Centre for Internet and Society

The Privacy (Protection) Bill 2013: A Citizen's Draft

bhairav — 2013-07-12T11:50:20Z

The Centre for Internet and Society has been researching privacy in India since 2010 with the objective of raising public awareness around privacy, completing in depth research, and driving a privacy legislation in India. As part of this work, Bhairav Acharya has drafted the Privacy (Protection) Bill 2013.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

The Privacy (Protection) Bill 2013 contains provisions that speak to data protection, interception, and surveillance. The Bill also establishes the powers and functions of the Privacy Commissioner, and lays out offenses and penalties for contravention of the Bill. The Bill represents a citizen's version of a possible privacy legislation for India, and will be shared with key stakeholders including civil society, industry, and government.

Click to download a full draft of the Privacy (Protection) Bill, 2013.

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-citizens-draft

Future of Privacy in India

praskrishna — 2013-03-26T05:14:45Z

DSCI and ICOMP are organizing a meet on Privacy at the Oberoi Hotel in New Delhi on April 5, 2013. Sunil Abraham will be participating in this event as a speaker.

In recent years, there has been an increasing deployment of ICT in the collection of personal information by both private sector and state agencies. Data is a reason for empowerment for both commercial and public purposes. The prolific use of the Internet for search, social networking cloud computing and e-commerce transactions places increasing amounts of personal information and Internet history in hands of dominant private sector players. Data is undeniably the capital of the Internet. While technology has evolved to be able to collect, store and mine increasing amounts of data for improved public services or for commercial purposes, there are understandable concerns over the lack of accountability for the purposes and limits of the use of personal data. These concerns demand an appropriate regulatory framework for Privacy.

As an important step toward formulating the privacy bill, an Expert Group headed by Justice A P Shah provides inputs based on a study of the international landscape of privacy laws, along with the predominant privacy concerns ensuing from technological advancements. The Committee’s report, submitted in Oct 2012 has recommended Nine Principles as the cornerstone for privacy legislation. While the Privacy Act is under development, DSCI and iCOMP are organizing a meet focusing on the following areas:

Outline an appropriate Indian context for privacy: the nine principles
Presentation of the state of play on privacy in key markets (practices, Issues, regulatory interventions)
Analyse the scope and implications of data collection by public agencies in India.
Analyse privacy challenges and risks related to commercial use of data collected on the Internet by private players
Consider how India can address these challenges and enshrine privacy principles in legislation

Key Speakers

Dr. Gulshan Rai, DG, CERT-In*

Mr. Simon Davis, London School of Economics

Mr. Manoj Joshi, JS, DOPT*

Mr. Kanta Roy, CEO, NeGD*

Dr. Kamlesh Bajaj, CEO, DSCI

Mr. Sunil Abraham, ED, CIS

* To be confirmed

Event Flow

Opening Remark by Mr. S V Divvaakar, Executive Director, ICOMP
Framework for Privacy Regulation in India, By Dr. Kamlesh Bajaj, CEO, DSCI
Keynote Address
‘Privacy :The International state of play’, by Mr. Simon Davis, London School of Economics
Panel Discussion 1: Context of Privacy in India
Panel Discussion 2: Business responsibility in the age of ‘data driven’ transformations

Date: April 5, 2013
Time: 9.00 a.m. to 1.00 p.m.
Venue: Oberoi Hotel, Nilgiri Room, New Delhi

For more details visit https://cis-india.org/news/future-of-privacy-in-india-on-april-5-2013-at-oberoi-hotel-new-delhi

Press controls ‘send wrong message to rest of world’

praskrishna — 2013-03-26T04:51:54Z

Britain could trigger an international media crackdown if the Government goes ahead with plans for a Royal Charter to introduce a new Press regulator, free speech campaigners warned yesterday.

Read the article written by Jerome Starkey from Johannesburg, Francis Elliott from Delhi and David Brown. It was published in the Times on March 21, 2013. Sunil Abraham is quoted.

Oppressive regimes will use the example of the planned regulation in Britain to justify tighter controls on their own media, it was claimed. Campaigners from across the Commonwealth are preparing to urge the Queen not to approve the Royal Charter when it is presented by the Privy Council on May 8. Senior journalists and campaigners in Africa and Asia accused Britain of “chilling media freedom” by legitimising state interference in the media.

Phenyo Butale, the director of South Africa’s Freedom of Expression Institute, said: “African governments have shown they are uncomfortable with free press acting as a watchdog, holding them to account. A move to statutory regulation in the UK would really be a gift for them.”

In Somalia, one of the most dangerous countries in the world to be a journalist, reporters said that they were alarmed by the British plans. “It’s alarming that the British Government is regulating the freedom of its press,” said Mohammed Ibrahim, secretary-general of the Somali Union of Journalists.

Sunil Abraham, director of the Centre for Internet and Society, a Bangalore-based organisation that campaigns against the Indian Government’s often heavy-handed attempts to regulate online content, said that the UK had surrendered the moral high ground in an important international debate.

“The UK has traditionally made free speech an important component of their foreign policy and when their own internal actions contradict their external position . . . they no longer have any influence on the Indian situation,” he said.

The Editorial Board of The New York Times wrote that the proposed regulation would “do more harm than good”, adding: “It is worth keeping in mind that journalists at newspapers like The Guardianand The [New York] Times, not the police, first brought to light the scope and extent of hacking by British tabloids. It would be perverse if regulations . . . ended up stifling the kind of hard-hitting investigative journalism that brought it to light in the first place.”

Mumsnet, one of the most popular blogging sites, has sought a guarantee from the Government that it would not be caught by the regulations. The Department for Culture, Media and Sport told the website that it “will ultimately be for the court to decide on the definition of a ‘relevant publisher’ ” covered by the new regulations “but our view is that Mumsnet would not be covered by the new regime”.

Justine Roberts, the website’s founder, has asked to be specifically included in the list of exempted websites.

The House of Lords will vote on Monday on the definition of “relevant publisher” when peers consider new amendments to the Crime and Courts Bill. Some of Britain’s major newspaper and magazine publishers have indicated that they will not join the new regulator.

For more details visit https://cis-india.org/news/the-times-uk-jerome-starkey-francis-elliott-david-brown-march-21-2013-press-controls-send-wrong-message-to-rest-of-world

India’s Civil Liberties Crisis: Of Bans, Blocks, Bullying and Biometrics

praskrishna — 2013-03-25T10:39:43Z

Malavika Jayaram will be a speaker at this event which is organized by the Center for Global Communication Studies and will be held at Annenberg School of Communication, University of Pennslyvania, Philadelphia, on March 28, 2013, from 12 p.m. to 1.30 p.m.

