 2011 (The Rules) continue to breathe after the statutory motion to annul them moved by member of parliament (MP) from Kerala P Rajeeve was defeated by voice vote in the Rajya Sabha yesterday.

This blog post by Prachi Shrivastava was published in Legally India on May 18, 2012

Telecom Minister Kapil Sibal was heard on Rajya Sabha TV saying: “We are more liberal than US and Europe but let’s not cut our arms.”

Sibal countered Rajeeve’s annulment motion arguing that the government needs to be armed to meet the “new challenges” posed by “new media”, according to Mint.

"Kapil Sibal reminds me of badly briefed counsels fumbling in the High Court" tweeted Pranesh Prakash of the Centre for Internet and Society (CIS) as Sibal was mid-delivery in contending that online media not registered in India escaped the ambit of Indian legislation and thus created the peril of terrorism and increased drug peddling.

Another person tweeted: "The gist of Sibal’s argument was that we need to censor the internet because people are doing drugs."

Sibal’s answer to MP Ram Yadav’s attack on The Rules for being inconsistent with their parent act – the Information Technology Act 2000 (IT Act) – was that Rule 3(2) which prescribes “due diligence” to be observed by an internet intermediary, originates from Section 66A of the IT Act, thus making the rules consistent with the parent act.

Section 3(2) obligates the intermediary to take down content posted on a website, on the basis of several undefined criteria.

"Minister you have created perverse incentives for censoring speech through law. That is regulation, not merely a definition of due diligence” proclaimed Supreme Court advocate Apar Gupta in a tweet posted during Sibal’s defense of the rules.

Prakash tweeted: "The IT Rules don’t just prescribe ‘due diligence’ but create a takedown mechanism. That’s not the same thing Mr. Sibal."

Sibal went on to establish that the government’s motive was not censorious by stating: “It is your choice, you are free to work with the user who complains to an intermediary. Where does the government come in?”

To which quipped Prakash: “Government is not censoring. It has created a system by which anyone can censor with impunity.”

Jaitley in-perspective

Leader of the opposition senior advocate Arun Jaitley objected to The Rules holding that terms such as “disparaging”, ”libellous”, “defamatory” not defined in the Act or the Rules but enabling take-down of content, could be misused, according to Times of India.

IBN Live reported him as urging Sibal to "reconsider the language of restraints".

Sibal addressed the house inviting objections from MPs on specific “words” contained in The Rules which provide for control of speech over the internet, according to PTI.

He further proposed to call a meeting of “stakeholders” to discuss the MPs’ objections, and assured that the consensus that emerges from the meeting will be implemented.

Draconian Censorious Rules

Legally India reported last month how Rajeeve was trying to spread awareness among MPs about the draconian effect of the Rules which censor free speech and expression, by over-scrutinising users of the internet, over-authorising intermediaries to monitor content posted over the internet, and letting the government, individuals and institutions by-pass the due process of law.

The Rules in their present form require intermediaries - providers of internet, telecom, e-mail or blogging services, including cyber cafes - to publish terms of use prohibiting users from publishing content of the nature specified in the Rules.

Once the intermediaries have knowledge of posted content that is in violation of such terms of use, they are liable for compensation if they fail to initiate action for removal of the posted content.

Some of the categories of prohibited content specified in the Rules are undefined, are not an offence under existing law, and are claimed to be in violation of article 19(1) of the Constitution guaranteeing the freedom of speech and expression.

CIS uncovered an additional problem the rules pose - that of “over-complying” intermediaries who in order to minimize the risk of liability may block more content than required, adversely impacting the fundamental right guaranteed under article 19(1).

"By and large, the impression is that India is going in the direction of censorship," Mint reported cyber law expert and supreme court lawyer Pavan Duggal as saying, yesterday.

For more details visit https://cis-india.org/news/sibal-shoot-down-motion-to-kill-it-rules

IT (Amendment) Act, 2008, 69B Rules: Draft and Final Version Comparison

jdine — 2013-04-30T09:47:46Z

Jadine Lannon has performed a clause-by-clause comparison of the Draft 69B Rules and official 69B Rules under Section 69B in order to better understand how the two are similar and how they differ. Notes have been included on some changes we deemed to be important.

There has been a considerable amount of re-arrangement and re-structuring of the various clauses between the 69B Draft Rules and the official Rules, as can be seen in the comparison chart, but very little content has been changed. The majority of the changes made to the official Rules are changes in wording and language that serve to provide some much-needed clarification to the Draft Rules (see the differences between Clause (9) of the Draft Rules and sub-section (4) of Clause (3) of the official Rules as an example). Language redundancies, as well as full clauses (Clause [6] of the Draft Rules) have been thankfully removed in the official Rules.

Aside from the addition of four definitions, including a definition for a “security policy”, a phrase which appears in the Draft Rules without being defined, Clause (2) contains what is most likely one of the more noteable changes between the two definitions: under sub-section (g) in the 69 Rules, the words “or unauthorised use” have been added to the definition of “cyber security breaches”, which significantly increases the scope of what can be considered a cyber security breach under the Rules.

A significant change between the two sets of rules can be found in sub-section (2) of Clause (8) of the official rules, which states that, “save as otherwise required for the purpose of any ongoing investigation, criminal complaint or legal proceedings the intermediary or the person in-charge of computer resource shall destroy records pertaining to directions for monitoring or collection of information”. The section in italics has been added to the original Clause (22) of the Draft Rules, meaning that when the Rules were originally drawn up, no exceptions were to be made for the destructions of the records for the issuing of directions for monitoring and/or the collected information. They would simply have to be destroyed within six months of the discontinuance of the monitoring/collection.

One change that may or may not be significant is the replacement of the words “established violations” in the Draft Rules to simply “violation” in the official Rules in Clauses (19)/(6), which deal with the responsibility of the intermediary. This could be taken to mean that suspected and/or perceived violations may also be punishable under this clause, but this is a hard stance to argue. Most likely the adjustment was made when those superfluous and/or convoluted parts of the Draft rules were being removed.

For more details visit https://cis-india.org/internet-governance/blog/it-amendment-act-69-b-draft-and-final-version-comparison

IT (Amendment) Act, 2008, 69 Rules: Draft and Final Version Comparison

jdine — 2013-04-30T09:56:07Z

Jadine Lannon has performed a clause-by-clause comparison of the Draft 69 Rules and official 69 Rules under Section 69B in order to better understand how the two are similar and how they differ. Very brief notes have been included on some changes we deemed to be important.

Similar to the other comparisons that I have done on the 69A and 69B Draft and official Rules, the majority of the changes between these two sets of rules serves to restructure and clarify various clauses in the Draft 69 Rules.

Three new definitions appear in the Clause (2) of the 69 Rules, including a definition for “communication”, which appears in the Draft Rules but has no associated definition under Clause (2) of the Draft Rules.

Clause (31) of the Draft Rules, which deals with the requirement of security agencies of the State and Union territories to share any information gathered through interception, monitoring and/or decryption with federal agencies, does not make an appearance in the official rules. Further, this necessity does not seem to be implied anywhere in the official 69 Rules.

For more details visit https://cis-india.org/internet-governance/blog/it-amendment-act-69-rules-draft-and-final-version-comparison

ISO/IEC JTC 1 SC 27 Working Group Meetings - A Summary

vanya — 2016-12-16T23:53:19Z

The Centre for Internet & Society attended the ISO/IEC JTC 1 SC 27 Working Group Meetings from 22 to 27 October 2016 in Abu Dhabi at Abu Dhabi National Exhibition Centre.

Being a member of Working Group 5: Information technology - Security techniques – Identity management and privacy technologies, we attended the following meetings:

WD 29184 Guidelines for online privacy notices and consent- As technological advancement and wider availability of communication infrastructures has enabled collection and analysis of information regarding an individuals' activities, along with people becoming aware about privacy implications of the same, this standard aims to provides a framework for organizations to provide clear and easily under information to consumers about how the organization will process their PII.
SP PII Protection Considerations for Smartphone App providers - Being a 1-year long project proposed during the ISO/IEC SC 27 JTC 1 Working Group Meetings in Jaipur in the year 2015. This group aims to build off a privacy framework for mobile applications to guide app developers on the lines of ISO/IEC 29100 international standard (which defines a broad privacy framework for information technologies) in light of excessive data collection by apps in absence of consent or justification, lack of comprehensive policies, Non transparent practices, Lack of adequate choice and consent, to ensure protection of rights of the individuals, etc. and will work towards ensuring a harmonized and standardized privacy structure for mobile application data policies and practices.
WD 20889 Privacy enhancing data de-identification techniques- Given the importance of Data de-identification techniques when it comes to PII to enable the exploitation of the benefits of data processing while maintaining compliance with regulatory requirements and the relevant ISO/IEC 29100 privacy principles, the selection, design, use and assessment of these techniques needs to be performed appropriately in order to effectively address the risks of re-identification in a given context.
SP Privacy in Smart Cities- Being a 1-year long project proposed during the ISO/IEC SC 27 JTC 1 Working Group Meetings in Jaipur this group saw contributions from Japan, India, PRIPARE in EU, to name a few. The scope for the group was proposed to produce a framework in light of data ownership, communication channels, privacy risk and impact assessment in smart cities, data lifecycle privacy governance for smart cities, and Develop use cases and contexts for Privacy Controls w.r.t the data lifecycle in Smart Cities, along with detailed documentation of Privacy Controls for Smart Cities aligned to the primary controls and associated sub controls.