Read about the event on the website of the Center for Global Communication Studies.

Unlike the US First Amendment, the first amendment to the Constitution of India actually strengthened state regulation over freedom of speech. Irony aside, the amendment that is considered by many scholars as the first media crisis in post-colonial India has increasing relevance today. Its prioritization of sovereignty and national security over democratic rights and institutions has resulted in a zone of contestation between nation building and free speech. This is playing out through a series of battles involving website blocking, book banning, biometric databases and bullying of all kinds.

In the last few months, an all-girl rock band in Kashmir was silenced, a village in Bihar banned women and girls from using mobile phones, and we had yet another Salman Rushdie controversy. Movies were blocked. Facebook and Google were taken to court for hosting objectionable content. Paintings were removed from an art gallery at the “suggestion” of the police because they depicted Hindu deities as semi-nude. At the same time, there was a drive to digitize governance and to build biometric databases to enumerate and record every individual. The impacts on free speech, anonymity, and privacy were considered fair game in the drive towards progress, inclusion, and maintenance of public order.

The relationship between the citizen and the state is undergoing a radical transformation mediated by the marriage of welfare schemes and commercial interests. The privacy of one’s body and identity is challenged by initiatives to capture fingerprints, irises, faces, and transactions. The heckler’s vote is increasingly powerful in silencing free expression. Civil society is under siege for resisting the onslaught of draconian legislation, arbitrary restrictions, and the banning of various forms of cultural output. Narratives are being constructed that attribute all civic engagement with “western values” and with being mouthpieces of foreign interests.

In this talk, I will give an overview of the strands of discord that are forming the fabric of India’s latest crisis of democracy. I will unpack some of the rhetoric behind the government’s drive to grasp the individual, and make the citizen visible to the state in an unprecedented manner. I will also discuss my experiences working with civil society in India, and the tools and techniques used to engage with policy formation and to adapt to the future of advocacy.

A dual-qualified lawyer, Malavika Jayaram spent eight years in London - with global law firm Allen & Overy in the Communications, Media & Technology group, and then with Citigroup. She relocated to India in 2006, and wears 3 hats as a practising lawyer, a Fellow at the Centre for Internet and Society (CIS) and a PhD scholar. As a partner at Jayaram & Jayaram, Bangalore, she focuses on corporate/tech transactions and has a special interest in new media and the arts. At CIS, Malavika collaborates on projects that study legislative and policy changes in the internet governance and privacy domains. As a PhD scholar, she is looking at data protection and privacy in India, with a special focus on e-governance schemes and the new biometric ID project.

A graduate of the National Law School of India, she has an LL.M. from Northwestern University, Chicago. She is on the advisory board of the Indian Journal of Law & Technology and is the author of the India chapter for the Data Protection & Privacy volume in the Getting the Deal Through series, launched this year. She is one of 10 Indian lawyers featured in “The International Who's Who of Internet e- Commerce & Data Protection Lawyers 2012” directory.

She is currently running a research project for Internews, studying internet policy in India. This will produce a landscape overview and interviews with various stakeholders in this domain.

For more details visit https://cis-india.org/news/global-asc-upenn-events-indias-civil-liberties-crisis

Internet Censorship, Surveillance, and Corporate Transparency

praskrishna — 2013-03-25T10:29:50Z

Google’s Dorothy Chou will be in conversation with international experts Annenberg School of Communication, St., Philadelphia, on April 3, 2013, from 4.30 p.m. to 6.00 p.m. Malavika Jayaram is participating in the event as a panelist. The event is organised by Center for Global Communication Studies and Annenberg School for Communication, University of Pennsylvania.

Read full details of the event was published on the website of Center for Global Communication Studies.

Since mid 2010 Google has been publishing data about the requests it receives from governments to remove content or hand over user data. This regularly updated Transparency Report reveals alarming trends: Government surveillance is on the rise, everywhere. Even worse, a large number of government censorship and surveillance requests are of dubious legality even according to the host countries’ own laws. In a world where citizens increasingly rely on digital products and services owned and operated by private corporations for their civic and political lives, the implications for human rights and democracy around the world are troubling.

Dorothy Chou, Senior Policy Analyst who leads Google's efforts to increase transparency about how it responds to government censorship and surveillance demands, will discuss Google's Transparency Report with Rebecca MacKinnon, Senior Fellow at the New America Foundation and an international panel of experts:

Ronald Lemos, the Director of the Center for Technology and Society at the Fundação Getúlio Vargas (FGV) School of Law in Rio de Janeiro, Brazil

Hu Yong, Associate Professor, Peking University School of Journalism and Communication

Malavika Jayaram, Fellow, Center for Internet and Society, Bangalore and Annenberg CGCS;

Gregory Asmolov, PhD Candidate, London School of Economics; Global Voices "RuNet Echo" contributor and Russian social media expert.

This event is part of the cross-disciplinary, university-wide “New Technologies, Human Rights, and Transparency” project funded by the university’s Global Engagement Fund and hosted by Annenberg’s Center for Global Communications Studies in partnership with Wharton, PennLaw, Engineering, and the School of Arts and Sciences. The project aims to examine the relationship between government and corporate power in today’s digitally networked world, bringing together research partners from across the university and around the world to develop a methodology to evaluate and compare the policies and practices of Information and Communication Technology (ICT) companies as they affect Internet users’ freedom expression and privacy in a human rights context.

For more details visit https://cis-india.org/news/global-asc-upenn-events-internet-censorship-surveillance-and-corporate-transparency

DML 2013 – Fourth Annual Conference

praskrishna — 2013-03-21T09:52:59Z

The fourth annual conference – DML2013 – was organized around the theme “Democratic Futures: Mobilizing Voices, and Remixing Youth Participation” and was held between March 14-16, 2013 in Chicago, Illinois. The Centre for Internet and Society was one of the sponsors for this event.

The Digital Media and Learning Conference is an annual event supported by the MacArthur Foundation and organized by the Digital Media and Learning Research Hub located at the UC Humanities Research Institute, University of California, Irvine.

We had a special track that ran through the conference on "Whose Change Is It Anyway? Futures, Youth, Technology And Citizen Action In The Global South (And The Rest Of The World)". Noopur Raval was one of the 16 presenters that we had selected on the tracks. Nishant Shah was one of the members in the Conference Committee.

Whose Change Is It Anyway? Futures, Youth, Technology And Citizen Action In The Global South (And The Rest Of The World)

Whose Change Is It Anyway? sought to explore new entry points into the discourse on youth, technology and change, with a specific focus on (but not restricted to) the Global South and the last decade of citizen action. This conference track sought to fashion frameworks and structures that provide new ways of interpreting and understanding outcomes that technology mediated citizen action has to offer, as well as the future of citizen led interventions: What enables, catalyzes and moves young people to reinvent themselves as citizen actors? What are the interventions and narratives of change that fail to fit into a ‘success’ rubric, but are still significant in the processes of change they initiate? How do we understand these ‘new’ events as hybrids, connecting with existing histories, contexts, media and technologies in their regions? Is there an alternative discourse that does not necessarily adopt frameworks arising from the knowledge centers of the West? Do these discourses help challenge and rework global vocabularies by offering new ways of looking at citizen action and change? The track invited provocative hypotheses, in-depth analyses, dialogues and contestations around these ideas, through innovative interactive presentation formats. The dialogue was informed by experimental and new methods of information and knowledge production, focusing on the Global South and its larger transnational contexts at the junctures of youth, technology and change.

For more info on the event, click here

For more details visit https://cis-india.org/news/dml-hub-net-dml-2013

Namaste, Mr. Eric Schmidt

praskrishna — 2013-03-21T08:48:48Z

An article by R. Jai Krishna published in the Wall Street Journal on March 20, 2013 quotes Sunil Abraham.

Read the original published by the Wall Street Journal on March 20, 2013.

Sandwiched between a January visit to North Korea and a stop in Myanmar at the end of this week Google Inc.'s GOOG +0.42% executive chairman, Eric Schmidt, is visiting India until Thursday.

The world’s largest democracy might seem to have little in common with the two authoritarian states.

But free speech advocates say recent developments in India are troubling and observers are waiting to see whether Mr. Schmidt addresses them during two events over the next couple of days.

At issue is a debate in India over the limits to free speech. In 2011, India’s government, angered at the spread of inflammatory material online, passed a law that allows it to hold Internet companies liable for “offensive” material posted by users. Parts of the law are being challenged in India’s Supreme Court, which has yet to rule.

In December 2011, India’s then-telecoms minister, Kapil Sibal, urged Google Facebook Inc. FB -2.67% and other Internet companies to screen derogatory material from their sites. The requests came amid official anger over content that parodied Prime Minister Manmohan Singh and Sonia Gandhi, president of the ruling Congress party, as well as other leading politicians.

A journalist, Vinay Rai, subsequently filed criminal cases in a Delhi court against Internet firms including Google, alleging material they hosted was defamatory, obscene and promoted enmity among different religious and ethnic groups. The companies are challenging the validity of the case in a higher court. The lower court is expected to begin hearings next month.

Google and the others deny wrongdoing. Google has said it makes unavailable to Indian users any content that violates its terms of services or local laws.

Mr. Schmidt is unlikely to address the ongoing lawsuits. But he might take the opportunity to push India to reconsider its position on free speech, say activists.

“He will obviously make a case..but the government is unlikely to take it seriously,” said Sunil Abraham, executive director at the Bangalore-based Centre for Internet and Society. “It’s much more complicated.”

Mr. Schmidt is set to speak at two technology conferences – one organized by the country’s software industry body, the National Association of Software and Services Companies, or Nasscom, on Wednesday, and another by Google on Thursday.

Paroma Roy Chowdhury, a spokeswoman for Google India said: “The Google India team is very happy to host him here.”

Mr. Schmidt’s India visit follows his private visit to North Korea in January where he urged its officials to drop barriers to global Internet access if they hope to develop their economy. He is likely to travel to Myanmar on March 22, after his India trip.

Google is facing other legal challenges in India. They include a federal anti-trust probe on alleged anticompetitive practices by Google’s online advertising business. Google says it has done nothing wrong.

For Google, India is an important market for its Internet services as well as mobile-devices software Android.

Market research firm ComScore Inc. SCOR -0.41% said in June that Google reached 95% of online users in India. “Visitors spent 2.5 hours on Google sites, with YouTube accounting for a major share,” it said.

More and more Indians have started taking to the Internet to express their views. India has about 62 million people in urban areas using social media platforms, according to a recent study by the Internet and Mobile Association of India, a trade body, and market-research agency, IMRB. That is expected to rise to 66 million by June.

Demographically, the report said, the “highest proportion’ of social media usage was among young men and college students, representing 84% and 82% of the total internet users, respectively.

Last year, New Delhi issued a series of guidelines on how government departments should use social media to reach out to people and to ensure public participation in policy framing.

The ruling Congress-led coalition government has now started embracing these networks.

For example, Finance Minister P. Chidambaram earlier this month interacted with citizens during the annual budget proposal using social media platform Google+.

For many, this was seen as a move to counter Gujarat Chief Minister Narendra Modi’s use of online platforms during his successful re-election campaign late last year. Mr. Modi, widely expected to be named the prime ministerial candidate for the main opposition Bharatiya Janata Party in 2014, is scheduled to attend Google’s event Thursday.

For more details visit https://cis-india.org/news/wsj-r-jai-krishna-march-20-2013-namaste-mr-eric-schmidt

Reply to RTI Application on Blocking of website and Rule 419A of Indian Telegraph Rules, 1951

praskrishna — 2013-03-21T07:58:12Z

The Department of Telecommunications sent its reply to an RTI application from the Centre for Internet and Society. The application was sent on December 27, 2012 with reference to blocking of websites and Rule 419A of the Indian Telegraph Rules, 1951.