For more details visit https://cis-india.org/internet-governance/blog/iso-iec-jtc-1-sc-27-working-group-meetings-a-summary

Is the new ‘interception’ order old wine in a new bottle?

Elonnai Hickok, Vipul Kharbanda, Shweta Mohandas and Pranav M. Bidare — 2018-12-29T16:02:00Z

The government could always authorise intelligence agencies to intercept and monitor communications, but the lack of clarity is problematic.

An opinion piece co-authored by Elonnai Hickok, Vipul Kharbanda, Shweta Mohandas and Pranav M. Bidare was published in Newslaundry.com on December 27, 2018.

On December 20, 2018, through an order issued by the Ministry of Home Affairs (MHA), 10 security agencies—including the Intelligence Bureau, the Central Bureau of Investigation, the Enforcement Directorate and the National Investigation Agency—were listed as the intelligence agencies in India with the power to intercept, monitor and decrypt "any information" generated, transmitted, received, or stored in any computer under Rule 4 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, framed under section 69(1) of the IT Act.

On December 21, the Press Information Bureau published a press release providing clarifications to the previous day’s order. It said the notification served to merely reaffirm the existing powers delegated to the 10 agencies and that no new powers were conferred on them. Additionally, the release also stated that “adequate safeguards” in the IT Act and in the Telegraph Act to regulate these agencies’ powers.

Presumably, these safeguards refer to the Review Committee constituted to review orders of interception and the prior approval needed by the Competent Authority—in this case, the secretary in the Ministry of Home Affairs in the case of the Central government and the secretary in charge of the Home Department in the case of the State government.

As noted in the press release, the government has always had the power to authorise intelligence agencies to submit requests to carry out the interception, decryption, and monitoring of communications, under Rule 4 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, framed under section 69(1) of the IT Act.

When considering the implications of this notification, it is important to look at it in the larger framework of India’s surveillance regime, which is made up of a set of provisions found across multiple laws and operating licenses with differing standards and surveillance capabilities.

- Section 5(2) of the Indian Telegraph Act, 1885 allows the government (or an empowered authority) to intercept or detain transmitted information on the grounds of a public emergency, or in the interest of public safety if satisfied that it is necessary or expedient so to do in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of an offence. This is supplemented by Rule 419A of the Indian Telegraph Rules, 1951, which gives further directions for the interception of these messages.

- Condition 42 of the Unified Licence for Access Services, mandates that every telecom service provider must facilitate the application of the Indian Telegraph Act. Condition 42.2 specifically mandates that the license holders must comply with Section 5 of the same Act.

- Section 69(1) of the Information Technology Act and associated Rules allows for the interception, monitoring, and decryption of information stored or transmitted through any computer resource if it is found to be necessary or expedient to do in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence.

- Section 69B of the Information Technology Act and associated Rules empowers the Centre to authorise any agency of the government to monitor and collect traffic data “to enhance cyber security, and for identification, analysis, and prevention of intrusion, or spread of computer contaminant in the country”.

- Section 92 of the CrPc allows for a Magistrate or Court to order access to call record details.

Notably, a key difference between the IT Act and the Telegraph Act in the context of interception is that the Telegraph Act permits interception for preventing incitement to the commission of an offence on the condition of public emergency or in the interest of public safety while the IT Act permits interception, monitoring, and decryption of any cognizable offence relating to above or for investigation of any offence. Technically, this difference in surveillance capabilities and grounds for interception could mean that different intelligence agencies would be authorized to carry out respective surveillance capabilities under each statute. Though the Telegraph Act and the associated Rule 419A do not contain an equivalent to Rule 4—nine Central Government agencies and one State Government agency have previously been authorized under the Act. The Central Government agencies authorised under the Telegraph Act are the same as the ones mentioned in the December 20 notification with the following differences:

- Under the Telegraph Act, the Research and Analysis Wing (RAW) has the authority to intercept. However, the 2018 notification more specifically empowers the Cabinet Secretariat of RAW to issue requests for interception under the IT Act.

- Under the Telegraph Act, the Director General of Police, of concerned state/Commissioner of Police, Delhi for Delhi Metro City Service Area, has the authority to intercept. However, the 2018 notification specifically authorises the Commissioner of Police, New Delhi with the power to issue requests for interception.

That said, the IT (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009 under 69B of the IT Act contain a provision similar to Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 - allowing the government to authorize agencies that can monitor and collect traffic data. In 2016, the Central Government authorised the Indian Computer Emergency Response Team to monitor and collect traffic data, or information generated, transmitted, received, or stored in any computer resource. This was an exercise of the power conferred upon the Central Government by Section 69B(1) of the IT Act. However, this notification does not reference Rule 4 of the IT Rules, thus it is unclear if a similar notification has been issued under Rule 4.

While it is accurate that the order does not confer new powers, areas of concern that existed with India’s surveillance regime continue to remain including the question of whether 69(1) and 69B and associated Rules are constitutionally valid, the lack of transparency by the government and the prohibition of transparency by service providers, heavy handed penalties on service providers for non-compliance, and a lack of legal backing and oversight mechanisms for intelligence agencies. Some of these could be addressed if the draft Data Protection Bill 2018 is enacted and the Puttaswamy Judgement fully implemented.

Conclusion

The MHA’s order and the press release thereafter have served to publicise and provide needed clarity with respect to the powers vested in which intelligence agencies in India under section 69(1) of the IT Act. This was previously unclear and could have posed a challenge to ensuring oversight and accountability of actions taken by intelligence agencies issuing requests under section 69(1) .

The publishing of the list has subsequently served to raise questions and create a debate about key issues concerning privacy, surveillance and state overreach. On December 24, the order was challenged by advocate ML Sharma on the grounds of it being illegal, unconstitutional and contrary to public interest. Sharma in his contention also stated the need for the order to be tested on the basis of the right to privacy established by the Supreme Court in Puttaswamy which laid out the test of necessity, legality, and proportionality. According to this test, any law that encroaches upon the privacy of the individual will have to be justified in the context of the right to life under Article 21.

But there are also other questions that exist. India has multiple laws enabling its surveillance regime and though this notification clarifies which intelligence agencies can intercept under the IT Act, it is still seemingly unclear which intelligence agencies can monitor and collect traffic data under the 69B Rules. It is also unclear what this order means for past interceptions that have taken place by agencies on this list or agencies outside of this list under section 69(1) and associated Rules of the IT Act. Will these past interceptions possess the same evidentiary value as interceptions made by the authorised agencies in the order?

For more details visit https://cis-india.org/internet-governance/blog/newslaundry-elonnai-hickok-vipul-kharbanda-shweta-mohandas-and-pranav-bidare-december-27-2018-is-the-new-interception-order-old-wine-in-a-new-bottle

Interview with Pranesh Prakash

praskrishna — 2012-11-30T06:58:39Z

Pranesh Prakash of the Centre for Internet and Society talks to Mint’s Surabhi Agarwal about the controversial Section 66A of the IT Act and the government’s decision to tweak it.

This video was published in LiveMint on November 30, 2012:

For more details visit https://cis-india.org/news/livemint-november-30-2012-video-interview-with-pranesh-prakash

Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009

smita — 2012-11-21T09:32:36Z

G.S.R.781 (E).-- In exercise of the powers conferred by clause (z) of sub-section (2) of section 87, read with sub-section (2) of section 69A of the Information Technology Act 2000, (21 of 2000), the Central Government hereby makes the following rules, namely:

1. Short title and commencement.--
(1) These rules may be called the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.
(2) They shall come into force on the date of their publication in the Official Gazette.

2. Definitions.--
In these rules, unless the context otherwise requires,-
(a) "Act" means the Information Technology Act, 2000 (21 of 2000);
(b) "computer resource" means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;
(c) "Designated Officer" means an officer designated as Designated Officer under rule 3;
(d) "Form" means a form appended to these rules;
(e) "intermediary" means an intermediary as defined in clause (w) of sub-section (1) of section 2 of the Act;
(f) "nodal officer" means the nodal officer designated as such under rule 4;
(g) "organisation" means -
(i) Ministries or Departments of the Government of ;
(ii) state Governments and Union territories;
(iii) any agency of the Central Government, as may be notified in the Official Gazette, by the Central Government;
(h) "request" means the request for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource;
(i) "Review Committee" means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951.

3. Designated Officer.--
The Central Government shall designate by notification in Official Gazette, an officer of the Central Government not below the rank of a Joint Secretary, as the "Designated Officer", for the purpose of issuing direction for blocking for access by the public any information generated, transmitted, received, stored or hosted in any computer resource under sub-section (2) of section 69A of the Act.

4. Nodal officer of organisation.--
Every organisation for the purpose of these rules, shall designate one of its officer as the Nodal Officer and shall intimate the same to the Central Government in the Department of Information Technology under the Ministry of Communications and Information Technology, Government of India and also publish the name of the said Nodal Officer on their website.

5. Direction by Designated Officer.--
The Designated Officer may, on receipt of any request from the Nodal Officer of an organisation or a competent court, by order direct any Agency of the Government or intermediary to block for access by the public any information or part thereof generated, transmitted, received, stored or hosted in any computer resource for any of the reasons specified in sub-section (1) of section 69A of the Act.

6. Forwarding of request by organisation.--
(1) Any person may send their complaint to the Nodal Officer of the concerned organisation for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource:
Provided that any request, other than the one from the Nodal Officer of the organisation, shall be sent with the approval of the Chief Secretary of the concerned State or territory to the Designated Officer:
Provided further that in case a Union territory has no Chief Secretary, then, such request may be approved by the Adviser to the Administrator of that Union territory.
(2) The organisation shall examine the complaint received under sub-rule (1) to satisfy themselves about the need for taking of action in relation to the reasons enumerated in sub-section (1) of section 69A of the Act and after being satisfied, it shall send the request through its Nodal Officer to the Designated Officer in the format specified in the Form appended to these rules.
(3) The Designated Officer shall not entertain any complaint or request for blocking of information directly from any person.
(4) The request shall be in writing on the letter head of the respective organisation, complete in all respects and may be sent either by mail or by fax or by e-mail signed with electronic signature of the Nodal Officer:
Provided that in case the request is sent by fax or by e-mail which is not signed with electronic signature, the Nodal Officer shall provide a signed copy of the request so as to reach the Designated Officer within a period of three days of receipt of the request by such fax or e-mail.
(5) On receipt, each request shall be assigned a number alongwith the date and time of its receipt by the Designated Officer and he shall acknowledge the receipt thereof to the Nodal Officer within a period of twenty four hours of its receipt.

7. Committee for examination of request.--
The request alongwith the printed sample content of the alleged offending information or part thereof shall be examined by a committee consisting of the Designated Officer as its chairperson and representatives, not below the rank of Joint Secretary in Ministries of Law and Justice, Home Affairs, Information and Broadcasting and the Indian Computer Emergency Response Team appointed under sub-section (1) of section 70B of the Act.

8. Examination of request.--
(1) On receipt of request under rule 6, the Designated Officer shall make all reasonable efforts to identify the person or intermediary who has hosted the information or part thereof as well as the computer resource on which such information or part thereof is being hosted and where he is able to identify such person or intermediary and the computer resource hosting the information or part thereof which have been requested to be blocked for public access, he shall issue a notice by way of letters or fax or e-mail signed with electronic signatures to such person or intermediary in control of such computer resource to appear and submit their reply and clarifications, if any, before the committee referred to in rule 7, at a specified date and time, which shall not be less than forty-eight hours from the time of receipt of such notice by such person or intermediary.
(2) In case of non-appearance of such person or intermediary, who has been served with the notice under sub-rule (1), before the committee on such specified date and time, the committee shall give specific recommendation in writing with respect to the request received from the Nodal Officer, based on the information available with the committee.
(3) In case, such a person or intermediary, who has been served with the notice under sub-rule (1), is a foreign entity or body corporate as identified by the Designated Officer, notice shall be sent by way of letters or fax or e-mail signed with electronic signatures to such foreign entity or body corporate and any such foreign entity or body corporate shall respond to such a notice within the time specified therein, failing which the committee shall give specific recommendation in writing with respect to the request received from the Nodal Officer, based on the information available with the committee.
(4) The committee referred to in rule 7 shall examine the request and printed sample information and consider whether the request is covered within the scope of sub-section (1) of section 69A of the Act and that it is justifiable to block such information or part thereof and shall give specific recommendation in writing with respect to the request received from the Nodal Officer.
(5) The designated Officer shall submit the recommendation of the committee, in respect of the request for blocking of information alongwith the details sent by the Nodal Officer, to the Secretary in the Department of Information Technology under the Ministry of Communications and Information Technology, Government of India (hereinafter referred to as the "Secretary, Department of Information Technology").
(6) The Designated Officer, on approval of the request by the Secretary, Department of Information Technology, shall direct any agency of the Government or the intermediary to block the offending information generated, transmitted, received, stored or hosted in their computer resource for public access within the time limit specified in the direction:
Provided that in case the request of the Nodal Officer is not approved by the Secretary, Department of Information Technology, the Designated Officer shall convey the same to such Nodal Officer.

9. Blocking of information in cases of emergency.--
(1) Notwithstanding anything contained in rules 7 and 8, the Designated Officer, in any case of emergency nature, for which no delay is acceptable, shall examine the request and printed sample information and consider whether the request is within the scope of sub-section (1) of section 69A of the Act and it is necessary or expedient and justifiable to block such information or part thereof and submit the request with specific recommendations in writing to Secretary, Department of Information Technology.
(2) In a case of emergency nature, the Secretary, Department of Information Technology may, if he is satisfied that it is necessary or expedient and justifiable for blocking for public access of any information or part thereof through any computer resource and after recording reasons in writing, as an interim measure issue such directions as he may consider necessary to such identified or identifiable persons or intermediary in control of such computer resource hosting such information or part thereof without giving him an opportunity of hearing.
(3) The Designated Officer, at the earliest but not later than forty-eight hours of issue of direction under sub-rule (2), shall bring the request before the committee referred to in rule 7 for its consideration and recommendation.
(4) On receipt of recommendations of committee, Secretary, Department of Information Technology, shall pass the final order as regard to approval of such request and in case the request for blocking is not approved by the Secretary, Department of Information Technology in his final order, the interim direction issued under sub-rule (2) shall be revoked and the person or intermediary in control of such information shall be accordingly directed to unblock the information for public access.

10. Process of order of court for blocking of information.--
In case of an order from a competent court in India for blocking of any information or part thereof generated, transmitted, received, stored or hosted in a computer resource, the Designated Officer shall, immediately on receipt of certified copy of the court order, submit it to the Secretary, Department of Information Technology and initiate action as directed by the court.

11. Expeditious disposal of request.--
The request received from the Nodal Officer shall be decided expeditiously which in no case shall be more than seven working days from the date of receipt of the request.

12. Action for non-compliance of direction by intermediary.--
In case the intermediary fails to comply with the direction issued to him under rule 9, the Designated Officer shall, with the prior approval of the Secretary, Department of Information Technology, initiate appropriate action as may be required to comply with the provisions of sub-section (3) of section 69A of the Act.

13. Intermediary to designate one person to receive and handle directions.--
(1) Every intermediary shall designate at feast one person to receive and handle the directions for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource under these rules.
(2) The designated person of the Intermediary shall acknowledge receipt of the directions to the Designated Officer within two hours on receipt of the direction through acknowledgement letter or fax or e-mail signed with electronic signature.

14. Meeting of Review Committee.--
The Review Committee shall meet at least once in two months and record its findings whether the directions issued under these rules are in accordance with the provisions of sub-section (1) of section 69A of the Act and if is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issue order for unblocking of said information generated, transmitted, received, stored or hosted in a computer resource for public access.

15. Maintenance of records by Designated Officer.--
The Designated Officer shall maintain complete record of the request received and action taken thereof, in electronic database and also in register of the cases of blocking for public access of the information generated, transmitted, received, stored or hosted in a computer resource.