To
Shri Subodh Saxena
Central Public Information Officer (RTI)
Director (DS-II), Room No 1006, Sanchar Bhawan
Department of Télécommunications (DoT)
Ministry of Communications and Information Technology
20, Ashoka Road, New Delhi — 110001

Dear Sir,
Subject: Information on Website Blocking Requested under the Right to Information Act, 2005

1. Full Name of the Applicant: Centre for Internet & Society

2. Address of the Applicant

Mailing Address: Centre for Internet and Society
194, 2־C Cross,
Domlur Stage II,
Bangalore 560071

3. Details of the information required

It has come to our attention that Airtel Broadband Services ("Airtel") and Mahanagar Téléphoné Nigam Limited ("MTNL") have recently blocked access to a number of domain sites for all their users across the country. Airtel has blocked Fabulous Domains (http://www.fabulous.com/), BuyDomains (http://www.buvdomains.com/) and Sedo (http://sedo.co.uk/uk/home/welcome/). MTNL has blocked Sedo (http://sedo.co.uk/uk/home/welcQme/). Subscribers trying to access this website receive a message noting "This website/URL has been blocked until further notice either pursuant to Court orders or on the Directions issued by the Department of Télécommunications". In this regard, we request information on the following queries under Section 6(1) of the Right to Information Act, 2005:

Does the Department have powers to require an Internet Service Provider to block a website? If so, please provide a citation of the statute under which power is granted to the Department, as well as the safeguards prescribed to be in accordance with Article 19(1)(a) of the Constitution of India.
Did the Department order Airtel or MTNL to block any or all of the above mentioned websites? If so, please provide a copy of such order or orders. If not, what action, if at all, has been taken by the Department against Airtel and MTNL for blocking of websites?
Has the Department ever ordered the blocking of any website? If so, please provide a list of addresses of all the websites that have been ordered to be blocked.
Please provide use the present composition of the Committee constituted under rule 419A of the Indian Telegraph Rules, 1951.
Please provide us the dates and copies of the minutes of all meetings held by the Committee constituted under rule 419A of the Indian Telegraph Rules, 1951, and copies of all their recommendations.

4. Years to which the above requests pertain: 2012

5. Designation and address of the PIO from whom the information is required

Shri Subodh Saxena
Central Public Information Officer (RTI)
Director (DS-II), Room No 1006, Sanchar Bhawan
Department of Télécommunications (DoT)
Ministry of Communications and Information Technology
20, Ashoka Road, New Delhi — 110001

To the best of my belief, the détails sought for fall within your authority. Further, as provided under section 6(3) of the Right to Information Act ("RTI Act"), in case this application does not fall within your authority, I request you to transfer the same in the designated time (5 days) to the concerned authority and inform me of the same immediately.

To the best of my knowledge the information sought does not fall within the restrictions contained in section 8 and 9 of the RTI Act, and any provision protecting such information in any other law for the time being in force is inapplicable due to section 22 of the RTI Act.

Please provide me this information in electronic form, via the e-mail address provided above. This to certify that I, Smitha Krishna Prasad, am a citizen of India.

A fee of Rs. 10/- (Rupees Ten Only) has been made out in the form of a demand draft drawn in favour of "Pay and Accounts Officer (HQ), Department of Telecom" payable at New Delhi.

Date. Monday November 26,2012
Place: Bengaluru, Karnataka

Below is the reply received from the Department of Telecommunications for the above RTI application

Government of India
Department of Télécommunications
Sanchar Bhawan, 20, Ashoka Road. New Delhi -110 001
(DS-CelI)

No. DIR(DS-II)/RTI/2009																		Dated:ll/01/2013

To,
Centre for Internet and Society,
No. 194, 2-C Cross,
Domlur Stage II,
Bangalore - 560 071

This has reference to RTI application dated 27/12/2012 with reference to Blocking of website and Rule 419A of Indian Telegraph Rules, 1951

In this regard it is submitted that Internet Service licensees are to follow the provisions of Information Technology Act 2000 as amended from time to time. Under Information Technology Act 2000, "Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules 2009" were notified on 27/10/2009.(Annexure) Aforesaid notified rules describes the "Designated Officer" for the purpose of issuing direction for blocking for access by the public any information generated, transmitted, received, stored or hosted in any computer resource under subsection (2) of Section 69(A) of the ACT. Wide Gazette Notification dated 20/01/2010 Group Coordinator , Cyber Law division, Department of Information Technology has been authorized and designated as "Designated Officer".

As per the directions of Group Coordinator, Cyber Law division, under Information Technology Act 2000, instructions for blocking/ unblocking of websites/URLs are issued to Internet Service Licensees.

As per the available information no instruction to Internet Service Providers has been issued for Blocking of http://www.fabulous.com/, http://www.buydomains.com/, http://sedo.co.uk/uk/home/welcome/ and http://sedo.co.uk/uk/home/welcome/ as mentioned in your RTI application.

Copies of Blocking order for which blocking instructions issued by DoT are not being provided are not provided as per Clause 16 of "Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules 2009" which says "Strict confidentiality shall be maintained regarding all the requests and complaints received and actions taken thereof."
With reference to information (Para 4 & 5 of RTI Aplication ) on Rule 419A of Indian Telegraph Rule, 1951 , the RTI is being forwarded to Dir (AS-III) & CPIO, DoT for providing the information.
The appeal, it any, may be made before Shri Nitin Jain, DDG(DS) & Appellate Authority, Department of Télécommunications, Room No. 1201, Sanchar Bhawan, 20 Ashoka Road, Nevy Delhi-110 001 within 30 days from the date of receipt of this letter.

Encl: As above
																							(Subodh Saxena) DIR (DS-II) 011-2303 6860 011-2335 9454

Copy to:

(I) Shri Rajiv Kumar, CPIO & Director (AS-III), DoT, New Delhi

NOTIFICATION
New Delhi, the 27th October, 2009

G.S.R. 781 (E). — In exercise of the powers conferred by clause (z) of sub-section (2) of section 87, read with sub-section (2) of section 69A of the Information Technology Act 2000 (21 of 2000), the Central Government hereby makes the following rules, namely:

Short title and commencement — (1) These rules may be called the Information Technology (Procedure and Safeguards for Blocking for Access and Information by Public) Rules, 2009.
(2) They shall come into force on the date of their publication in the Official Gazette.
Definitions. — In these rules, unless the context otherwise requires. —
(a) "Act" means the Information Technology Act, 2000 (21 of 2000);
(b) "computer resource" means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;
(c) "Designated Officer" means an officer designated as Designated Officer under rule 3;
(d) "Form" means a form appended to these rules;
(e) "intermediary" means an intermediary as defined in clause (w) of sub-section (1) of section 2 of the Act;
(f) "nodal officer" means the nodal officer designated as such under rule 4;
(g) "organisation" means
(i) Ministries or Departments of the Government of India;
(ii) State Governments and Union Territories;
(iii) Any agency of the Central Government, as may be notified in the Official Gazette, by the Central Government
(h) "request" means the request for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource;
(i) "Review Committee" means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951.
Designated Officer — The Central Government shall designate by notification in Official Gazette, an officer of the Central Government not below the rank of a Joint Secretary, as the "Designated Officer", for the purpose of issuing direction for blocking for access by the public any information generated, transmitted. received,, stored or hosted in any computer resource under sub-section (2) of section 69A of the Act.
Nodal officer or organisation.— Every organisation for the purpose of these rules, shall designate one of its officer as the Nodal Officer and shall intimate the same to the Central Government in the Department of Information Technology under the Ministry of Communications and Information Technotogy, Government of India and also publish the name of the said Nodal Officer on their website.
Direction by Designated Officer. — The Designated Officer may, on receipt of any request from the Nodal Officer of an organisation or a competent court, by order direct any Agency of the Government or intermediary to block for access by the public any information or part thereof generated, transmitted, received, stored or hosted in any computer resource for any of the reasons specified in sub-section (1) of section 69A of the Act.
Forwarding of requests by organisation. — (1) Any person may send their complaint to the Nodal Officer of the concerned organisation for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource:
Provided that any request other than the one from the Nodal Officer of the organisation shall be sent with the approval of the Chief Secretary of the concerned State or Union territory to the Designated Officer.
Provided further that in case a Union territory has no Chief Secretary, then, such request may be approved by the Adviser to the Administrator of that Union territory.
(2) The organisation shall examine the complaint received under sub-rule (1) to satisfy themselves about the need for taking of action in relation to the reasons enumerated in sub-section (1) of section 69A of the Act and after being satisfied, it shall send the request through its Nodal Officer to the Designated Officer in the format specified in the Form appended to these rules.
(3) The Designated Officer shall not entertain any complaint or request for blocking of information directly from any person.
(4) The request shall be in writing on the letter head of the respective organisation, complete in all respects and may be sent either by mail or by fax or by e-mail signed with electronic signature of the Nodal Officer.
Provided that in case the request is sent by fax or by e-mail which is not signed with electronic signature, the Nodal Officer shall provide a signed copy of the request so as to reach the Designated Officer within a period of three days of receipt of the request by such fax or e-mail.
(5) On receipt, each request shall be assigned a number along with the date and time of its receipt by the Designated Officer and he shall acknowledge the receipt thereof to the Nodal Officer within a period of twenty four hours of its receipt.
Committee for examinatlon of request.— The request along with the printed sample content of the alleged offending information or part thereof shall be examined by a committee consisting of the Designated Officer as its chairperson and representatives, not below the rank of Joint Secretary in Ministries of Law and Justice, Home Affairs. Information and Broadcasting and the Indian Computer Emergency Response Team appointed under sub-section (1) of section 70B of the Act.
Examination of request.— (1) On receipt of request under rule 6, the Designated Officer shall make all reasonable efforts to identify the person or intermediary who has hosted the information or part thereof as well as the computer resource on which such information or part thereof is being hosted and where he is able to identify such person or intermediary and the computer resource hosting the informalion or part thereof which have been requested to be blocked for public access, he shall issue a notice by way of letters or fax or e-mail signed with electronic signatures to such person or intermediary in control of such computer resource to appear and submit their reply and clarifications, if any, before the committee referred to in rule 7, at a specified date and time, which shall not be less than forty-eight hours from the time of receipt of such notice by such person or intermediary.
(2) In case of non-appearance of such person or intermediary, who has been served with the notice under sub-rule (I), before the committee on such specified date and time, the committee shall give specific recommendation in writing with respect to the request received from the Nodal Officer, based on the information available with the committee.
(3) In case, such a person or intermediary, who has been served with the notice under sub-rule (1), is a foreign entity or body corporate as identified by the Designated Officer, notice shall be sent by way of letters or fax or e-mail signed with electronic signatures to such foreign entity or body corporate and any such foreign entity or body corporate shall respond to such a notice within the time specified therein, failing which the committee shall give specific recommendation in writing with respect to the request received from the Nodal Officer, based on the information available with the committee.
(4) The committee referred to in rule 7 shall examine the request and printed sample information and consider whether the request is covered within the scope of sub-section (1) of section 69A of the Act and that it is justifiable to block such information or part thereof and shall give specific recommendation in writing with respect to the request received from the Nodal Officer.
(5) The designated Officer shall submit the recommendation of the committee, in respect of the request for blocking of information along with the details sent by the Nodal Officer to the Secretary in the Department of Information Technology under the Ministry of Communications and Information Technology, Government of India (hereinafter referred to as the "Secretary, Department of Information Technology").
(6) The Designated Officer, on approval of the request by the Secretary, Department of Information Technology, shall direct any agency of the Government or the intermediary to block the offending information generaled, transmitted, received, stored or hosted in their computer resource for public access within time limit specified in the direction:
Provided that in case the request of the Nodal Officer is not approved by the Secretary, Department of Information Technology, the Designated Officer shall convey the same to such Nodal Officer.
Blocking of Information in cases of emergency.— (1) Notwithstanding anything contained in rules 7 and 8, the Designated Officer, in any case of emergency nature, for which no delay is acceptable, shall examine the request and printed sample information and consider whether the request is within the scope of sub-section (1) of section 69A of the Act and it is necessary or expedient and justifiable to block such information or part thereof and submit the request with specific recommendations in writing to Secretary, Department of Information Technology.
(2) In a case of emergency nature, tne Secretary. Department of Information Technology may, if he is satisfied that it is necessary or expedent and justifiable for blocking for public access of any information or part thereof through any computer resource and after recording reasons in writing as an interim measure issue such directions as he may consider necessary to such identified or identifiable persons or intermediary in control of such computer resource hosting such information or part thereof without giving him an opportunity of hearing.
(3) The Designated Officer, at ihe earliest but not later than forty-eight hours of issue of direction under sub-rule 2, shall bring the request before the committee referred to in rule 7 for its consideration and recommendation.
(4) On receipt of recommendations of committee, Secretary, Department of Information Technology, shall pass the final order as regard to approval of such request and in case the request for blocking is not approved by the Secretary. Department of Information Technology in his final order, the interim direction issued under sub-rule (2) shall be revoked and the person or intermediary in control of such information shall be accordingly directed to unblock the information for public access.
Process of order of court for blocking of Information — In case of an order from a competent court in India for blocking of any information or part thereof generated, transmitted, received, stored or hosted in a computer resource, the Designated Officer shall, immediately on receipt of certified copy of the court order, submit it to the Secretary, Department of Information Technology and initiate action as directed by the court.
Expeditious disposal of request - The request received from the Nodal Officer shall be decided expeditiously which in no case shall be more than seven working days from the date of receipt of the request.
Action for non-compliance of direction by Intermediary — In case the intermediary fails to comply with the direction issued to him under rule 9, the Designated Officer shall, with the prior approval of the Secretary, Department of Information Technology, initiate appropriate action as may be required to comply with the provisions of sub-section (3) of section 69A of the Act.
Intermediary to designate one person to receive and handle directions — (1) Every intermediary shall designate at least one person to receive and handle the directions for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource under these rules.
(2) The designated person of the intermediary shall acknowledge receipt of the directions to the Designated Officer within two hours on receipt of the direction through acknowledgement letter or fax or e-mail signed with electronic signature.
Meeting of Review Commlttee — The Review Committee shall meet at least once in two months and record its findings whether the directions issued under these rules are in accordance with the provisions of sub-seclion (1) of section 69A of the Act and if is of the opinion that the directions are not in accordance with the provisions referred above, it may set aside the directions and issue order for unblocking of said information generated, transmitted, received, stored or hosted in a computer resource for public access.
Maintenance of records by Designated Officer — The Designated Officer shall maintain complete record of the request received and action taken thereof, in electronic database and also in register of the cases of blocking for public access of the information generated, transmitted, received, stored or hosted in a computer resource.
Requests and complaints to be confidential — Strict confidentiality shall be maintained regarding all the requests and complaints received and actions taken thereof.