16. Requests and complaints to be confidential.--
Strict confidentiality shall be maintained regarding all the requests and complaints received and actions taken thereof.

FORM
[See rule 6(2)]
A. Complaint
1. Name of the complainant: --___________________________________________
(Person who has sent the complaint to the Govt./Nodal Officer)
2. Address :________________________________________________________
________________________________________________________________
City :______________________ Pin Code:______________
3. Telephone :______________ (prefix STD code) 4. Fax (if any):__________
5. (if any):_____________________________
6. Email (if any):_____________________________________________
B : Details of website/ computer resource/intermediary/ offending Information hosted on the website
(Please give details wherever known)
7. URL / web address :________________________________
8. IP Address :___________________________
9. Hyperlink:____________________________
10. Server/Proxy Server address :__________________________________
11. Name of the Intermediary :___________________________________
12. URL of the Intermediary :____________________________________
(Please attach screenshot/printout of the offending information)
13. Address or location of intermediary in case the intermediary is telecom service provider, network service provider, internet service provider, web-hosting service provider and cyber cafe or other form of intermediary for which information under points (7), (8), (9), (10), (11) and (12) are not available.
_______________________________________________________
_______________________________________________________
_______________________________________________________
C. Details of Request for blocking
14. Recommendation/Comments of the Ministry/State Govt :______________________
________________________________________________________________________
________________________________________________________________________
15. The level at which the comments/ recommendation have been approved
(Please specify designation):__________________________________________
16. Have the complaint been examined in Ministry/State Government: Y/N
17. If yes, under which of the following reasons it falls (please tick):
(i) Interest of sovereignty or integrity of
(ii) Defence of
(iii) Security of the State
(iv) Friendly relations with foreign States
(v) Public order
(vi) For preventing incitement to the commission of any cognisable offence relating to above
D. Details of the Nodal Officer forwarding the complaint alongwith recommendation of the Ministry/State Govt. and related enclosures
18. Name of the Nodal Officer:_____________________________________________
19. Designation :___________________________________________________
20. organisation :________________________________________________________
21. Address : ______________________________________________________
City :______________________ Pin Code:______________
22. Telephone:________________(prefix STD code) 23. Fax (if any):____________
24. (if any):_____________________________
25. Email (if any):_____________________________________________
E. Any other information :
F. Enclosures :

1.
2.
3
Date: Place: Signature

For more details visit https://cis-india.org/internet-governance/resources/information-technology-procedure-and-safeguards-for-blocking-for-access-of-information-by-public-rules-2009

Information security policy on govt agenda

praskrishna — 2012-11-08T06:18:28Z

As an increasing quantity of sensitive information is transmitted through electronic channels, the government is considering putting in place an internal information security policy to reduce the risk of leaks and counter possible cyber attacks, said three government officials involved in discussions on the proposal.

Surabhi Agarwal's article was published in LiveMint on November 6, 2012. Sunil Abraham is quoted.

The policy will include new guidelines on top of the standards set out by the Official Secrets Act, 1923, and mandate safeguards for each category of information on how it should be transmitted, stored and preserved. The categories are “top secret”, “secret”, “confidential”, “restricted” and “official use only”.

Experts argue that given the easy portability of such information and its vulnerability to hackers, the policy should have been in place much sooner.

The Official Secrets Act seeks to protect sensitive information including official communications, sketch plans, documents and other information pertaining to government functioning. Gaining wrongful access to information deemed to be an official secret or unauthorized use of such information are regarded as offences.

Given that the law was enacted almost a quarter century before independence, it had no provisions to deal with electronic transmission of such information made possible by technological advances in subsequent decades, said cyber expert Pawan Duggal.

One of the three government officials cited above said the aim of the proposed internal information security policy is to protect classified information that’s transmitted electronically much as it is done currently in the paper format.

"As more information is getting transmitted in the electronic format, we have to put in place procedures, guidelines, policies and standards for protecting that information in the electronic format," the official said.

From the newsroom: Securing government information	The discussions, being anchored by the home ministry, have been under way for some time and the policy should be finalized in the “next few months”, the official said. A second official said the policy will lay down the dos and don’ts for government officers on how information has to be transmitted, stored and preserved in the electronic format. “In case of a breach, the investigation agencies can then look into whether the requisite safeguards were followed or not,” the official said. The proposal follows a rash of attacks on government computer systems that exposed their vulnerability to hackers. Former minister of state for communications and information technology Sachin Pilot told Parliament recently that between December 2011 and February 2012, a total of 112 government websites had been hacked.

From the newsroom: Securing government information

The discussions, being anchored by the home ministry, have been under way for some time and the policy should be finalized in the “next few months”, the official said.

A second official said the policy will lay down the dos and don’ts for government officers on how information has to be transmitted, stored and preserved in the electronic format. “In case of a breach, the investigation agencies can then look into whether the requisite safeguards were followed or not,” the official said. The proposal follows a rash of attacks on government computer systems that exposed their vulnerability to hackers.

Former minister of state for communications and information technology Sachin Pilot told Parliament recently that between December 2011 and February 2012, a total of 112 government websites had been hacked.

A third government official, who also didn’t want to be identified, said that every government official would have to follow standard procedures in electronic transmission of information.

“The moment one’s computer is connected to the Internet, it is part of a global network, so attackers in the cyber space know which information can be stolen from where if the necessary deterrents are not in place,” the official said.

Sensitive information such as tax matters and intellectual property issues are part of the information that’s transmitted electronically by government offices, which if leaked can have market implications as well as an impact on governance, experts said.

“The government leaks like a sieve,” said B.G. Verghese, a visiting professor at New Delhi-based Centre for Policy Research.

“This is a step and they are trying to lay some ground rules to regulate a process that fits in with concepts of law, good governance, Constitution, privacy and prevents any wrongdoing,” Verghese said.

The proposed policy, when put in place, will be a step forward so long as it does not dilute the powers available to citizens under the Right to Information Act, said Sunil Abraham, executive director of Bangalore-based research organization Centre for Internet and Society.

Currently there are several concerns centred on electronic transmission, including questions about who is responsible for information, especially its unauthorized use. “This could help establish an audit trail,” Abraham said.

The first government official quoted above stressed that although cyber security and information security cut across each other, the two concepts are different.

“Cyber (security) is basically about devices and networks, whereas information security is very particularly about the information which travels on the net,” this official said. Reinforced cyber security will be an additional benefit once the information security policy comes into force, he said.

For more details visit https://cis-india.org/news/live-mint-politics-surabhi-agarwal-nov-6-2012-information-security-policy-on-govt-agenda

Information Disorders and their Regulation

Torsha Sarkar, Shruti Trikanad, and Anoushka Soni — 2024-01-31T14:20:20Z

The Indian media and digital sphere, perhaps a crude reflection of the socio-economic realities of the Indian political landscape, presents a unique and challenging setting for studying information disorders.

In the last few years, ‘fake news’ has garnered interest across the political spectrum, as affiliates of both the ruling party and its opposition have seemingly partaken in its proliferation. The COVID-19 pandemic added to this phenomenon, allowing for xenophobic, communal narratives, and false information about health-protective behaviour to flourish, all with potentially deadly effects. This report maps and analyses the government’s regulatory approach to information disorders in India and makes suggestions for how to respond to the issue.

In this study, we gathered information by scouring general search engines, legal databases, and crime statistics databases to cull out data on a) regulations, notifications, ordinances, judgments, tender documents, and any other legal and quasi-legal materials that have attempted to regulate ‘fake news’ in any format; and b) news reports and accounts of arrests made for allegedly spreading ‘fake news’. Analysing this data allows us to determine the flaws and scope for misuse in the existing system. It also gives us a sense of the challenges associated with regulating this increasingly complicated issue while trying to avoid the pitfalls of the present system.

Click to download the full report here.

For more details visit https://cis-india.org/internet-governance/blog/information-disorders-and-their-regulation

Information & Communication Technology in Making a Healthy Information Society with special reference to use of ICTS in Educational Technology

praskrishna — 2014-07-18T09:06:20Z

The Department of Computer Science, Andhra Loyola College in collaboration with the Department of Computer Science, Krishna University will be organizing a UGC-sponsored National Seminar on August 11 and 12, 2014 at Andhra Loyola College in Vijayawada.

T. Vishnu Vardhan, Programme Director, Access to Knowledge from the Centre for Internet and Society will be giving a key note address at this event.

See the invitation below:

For more details visit https://cis-india.org/news/information-communication-technology-in-making-a-healthy-information-society-with-special-reference-to-use-of-icts-in-educational-technology

Impact of Industrial Revolution 4.0 - IT and Automotive Sector in India by the Dialogue and FES

Admin — 2019-08-27T00:13:32Z

On August 21, 2019, Aayush Rathi, attended a report launch event and focus group discussion on the "Impact of Industrial Revolution 4.0 - IT and Automotive Sector in India". Research conducted by the Dialogue in collaboration with the Friedrich-Ebert-Stiftung (FES) were being presented.

At CIS, we have previously produced research on the future of work in these sectors. Aayush attended the event to understand how other researchers are approaching the subject of the future of work in terms of the methodological approach and the questions being asked and policy responses being proposed. In what may be treated as validation of our research design, FES and the Dialogue have addressed similar questions and adopted an empirical+desk based approach to do so as well.

For more details visit https://cis-india.org/internet-governance/news/impact-of-industrial-revolution-4-0-it-and-automotive-sector-in-india-by-the-dialogue-and-fes

Govt tweaks enforcement of IT Act after spate of arrests

praskrishna — 2012-11-30T08:27:01Z

The government on Thursday tweaked the law to make it tougher for citizens to be arrested for online comments that are deemed offensive after recent arrests came in for heavy criticism by Internet activists, the media and other groups.

Surabhi Agarwal's article was published in LiveMint on November 29, 2012. Pranesh Prakash is quoted.

This took place just before the Supreme Court was to hear a public interest litigation seeking an amendment to the Information Technology (IT) Act.

Complaints under the controversial Section 66A of the IT Act, which criminalizes “causing annoyance or inconvenience” online or electronically, can be registered only with the permission of an officer of or above the rank of deputy commissioner of police, and inspector general in metro cities, said a senior government official.

The government, however, has not amended the terms in the section that are said to be vague and subject to interpretation.

The public interest litigation against Section 66A filed by student Shreya Singhal came up in chief justice Altamas Kabir’s court on Thursday. The matter will be heard on Friday.

Two girls near Mumbai were arrested last week for criticizing on Facebook the shutdown in the city for Shiv Sena chief Bal Thackeray’s funeral. Earlier in November, a businessman in Puducherry was arrested for comments made on Twitter against finance minister P. Chidambaram’s son Karti Chidambaram.

According to people present at the meeting of the cyber regulatory advisory committee on Thursday, the Union government will issue guidelines to states with respect to the compliance of the new enforcement rules soon. The people didn’t want to be named. An official said the move was not related to the case.

Pranesh Prakash, policy director at the Centre for Internet and Society think tank, said that while the change in the law is a step in the right direction and will eliminate a lot of frivolous complaints, more needs to be done to make the legislation specific.

Chief justice Kabir said the apex court was considering taking suo motu cognisance of recent incidents.

Singhal contended in her plea that “the phraseology of section 66A of the IT Act, 2000, is so wide and vague and incapable of being judged on objective standards, that it is susceptible to wanton abuse and, hence, falls foul of Article 14, 19 (1)(a) and Article 21 of the Constitution.”

She submitted that “unless there is judicial sanction as a prerequisite to the setting into motion the criminal law with respect to freedom of speech and expression, the law as it stands is highly susceptible to abuse and for muzzling free speech in the country.”

The PIL was argued by Mukul Rohatgi, who said in his opening remarks that Section 66A was vague. Terms such as “offensive” and “annoyance” should be clearly defined as the section is part of criminal law, he said.

Senior advocate Harish Salve, who was also present during the hearing, said India guaranteed the right to “annoy” and there was no need to have a separate law.

Salve, who is in the process of filing an intervention on behalf of some technology companies, added that the section needed to be narrowed to specifically cater to private messages sent electronically and not social media communications.

He said the existing law of defamation should suffice and could be extended to include electronic communications. According to a lawyer who is part of the team representing Singhal, the petition also demanded that the law be made non-cognisable so that the police can’t make an arrest without an order from a magistrate.

“There has been a lot of misuse and abuse of the law recently and we want it to be struck down absolutely and also the court to issue guidelines,” he said.

Apart from the incident at Palghar in Thane district involving the two girls, Singhal’s PIL referred to an April incident in which a professor of chemistry from Jadavpur University in West Bengal, Ambikesh Mahapatra, was arrested for posting a cartoon concerning chief minister Mamata Banerjee on a social networking site.

She also referred to the Puducherry case as well as the May arrests of two Air India Ltd employees, V. Jaganatharao and Mayank Sharma, by the Mumbai Police under the IT Act for posting content on Facebook and Orkut against a trade union leader and some politicians.

Singhal has sought guidelines from the apex court to “reconcile Section 41 and 156 (1) of the Criminal Procedure Code (CPC) with Article 19 (1)(a) of the Constitution” and that offences under the Indian Penal Code and any other legislation, if they involve the freedom of speech and expression, be treated as a non-cognizable offences for the purposes of Sections 41 and 156 (1).

Section 41 of CPC empowers the police to arrest any person without an order from a magistrate and without a warrant in the event that the offence involved is a cognizable offence. Section 156 (1) empowers the investigation by the police into a cognizable offence without an order from a magistrate.

The government official present at the cyber regulatory advisory committee said the expressions used in Section 66A had been taken from different statutes around the world, including the UK and the US.

“There has been a broad consensus that the parameters of the law concerned might be in order but from a procedural standpoint there might be difficulty,” the official said.

Prakash said that while some of the terms in the section may be taken from legislation overseas, the penalty imposed under the Indian law is far more stringent at three years of imprisonment than, for instance, six months under the UK law. “Criminal offences can’t be put at the same level as something which causes insult.”

The cyber regulatory advisory committee meeting was attended by minister for communications and information technolgy Kapil Sibal, and secretaries of the department of telecommunications and information technology, besides representatives of technology companies such as Google and Facebook, industry associations and civil society.

The official also said that the situation will be reviewed every three to four months based on “ground realities”.

A government official said on condition of anonymity that the decision to revive the cyber regulatory advisory committee had been taken at a meeting in August. Section 66A was put on the agenda since it was the subject of much debate, he said. The meeting, however, was not a pre-emptive measure ahead of the PIL that was taken up in the Supreme Court. The official also said that the government will spell out its position in court in favour of the legislation.

For more details visit https://cis-india.org/news/livemint-politics-november-29-2012-surabhi-agarwal-govt-tweaks-enforcement-of-it-act-after-spate-of-arrests

GNI and IAMAI Launch Interactive Slideshow Exploring Impact of India's Internet Laws

jyoti — 2014-07-17T12:01:01Z

The Global Network Initiative and the Internet and Mobile Association of India have come together to explain how India’s Internet and technology laws impact economic innovation and freedom of expression.

The Global Network Initiative (GNI), and the Internet and Mobile Association of India (IAMAI) have launched an interactive slide show exploring the impact of existing Internet laws on users and businesses in India. The slide show created by Newsbound, and to which Centre for Internet and Society (CIS) has contributed its comments—explain the existing legislative mechanisms prevalent in India, map the challenges of the regulatory environment and highlight areas where such mechanisms can be strengthened.

Foregrounding the difficulties of content regulation, the slides are aimed at informing users and the public of the constraints of current legal mechanisms in place, including safe harbour and take down and notice provisions. Highlighting Section 79(3) and the Intermediary Liability Rules issued in 2011, the slide show identifies some of the challenges faced by Internet platforms, such as the broad interpretation of the legislation by the executive branch.

Challenges governing Internet platforms highlighted in the slide show include uniform Terms of Service that do not consider the type of service being provided by the platform, uncertain requirements for taking down content and compliance obligations related to information disclosure. Further the issues of over compliance and misuse of the legal notice and take down system introduced under Section 79 of the Information Technology (Intermediaries Guidelines) Rules 2011.

The Rules were created with the purpose of providing guidelines for the ‘post-publication redressal mechanism expression as envisioned in the Constitution of India'. However, since their introduction, the Rules have been criticised extensively, by both the national and the international media on account of not conforming to principles of natural justice and freedom of expression. Critics have pointed out that by not recognising the different functions performed by the different intermediaries and by not providing safeguards against misuse of such mechanism for suppressing legitimate expression, the Rules have a chilling effect on freedom of expression.