FORM
(See rule 6(2))

A. Complaint

Name of the complainant: --_________________________________________________________________
(Person who has sent the complaint to the Ministry/Department/State Govt./Nodal Officer)
Address: ________________________________________________________________________________
________________________________________________________________________________
City: ______________________________ Pin Code: __________________
Telephone: ________________________ (prefix STD code)
Fax (if any): _______________________
Mobile (if any): ______________________
Email (if any): __________________________________

B. Details of website/computer resource/intermediary/offending information hosted on the website
(Please give details wherever known)
URL / web address: ____________________________________
IP Address: _______________________________________
Hyperlink: ________________________________________
Server/Proxy Server address: ________________________________________
Name of the Intermediary: _________________________________________
URL of the Intermediary: __________________________________________
(Please attach screenshot/printout of the offending information)
Address or location of intermediary in case the intermediary is telecom service provider, network service provider, internet service provider, web-hosting service provider and cyber cafe or other form of intermediary for which information under points (7), (8), (9), (10), (11) and (12) are not available.
___________________________________________________________
___________________________________________________________
___________________________________________________________
C. Details of Request for blocking
Recommendations/Comments of the Ministry/State Govt: ________________________
________________________________________________________________________
________________________________________________________________________
The level at which the comments/recommendation have been approved
(Please specify designation) ________________________________________________
Have the complaint been examined in Ministry / State Government: Y/N
If yes, under which of the following reasons it falls (please tick):
(i) Interest of sovereignty or integrity of India
(ii) Defence of India
(iii) Security of the State
(iv) Friendly relations with foreign states
(v) Public order
(vi) For preventing incitement to the commission of any cognisable offence relating to above
D. Details of the Nodal Officer, forwarding the complaint along with recommendation of the Ministry/State Govt. and related enclosures
Name of the Nodal Officer: ___________________________________________
Designation: ______________________________________________________
Organisation: _____________________________________________________
Address: ________________________________________________ _________

__________________________________________________________

City: __________________________ Pin Code: _________________
Telephone: ___________________________ (prefix STD code)
Fax (if any) _____________________
Mobile (if any) ______________________
Email (if any): ___________________________
E: Any other information:
F: Enclosures:

1.

2.

3.

Date Place Signature

[No. 9(16)J2004-EC]
N. RAVI SHANKER, Jt. Secy

3855GI/09-5

For more details visit https://cis-india.org/internet-governance/resources/reply-to-rti-application-on-blocking-of-website-and-rule-419a-of-indian-telegraph-rules-1951

Reply to RTI Application on the List of Nodal Officers Designated Under the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009

praskrishna — 2013-03-21T06:30:57Z

The Centre for Internet and Society had sent an RTI to the Department of Electronics & Information Technology on December 4, 2012. The Department responded to the same through this notification on January 7, 2013. The letter sent and the notification received are reproduced below.

Shri Anil Kaushik Scientist E Office of PIO (RTI) Electronics Niketan
Department of Information Technology (DIT) Ministry of Communications and Information Technology 6, CGO Complex, New Delhi

Dear Sir,

Subject: Information on nodal officers appointed requested under the Right to Information Act, 2005.

1. Füll Name of the Applicant: Centre for Internet and Society

2. Address of the Applicant:

E-mail Address:

Mailing Address:
Centre for Internet and Society
194, 2-C Cross,
Domlur Stage II,
Bangalore-560071

3. Details of the information required:

The Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 ("Rules") provides for the désignation of nodal officers under Rule 4. Rule 4 states that every Organization shall designate one of its officers as the Nodal Officer for the purpose of implementing the Rules. Rule 4 also provides that every Organization shall inform the Department of Information Technology of the désignation of such a Nodal Officer. In this regard, we request information on the following queries under Section 6(1) of the Right to Information Act, 2005:

Does the Department of Electronics and Information Technology maintain a list of all Nodal Officers designated under Rule 4 of the Rules?
If so, please provide me a copy of any list containing information about the Nodal Officers designated under Rule 4 of the Rules.
Years to which the above requests pertain:'

2009-2012

5. Designation and Address of the PIO from whom the information is required:
Shri Anil Kaushik Scientist E Office of PIO (RTI) Electronics Niketan
Department of Information Technology (DIT) Ministry of Communications and Information Technology
6, CGO Complex, New Delhi

To the best of my belief, the details sought for fall within your authority. Further, as provided under section 6(3) of the Right to Information Act ("RTI Act"), in case this application does not fall within your authority, I request you to transfer the same in the designated time (5 days) to the concerned authority and inform me of the same immediately.

Please provide me this information in electronic form, via the e-mail address provided above. This is to certify that I, Smitha Krishna Prasad, am a citizen of India.

(Smitha Krishna Prasad

A fee of Rs. 10/־ (Rupees Ten Only) has been made out in the form of a demand draft drawn in favour of "Pay and Accounts Officer, Department of Information Technology" payable at New Delhi.