Under the current Rules, the third party provider/creator of information is not given a chance to be heard by the intermediary, nor is there a requirement to give a reasoned decision by the intermediary to the creator whose content has been taken down. The take down procedure also, does not have any provisions for restoring the removed information, such as providing a counter notice filing mechanism or appealing to a higher authority. Further, the content criteria for removal of content includes terms like 'disparaging' and 'objectionable', which are not defined and prima facie seem to be beyond the reasonable restrictions envisioned by the Constitution of India. With uncertainty in content criteria and no safeguards to prevent abuse complainant may send frivolous complaints and suppress legitimate expressions without any fear of repercussions.

Most importantly, the redressal mechanism under the Rules shifts the burden of censorship, previously, the exclusive domain of the judiciary or the executive, and makes it the responsibility of private intermediaries. Often, private intermediaries, do not have sufficient legal resources to subjectively determine the legitimacy of a legal claim, resulting in over compliance to limit liability. The slide show cites the 2011 CIS research carried out by Rishabh Dara to determine whether the Rules lead to a chilling effect on online free expression, towards highlighting the issue of over compliance and self censorship.

The initiative is timely, given the change of guard in India, and stresses, not only the economic impact of fixing the Internet legal framework, but also the larger impact on users rights and freedom of expression. The initiative calls for a legal environment for the Internet that enables innovation, protects the rights of users, and provides clear rules and regulations for businesses large and small.

See the slideshow here: How India’s Internet Laws Can Help Propel the Country Forward

Other GNI reports and resources:

Closing the Gap: Indian Online Intermediaries and a Liability System Not Yet Fit for Purpose

Strengthening Protections for Online Platforms Could Add Billions to India’s GDP

For more details visit https://cis-india.org/internet-governance/blog/gni-and-iamai-launch-interactive-slideshow-exploring-impact-of-indias-internet-laws

Future of Work: Report of the ‘Workshop on the IT/IT-eS Sector and the Future of Work in India’

ambika — 2020-03-05T19:03:07Z

This report provides an overview of the proceedings and outcomes of the Workshop on the IT/IT-eS Sector and the Future of Work in India (hereinafter referred to as the “Workshop”), organised at Omidyar Networks’ office in Bangalore, on June 29, 2018.

This report was authored by Torsha Sarkar, Ambika Tandon and Aayush Rath. It was edited by Elonnai Hickok. Akash Sriram, Divya Kushwaha and Torsha Sarkar provided transcription and research assistance. A PDF of the report can be accessed here.

Introduction

The Workshop was attended by a diverse group of stakeholders which included industry representatives, academicians and researchers, and civil society. The discussions went over various components of the transition in the sector to Industry 4.0, including the impact of Industry 4.0-related technological innovations on work broadly in India, and specifically in the IT/IT-eS sector (hereinafter referred to as the “Sector”). The discussion focused on the reciprocal impact on socio-political dimensions, the structure of employment, and forms of work within workspaces.

The Workshop was divided into three sessions. The first session was themed around the adoption and impact of Industry 4.0 technologies vis-a-vis the organisation of work. Within this the key questions were: the nature of the technologies being adopted, the causes that are driving the uptake of these technologies, and the ‘tasks’ constituting jobs in the Sector.

The second session focussed on the role of skilling and re-skilling measures as mitigators to projected displacement of jobs. The issues dealt with included shifts in company, educational, and social competency profiles as a result of Industry 4.0, transformations in the predominant pedagogy of education, vocational, and skill development programmes in India, and their success in creating employable workers and filling skill gaps in the industry.

The third session looked at social welfare considerations and public policy interventions that may be necessitated in the wake of potential technological unemployment owing to Industry 4.0. The session was designed with a specific focus on the axes of gender and class, addressing questions of precarity, wages, and job security in the future of work for marginalized groups in the workforce.

Preliminary Comments

The Workshop opened with a brief introduction on the research the Centre for Internet and Society (CIS) is undertaking on the Future of Work (hereinafter referred to as “FoW”) vis-a-vis Industry 4.0. The conception of Industry 4.0 that CIS is looking at is the technical integration of cyber-physical systems in production and logistics on one hand, and the use of internet of things (IoT) and the connection between everyday objects and services in the industrial processes on the other. The scope of the project, including the impact of automation on the organisation of employment and shifts in the nature and forms of work, including through the gig economy, and microwork, was detailed. The historical lens taken by the project, and the specific focus on questions of inequality across gender, class, language, and skill were highlighted.

It was pointed out that CIS’ research, in this regard, comes from the necessity of localising and re-examining the global narratives around Industry 4.0. While new technologies will be developed and implemented globally, the impact of these technologies in the Indian context would be mediated through local, political and socio-economic structures. For instance, the Third Industrial Revolution, largely associated with the massification of computing, telecommunications and electronics, is still unfolding in India, while attempts are already being made to adapt to Industry 4.0. These issues provided a starting point to the discussion on the impact of Industry 4.0 in India.

Qualifying Technological Change

Contexualising the narrative with historical perspectives

The panel for the first session commenced with a discussion around a historical perspective on job loss being brought about due to mechanisation. The distinction between Industry 3.0 and 4.0, it was suggested, was largely arbitrary, inasmuch as technological innovation has been a continuous process and has been impacting lives and the way work is perceived. It was argued that the only factor differentiating Industry 4.0 from previous industrial revolutions is ‘intelligent’ technology that is automating routine cognitive tasks. The computer, programmatic logic control (PLC) and data (called the ‘new oil’) were also a part of Industry 3.0, but intelligent technologies are able to provide greater analytical power under Industry 4.0.

The discussion also went over the distinction between the terms ‘job’, ‘task’ and ‘work’. It was argued that the term ‘job’ might be treated as a subset of the term ‘work’, with the latter moving beyond livelihood to encompass questions of dignity and a sense of fulfilment in the worker. With relation to this distinction, it was mentioned that the jobs at the risk of automation would be those that fulfill only the basic level in Maslow’s hierarchy - implying largely routine manual tasks. Additionally, it was explained that although these jobs will continue to use labour through Industry 4.0, it is only the nature of technological enablement that would change to automate more dangerous and hazardous tasks.

Technology as a long-term enabler of job creation

It was argued that technology has historically been associated with job creation. Historical instances cited included that of popular anxiety due to anticipated job loss through the uptake of the spinning machine and the steam engine, whereas the actual reduction in the cost of production led to greater job creation, increased mobility and improved quality of life in the long-term. Such instances were used to further argue that technology has historically not resulted in long-term job reductions.

The platform economy was posited as a model for creating jobs, through the efficient matching of supply and demand through digital platforms. It was indicated that rural to urban migration is aided by such platforms, as labourers voluntarily enrol in skilling initiatives given the certainty of employment through platformization. It was further argued that historically, Indian workers have been educated rather than skilled, and that platformization and automation, coupled with the elasticity of human needs, will provide greater incentives for technically skilled workers by creating desirable jobs.

Factors leading to differential adoption of automation

In relation to the adoption of the technologies Industry 4.0, it was argued that the mere existence of a technology does not necessitate its scalablity at an industrial level. Scalability would be possible only when the cost of labour is high relative to the costs entailed in technological adoption. This was supported by data from a McKinsey Report^{^[1]} which indicated that countries like the US and Germany would be impacted in the short term by automation, because their cost of labour is higher. Conversely, since the cost of labour in India is relatively cheap, the reality of technological displacement is still far away and the impact would not be immediate.

Similarly, a distinction was also made to account for the differential impact of automation in various sectors. For instance, it was indicated that since the IT/IT-eS sector in India is based on exporting services and outsourcing of businesses. Accordingly, if Germany automates its automobile industry, that would impact India less than if it automates the IT/IT-eS sector, as the latter is more reliant on exporting its services to developed economies. The IT/IT-eS sector was further broken down into sub-sectors with the intention of highlighting the differential impact of automation and FoW in each of these sub-sectors. It was agreed that the BPO sub-sector would be more adversely impacted than core IT services, given its constitution of routine nature of tasks at a higher risk of automation.

Disaggregating India’s Skilling Approach

The discussion around skilling measures was contextualised in the Indian context by alluding to data collected from the National Sample Survey Organisation (NSSO) surveys. The data revealed that around 36% of India’s total population is under the age of seventeen and approximately 13% are between 18 - 24. Additional statistics suggested that only around a quarter of the workforce aged 18-24 years had achieved secondary and higher secondary education and close to 13% of the workforce was illiterate. While these numbers included both male and female workers, it was pointed out that it was an incomplete dataset as it excluded transgender workers. It was suggested it should be this segment of the Indian demographic that is targeted for significant skilling pushes, which could be catalysed through specific vocational training centres. It was also suggested that there was a need for to restructure the role of the National Skill Development Corporation (NSDC) in the Indian skilling framework.