Date: Tuesday December 4, 2012
Place: Bengaluru, Karnataka

Below is the reply received from the Department of Electronics & Information Technology:

No. 14(142)/2012-ESD
M/o Communiciations & Information Technololgy Department of Electronics & Information Technology Electronics Niketan,6, CGO Complex
New Delhi-110003

Dated: 7.1.2003

Subject: RTI application received from Shri Smitha Krishna Prasad

This is with reference to your RTI application requesting for the following information:

The Information Technology (Procédure and Safeguards for blocking for access of information by public) Rules, 2009 ("Rules") provides for the désignation of nodal officers under Rule 4. Rule 4 states that every organisation shall designate one of its officers as the Nodal Officer for the purpose of implementing the Rules. Rule 4 also provides that every organisation shall inform the Department of Information Technology of the désignation of such a Nodal Officer. In this regard, we request information on the following queries under Section 6(1) of the Right to Information Act,2005.

Does the Department of Electronics and Information Technology maintain a list of all Nodal Officers designated under rule 4 of the Rules?
If so, please provide me a copy of any list containing information about the Nodal Officers designated under Rule 4 of the rules.

The information as received from the custodian of the information is placed below:

Department of Electronics and Information Technology maintains a list of Nodal Officers designated under rule 4 of the Information Technology (Procédure and Safeguards for blocking for access of information by public) Rules, 2009.
A copy of list of Nodal Officer is enclosed at Annexure.

(A.K. Kaushik)
Additional Director & CPIO
(E-Security & Cyber Laws)

Centre for Internet & Society
194, 2-C Cross, Domlur Stage II
Bangalore - 560071

Annexure

List of Nodal Officers

Director, Dept. of Agriculture, Krishi Bhawan, New Delhi
Adviser, Dept. of Biotechnology, Block-2, Room - 707, CGO Complex, New Delhi- 110003
Dy. Director General, Dept. of Chemicals & Petrochemicals, Shastri Bhawan, N. Delhi-1
Jt. Secretary (Admn.), Room No. 321-A, Shastri Bhawan , N. Delhi-1
Scientist Gr. IV(6), Council of Scientific & Industrial Research, Anusandhan Bhavan, 2 Rafi Marg, New Delhi-110 001
Director (Coord), Dept. of Defence, R, No. 94, South Block, New Delhi - 110001
Director (B&C), Dept. of Defence Production, R. No. 146, B-Wing, Sena Bhawan, New Delhi
Director, DESIDOC, 405, Cresent Apartment, Pocket 2, Sector 18A, Dwarka, New Delhi - 110075
Deputy Secretary (res - I), Dept. of Ex-servicemen Welfare, Room No. 237, B-Wing, Sena Bhawan, New Delhi-11
Scientist E, Room No. 3, Administrative Block, DSIR, Technology Bhavan, New Mehrauli Road, New Delhi-110 016
Director, Ministry of Earth Sciences, Block-12, CGO Complex, New Delhi - 110003
Dy. Secy (Budget Monitoring), Dept. of Economic Affairs, Room No. 238-B, North Block, New Delhi-110001
Deputy. Secretary, Room 1222, Paryavaran Bhawan, CGO Complex, Lodi Road, New Delhi-3
Jt. Secy. (XP), Ministry of External Affairs, R.No. 152, Shastri Bhawan, New Delhi
Deputy Secretary, Dept. of Financial Services, Ministry of Finance, 3rd Floor, Jeevandeep, Parliament Street, N Delhi-1
Under Secretary, Min. of Food Processing Industry, Panchsheel Bhawan, Room No 117, August Kranti Marg, New Delhi - 110049
DDG (Stats), Dept. of Health & Family Welfare, 518-A, Nirman Bhawan, New Delhi
Jt. Director, Ministry of Home Affairs, 35, Sardar Patel Marg, New Delhi
Sr. Tech. Director,NIC, Room No. 108, A-Wing, Shashtri Bhawan, N. Delhi-1
JS & Legislative Counsel, Legislative Department, Min. of Law & Justice, Room No. 430A, A-Wing, Shastri Bhawan, N Delhi-11001
Deputy Secretary, Department of Legal Affairs, Min. of Law & Justice, Room No. 433A, A-Wing, Shashtri Bhawan, N Delhi-11001
Joint Secretary, Min. of Mines, Shastri Bhawan, New Delhi
Director (R&A), Min. of Petroleum & Natural Gas, Room No. 203, B-Wing, Shastri Bhawan, New Delhi-110 001
DDG (Technology) Dept. of Posts, Room No. 524, Dak Bhawan, Parliament St., New Delhi - 110016
Joint Secretary, Min. of Power, Room No. 202, Shram Shakti Bhawan, Rafi Marg, New Delhi-110001
Dy. Secretary, Dept. of Public Enterprises, Room No. 410, Block-14, Public Enterprises Bhavan, CGO Complex, N Delhi-110003
Executive Director (C&IS) Railway Board, Min. of Railways, Rail Bhavan, Raisina Road, New Delhi - 110 001
Director (Narcotics Control), Dept. of Revenue, Min. of Finance, Room No 48-A, North Block, N Delhi
Jt. Secy (T&A), Min. of Road Transport & Highways, Transport Bhawan, 1 Parliament Street, New Delhi
Deputy Secretary, Ministry of Shipping, Room 428, Transport Bhavan, Sansad Marg, N Delhi-110001
Deputy Director, INSES, Indian Space Research Organisation, Antariksh Bhavan, New BEL Road, Bangalore-560231
Dy. Secy, Ministry of Steel, Udyog Bhavan, New Delhi
Additional Surveyor General, International Boundary Directorate (SGO), Room 37-B, L-II Block, Brassey Avenue, Church Road, N Delhi
Asstt. Director (PG-I), Department of Telecom, Sanchar Bhawan, 20 Ashoka Road, N Delhi-1
Director, Ministry of Textile, Room No. 231, 2nd Floor, Udyog Bhawan, New Delhi
Director (Admn), Min. of Urban Development,Room No. 235, "C" Wing, Nirman Bhawan, New Delhi
Director (IT), Ministry of Water resources, 627, Shram Shakti Bhawan, Rafi Marg, New Delhi-110001
SD(IT)-2, A&N Admin., Govt. Polytechnic Campus, Junglighat (P.O.), Pahargaon, Port Blair-744 103
Special Officer (Portal), Room No. 208, A-Block, IT&C Department, A.P. Secretariat, Hyderabad-500022
Managing Director, Bihar State Electronics Devp. Corp., Beltron Bhawan, Shastri Nagar, Patna-3
Director, Information Technology, Dept. of IT, 5th Floor, Addl. Deluxe Building, Sector-9, Chandigarh
Chief Executive Officer, CHIPS office, IT & BioTech Department, Mantralaya, D.K.S. Bhawan, Raipur-492001
Director (IT) Room No. 207-208, Secretariat, Amli, Silvassa-396 230
Principal Home Secretary, Dèlhi Secretariat, IP Estate, New Delhi-11002
DCP, Economic Offences Wing, Crime Branch, Delhi Police
Secretary (IT), Dept. of IT, Secretariat Complex, Porvorim, Goa-403521
Principal Secretary Science & Tech. Dept.. Block - 7, 5th Floor, New Sachivalaya, Gandhinagar- 382 010
Spl. Secretary, Secretariat for IT, 9th Floor, Haryana Civil Secretariat, Chandigarh
Director. Dept. of IT, STPI Building, Block-24, SDA Complex, Kasumpti, Shimla- 71009
Regional Dy. Director, Revenue & Land Reforms Department, Project Bhawan, Dhurva, Ranchi-834002
Project Officer. HRMS Project, Room No. 145-A, M.S. Building, Gate No. 2, Dr. В R Ambedkar Veedhi, Bangalore 560001
Principal Secretary, Information Technology Department, Central Secretariat, Trivandrum - 695 001
Director (Information Technology) Department of Information Technology, Administration of the UT of Lakshadweep, Kavaratti - 682 555
OSD, Department of Information Technology, Room No. 132, Vallabh Bhavan, Bhopal - 462 004
Jt. Commissioner of Police (Crime), Govt. of Maharashtra, Mumbai
Principal Informatics Officer, Dept. of Information & Comm. Technology, Govt. of Mizoram, Secrétariat Annex-l, Aizawl, Mizoram
Secretary IT&C, Nagaland Civil Secrétariat, Kohima - 797004
DGM. Orissa Computer Application Centre, OCAC Building, Plot N/1-7D, Acharya Nagar, PO-RRL. Bhubaneswar-751013
Director (IT), Directorate of IT, No. 505 Kamraj Salai, PRD Complex, Saram, Puducherry - 605 013
Director, Department of IT, SCO 193-95, Sector 34-A, Chandigarh
Additional Director, Dept. of IT & Communication, First Floor, Yojana Bhawan, Tilak Marg, Jaipur
Principal Secretary, Information Technology Department, Secrétariat, Chennai
Additional Director, Govt of Tripura, Directorate of IT, Indranagar, ITI Road, Agartala - 799 006
Special Secretary, IT & Electronics Dept., Bapu Bhawan, II Floor, No. 209, U.P. Admn. Lucknow
Uttra Portal Subject Specialist, ITDA, 93, Phase-II, Vasant Vihar, Dehradun
Executive Director (Technical), WBEIDC Ltd., Webel Bhawan, Block EP & GP, Salt lake, Sector-V, Kolkata-700091