A comprehensive picture was painted by conceptualising the skilling framework in India as 5 distinct pillars. This conceptualisation was used to debunk the narrative around NSDC being the sole entity pushing for skill development in the country. The NSDC’s function in the skilling framework was posited as providing funding to skilling initiatives with programmes lasting for a period of 3 months. These 3- month programmes were critiqued for being insufficient for effective training, especially given the low skill levels of workers going into the programmes. The NSDC’s placement rate of 12% as per their own records was used to support this argument. Further suggestions on making the NSDC more effective were made in a later discussion^{^[2]}.

Related to this, the second pillar of vocational skilling was said to be the Industrial Training Institute (ITI). The third pillar was said to be the school system which was critiqued for does not offering vocational education at secondary and senior secondary levels. The fourth pillar comprised of the 16 ministries which governed the labour laws in India - none of whose courses were National Skills Qualifications Framework (NSQF) compliant.

The fifth pillar was construed as the industry itself and the enterprise-based training it conducted. However, it was stated that India’s share of registered companies who did enterprise-based training was dismal. In 2009, the share of enterprise-based training was 16% which rose in 2014 to 36%. Further, most of these 36% were registered large firms as opposed to small and medium sized enterprises. Unregistered companies, it was suggested, were simply doing informal apprenticeships.

Joint public and private skilling initiatives

In addition to government sponsored skilling initiatives, attention was directed to skill development partnerships that took the shape of public-private initiatives. As an example, it was said that that a big player in the ride-hailing economy had worked with NSDC and other skilling entities to ensure that soft skills were being imparted to their driver partners before they were on-boarded onto the platform.

It was also brought forth that innovative forms of skilling and training were gaining traction in the education sector as well in the private sector. This was instantiated through instances of uptake of platforms which apply artificial intelligence, and within that machine learning based techniques, to generate and disseminate easier- to- consume video-based learning.

Driving Job Growth: Solving for Structural Eccentricities of the Indian Labour Market

Catalysing manufacturing-led job growth

The discussion began by discussing specific dynamics of the Indian labour markets in the context of the Indian economy. It was pointed out the productivity level of the services sector is not as high as the productivity level of manufacturing, which is problematic for job creation in a developing economy such as India witnessing capital-intensive growth in the manufacturing sector. The underlying argument was that the jobs of the future in the Indian context will have to be created in the manufacturing sector.

Several macroeconomic policy interventions were suggested to reverse the trend of capital-intensive growth in order to make manufacturing the frontier for enhanced job creation. The need for a trade policy in consonance with the industrial policy was stated as imperative. This was substantiated by highlighting the lack of an inverted duty structure governing the automobile sector that has led India to be amongst the biggest manufacturers of automobiles. The inverted duty structure entails finished products having a lower import tariff and a lower customs duty when compared to import of raw materials or intermediates. However, it was highlighted that a dissonant industrial policy failed to acknowledge that at least 50% of india’s manufacturing comes from Micro, Small & Medium Enterprises (MSMEs) and provided no assistance to MSMEs in obtaining credit, market access or technology upgradation. On the other hand, it was asserted that large corporates get 77% of the total bank credit.

Another challenge that was highlighted was with the Government of India’s severely underfunded manufacturing cluster development programs under the aegis of the Ministry of Textiles and the Ministry of MSMEs. For sectors that contribute majorly towards India’s manufacturing output, it was asserted that these programmes were astonishingly bereft of any governing policy and suffer from several foundational issues. Moreover, it was observed that these clusters are located around the country in Tier 2, 3 and 4 cities where the quality of infrastructure is largely lacking. The Atal Mission for Rejuvenation and Urban Transformation (AMRUT) program devised for the development of these cities is also myopic as the the target cities are not the ones where these manufacturing clusters are located. The rationale behind such an approach was that building infrastructure at geographical sites of job creation would lead to an increase in productivity which would in turn attract greater investment. This would have to necessarily be accompanied by hastening the setting up of industrial corridors - the lackadaisical approach to which was stated as a key component of India being outpaced by other developing economies in the South East Asian region.

An additional policy intervention that was suggested was from the lens of setting up of skilling centres by NSDC in proximity to these manufacturing clusters where the job creation is being evidenced as opposed to larger metropolitan cities.

Carving out space for a vocational training paradigm

It was asserted that the focus of skilling needs to be on the manufacturing rather than services sector, given the centrality of manufacturing to a developing economy undergoing an atypical structural transformation^{^[3]} - as outlined above. Further compounding the problem of jobless growth, it was stated that 50% of the manufacturing workforce have 8 or less years of education and only 5% of the workforce including those that have technical education are vocationally trained, according to the NSS, 62nd Round on Employment and Unemployment.

A gulf in primary and secondary education vis-a-vis vocational training was pointed as one of the most predominant causes behind the much touted ‘skills gap’ that the Indian workforce is said to be battling with. Using data to further cull out the argument, it was said that in 2007, the net enrollment in India for primary education had already reached 97% and that between 2010 - 2015, the secondary education enrollment rate went from 58% to 85%.^{^[4]} It was hypothesised that the latter may have risen to 90% levels since. Furthermore, the higher education enrollment rate also commensurately went up from 11% in 2006 to 26-27% in 2017.^{^[5]} It was argued that this is impossible to achieve without gender parity in higher education. This gender parity in education was contrasted with the systematic decline in the women’s labour force participation that India has been witnessing in the last 30 years.

Consequently, the ‘massification’ of higher education in India over the past 10 years was critiqued as ineffectual in comparison to the Chinese model, as the latter focused on engaging students in vocational training, which the Indian education system had failed to do. The role of the gig economy in creating job opportunities despite this gap between educational and vocational training was regarded as important, especially given the lack of growth in the traditional job markets.

Accounting for the Margins

With relation to the profiles of workers within sectors, it was indicated that factors such as gender, class, skill, income, and race must be accounted for to determine the ‘winners’ and ‘losers’ of automation. Several points were discussed with relation to this disaggregation.

Technology as an equaliser? Gender and skill-biased technological change

First, the idea of technology and development as objective and neutral forces was questioned, with the assertion that human decision-makers, who more often than not tend to be male, allow inherent biases to creep into outputs, processes, and objectives of automation. Data from the Belong Survey in IT services^{^[6]} indicated that the proportion of women in core engineering was 26% of the workforce, while that in software testing was 33%. Coupled with the knowledge that automation and technology would automate software testing first, it was argued that jobs held by female workers were positioned at a higher immediate risk of automation than male workers.

The ‘Leaky Pipe Problem’ in STEM industries i.e. the observation that female workers tend to be concentrated in entry level jobs, while senior management is largely male dominated was also brought to the fore. This was used to bolster the argument that female workers in the Sector will lose out in the shorter term, when automation adversely impacts the lower level jobs.

A survey conducted by Aspiring Minds^{^[7]} which tracked the employability of the engineering graduates was utilised to further flesh out skill biased technological change. As per the survey, 40% of the graduating students are employable in the BPO sector, while only 3% of the students are employable in the sector for software production. With the BPO sector likelier to be impacted more adversely than core IT services, it was emphasised that policy considerations should be very specific in their ambit.

Social security and the platform economy

The discussion around the platform economy commenced with a focus on how it had created economic opportunities in the formal sector by matching demand and supply on one hand, and by reducing inefficiency in the system through technology on the other. It was pointed out that these newer forms of work were creating millions of entrepreneurship opportunities that did not exist previously. These opportunities, it was suggested, were in themselves flexible and contributing the greater push towards enhancing the numbers of those that come within the ambit of India’s formal economy.

This discussion was countered by suggesting that the shift of the workforce from the informal sector to the formal sector, which companies in the gig economy claimed they contributed to, have instead restricted the kind of lives gig workers have been living historically. As an instance, it was pointed out that a farmer who had been working with a completely different set of skills was now being asked to shift to a new set of skills which would be suited for a very specific role and not transposable across occupations. In other words, it would not be meaningful skilling. It was also pointed out that what distinguishes formal work from informal is whether the worker has social security net or not - mere access to banking services or filing of tax returns was not sufficient for characterising a workforce as being formal in nature.

Relatedly, the possibility of social security was discussed for the unorganised sector and microworkers. One of the possibilities discussed was to ensure state subsidised maternity, disability, and death security, and pensions for workers below the poverty line. The fiscal brunt borne by the government for such a scheme was anticipated to not be above 0.4% of the GDP. It was suggested that this would move forward the conversation on minimum wage and fair work, which would be of great importance in broader conversations around working conditions in the platform economy.

The interplay of gender and platformisation

It was highlighted that trends in automation are going to change the occupational structure in the digital economy - the effect of which will especially be felt in cognitive routine jobs given their increased propensity to platformisation. A World Economic Forum report^{^[8]} was cited which indicated the disproportional risk of unemployment faced by women given their concentration in cognitive routine jobs was also brought up.

The discussion logically undertook a deeper look at the platformisation of work with a specific focus on freelance microwork and its impact on the female labour force and culled out certain positive mandates arising from such newer forms of work. It was suggested that industries are more likely to employ female workers in microwork due to lower rates of attrition, and flexible labour. It was reiterated that freelancing in India extends beyond data entry and other routine jobs, to include complex work - thereby also catering to skilled workers desirous of flexibility. Platforms designing systems to meet the demand for flexible work were also discussed, such as platforms geared towards female workers undertaking reskilling measures and counselling for females returning from maternity leave or sabbaticals. Additionally, the difficulty of defining freelancing under existing frameworks of employment, compounded by the lack of legal structures for such work, was outlined.

Systemic challenges within the Indian labour law framework

Static design of legal processes

Labour law was, naturally, acknowledged as a key determinant in the conversation around both the uptake and impact of automative technologies encapsulated within Industry 4.0.

The archaic nature of India’s labour law framework was highlighted as a major impediment to ensuring both worker rights as well as the ease of conducting commerce. It was pointed out that organised labour continues to be under the ambit of the Industrial Disputes Act, which was made effective in 1947, has undergone minimal amendments since. This was critiqued on the basis that the framework for the law is embedded in its historical context, and while the industrial landscape in the country has transformed drastically since the implementation of the Industrial Disputes Act, the legal framework has not evolved. Similarly, the Karnataka Shops and Establishments Act, 1961 which regulates the Sector today was enacted much before the Sector even opened up in India in the 1990s.

Additionally, it was pointed out that the consolidation of the fragmented extant framework of labour laws in India was being consolidated into 4 labour codes without any wholesale modernisation push reforming the laws being consolidated. Consequently, it was argued that the government has to drive changes through policies alone as the legal framework remains static. Barriers to implementation of adequate policies were also discussed, such as the political impact of labour policies, lack of state initiative to deal with the impact of the future of work, apart from the historic inability of the law to keep up with the state of labour and economy.

Labour law arbitrage

One of the reasons behind the increasing contractualizing of labour in India was attributed to over-regulation. There was consensus that the labour law regime was not conducive to industry in India leading to greater opportunistic behaviours from industry participants. It was acknowledged that the political clout that a lot of contractors (of labourers) enjoy along with providing primary employers greater flexibility to hire and fire employees at will has led to a widespread utilisation of contract labour entities.

It was further stated that industry behaviour has adopted several other tools of arbitrage to not consider labour law as a key impediment in the ease of scaling business. Empirical evidence of labour law arbitrage was cited to drive home the point - according to national surveys, 80-85% of enterprises employ less than 99 workers as the law mandates stricter compliance requirements for enterprises employing 100 or more workers^{^[9]}. This was acknowledged a serious hurdle to scaling businesses.

Problems behind other apparently well-intentioned legislation from a public policy lens having counterproductive consequences was also highlighted. In the space of labour laws, the example of the recently enacted Maternity Benefit (Amendment) Act, 2017 was cited. By enhancing maternity benefits, without accounting for other provisioning such as a paternity benefit inclusion, it was anticipated that companies may entirely shy away from hiring women.

Policy Paralysis

The discussion progressed towards a high-level discussion around the efficacy of law vis-a-vis state policy as a means to create a system of checks and balances in the context of Industry 4.0. It was highlighted that law, by design, would be outpaced by technological change. The common law system of law operating in India is premised on a time-tested emphasis on post-facto regulation. In other words, it is reactionary. While policy making in India suffers from a similar plague of playing catch-up, it is in large part due to a bureaucratic structure premised on generalism - a pressing need for domain expertise in policy making was emphasised upon. Having said that, it was stated that it is the institutional design of policy making institutions that needs rectification. What was acknowledged was the success, albeit scant, that individual states have had in policy making catering to specific yet diverse domains. A greater push towards clear and progressive evidence-based policy pushes was stressed upon with the anticipation that it would lead to self-regulation by the industry itself - be it in terms of the future of employment or of the economic direction that the industry will embark on.

Concluding Remarks

The discussions during the course of the Workshop situated the discourse around Industry 4.0 within the contours of the Indian labour realities and the IT sector within that.

As a useful starting point, various broader perspectives around the impact of technological change on the quantum of jobs were brought forth. While the industry perspective was that of technology as an enabler of job creation in the long-run, it was sufficiently tempered by concerns around those impacted adversely in the short to medium-term time frames. These concerns coalesced towards understanding the potential impact of Industry 4.0 on the nature of work, as well as mitigation tools to ease the impact of technological disruption on labour.

Important facets of technological adoption within the Sector were highlighted, such as potential for scalability as well as the distinct eccentricities of the various sub-sectors the IT sector subsumed. The differential impact within the various sub-sectors was pegged to the differential composition of automatable tasks (routine, rule-based) within each sub-sector. However, questions regarding the exact contours of task composition were left unanswered signalling a potential area for further research. On the other hand, the primary challenge to technological adoption faced from the labour-supply side was skilling, or the lack thereof. This was contextualised in the larger scheme of structural issues plaguing the skilling machinery operating in the country, which lead to inadequate dispensation of technical and vocational education and training (TVET). In terms of additional structural issues that would potentially have an impact on how Industry 4.0 plays out in the Indian context, attention was directed towards overdue reform of the labour law framework which has already struggled with incorporating newer forms of working engagements such as platform and gig work, that are being evidenced as a part of Industry 4.0.

An underlying theme that found mention across sessions was the need to devote attention to prevent further marginalisation as a consequence of technological disruption of the already marginalised. Evidence from government datasets as well as from literature around concepts such as skill biased technological change, the leaky pipe problem, and the U-shaped curve of female labour force participation were cited to explicate these issues. The merits of different policy measures to address these concerns, such as social security, living wages, and maternity benefits were also discussed.

While the Workshop touched upon several facets of the discourse around Industry 4.0 in the Sector, it also sprung up areas that require further inquiry. Questions around where in the value chain use-cases for Industry 4.0 technologies were emerging needed a more comprehensive understanding. Moreover, the impact of Sector Skill Councils (SSCs), a central aspect of the skilling ecosystem in India, wasn’t touched upon. An additional path of inquiry that emerged pertained to evolving constructive reforms to legal and economic policy frameworks as top-down interventions within the Sector that could be anticipated to play a significant role in the uptake and impact of Industry 4.0 technologies.

^{^[1]} McKinsey Global Institute, A future that works: Automation, employment, and productivity, https://www.mckinsey.com/~/media/mckinsey/featured%20insights/Digital%20Disruption/Harnessing%20automation%20for%20a%20future%20that%20works/MGI-A-future-that-works-Executive-summary.ashx, (accessed 10 August 2018).

^{^[2]} See discussion under ‘Catalysing manufacturing-led job growth‘.

^{^[3]} R. Verma, Structural Transformation and Jobless Growth in the Indian Economy, The Oxford Handbook of the Indian Economy, 2012.

^{^[4]} S. Mehrotra, ‘The Indian Labour Market: A Fallacy, Two Looming Crises and a Tragedy’, CSE Working Paper, April 2018.

^{^[5]} ibid.

^{^[6]} Mohita Nagpal, ‘Women in tech: There are 3 times more male engineers to females’, belong.co, http://blog.belong.co/gender-diversity-indian-tech-companies, (accessed 10 August 2018).

^{^[7]} Aspiring Minds, National Programming Skills Report - Engineers 2017, https://www.aspiringminds.com/sites/default/files/National%20Programming%20Skills%20Report%20-%20Engineers%202017%20-%20Report%20Brief.pdf, (accessed 11 August 2018).

^{^[8]} World Economic Forum, The Future of Jobs Employment, Skills and Workforce Strategy for the Fourth Industrial Revolution: Global Challenge Insight Report, January 2016.

^{^[9]} Ministry of Statistics and Programme Implementation, All India Report of Sixth Economic Census, Government of India, 2014.

For more details visit https://cis-india.org/internet-governance/blog/future-of-work-report-of-the-workshop-on-the-it-it-es-sector-and-the-future-of-work-in-india