For more details visit https://cis-india.org/internet-governance/resources/arreply-to-rti-application-on-nodal-officers-from-deit

Global Partners Meeting @ London

praskrishna — 2013-03-20T06:37:48Z

Privacy International is organizing the Global Partners Meeting in London from March 22 to 25, 2013. The workshop will be held at the London School of Economics and Political Science. Sunil Abraham and Malavika Jayaram will be participating in this event.

Click to read the full details published by Privacy International here.

The meeting is an opportunity to connect global partners with each other and with researchers, human rights advocates, and privacy and technology experts from over 20 countries. This will provide an opportunity for discussion and debate, that will enrich global research and advocacy agenda for the next two years.

Workshop Overview

The purpose of the three day workshop is as follows:

To understand the privacy discourse and identify the challenges faced in advancing the right to privacy across the globe.
To consolidate our network and look for opportunities for collaboration and cross-pollination for research and advocacy initiatives.
To share experiences about research, dissemination and advocacy strategies that influence policy change.

We envisage this workshop as a launching pad for the work that Privacy International and our global partners will conduct over the next two years under the ambit of the Surveillance and Freedom: Global Understandings and Rights Development (SAFEGUARD) project, funded by the International Development

Research Centre. The focus of the SAFEGUARD project is to understand what are the threats, challenges and obstacles to, and opportunities for, the protection of privacy in developing countries.

Background to the SAFEGUARD project

Nowhere are the challenges to, and opportunities for, privacy protections as dynamic and complex as in the developing world. As these countries seek new measures to develop their economies, build social and technological infrastructures, sustain their social systems, and ensure security they need to consider what are the modern policy frameworks they require to ensure a just society. The windows around these policy frameworks are key opportunities for reflection about rights and democratic values, and in the case of this project, the protection of privacy.

The vast scope and relevance of the right to privacy in this age of technology gives rise to a myriad of challenges and issues, many of which have relevance across, as well as within, borders. This is particularly the case in the developing world, where South-South collaboration is gaining increasing currency in the development sector, and donor countries continue to contribute to and influence policy in recipient countries, particularly with respect to the adoption of new technologies. Many of the trends in developing countries – communications surveillance, biometrics and DNA databases, and identity cards – mirror those being adopted in the global North. Policy laundering and modelling, such as that witnessed with respect to counter-terrorism policies in the aftermath of 9/11 is taking hold in the context of communications surveillance laws and national ID databases. Such phenomena raise concerns not only as to the spread of practices that threaten to undermine privacy, but also with respect to the stifling of national policy discourses and legislative processes.

Conceptual framework

This projects sets out to isolate and understand the challenges to privacy in the developing world. In order to ensure that the research developed is sufficiently targeted to influence policy debates, we have identified a set of themes that cover the range of privacy-related issues and that together will give a comprehensive picture of the difficult relationship between privacy and technology. This set of themes has been developed in collaboration with our partners, who have identified those discussions around which there is perfect storm of advancing surveillance policies and technologies, poor legal and technical safeguards, and a scarcity of research and understanding. We have designed our conceptual framework accordingly.

Research questions

The legal and constitutional landscape: What laws and constitutional provisions exist to protect privacy, how are they implemented and monitored, and where are the legal and policy gaps?

Data protection: What is the state of data protection in partner countries, and what are the local and regional regulatory standards and good practices?

Communications surveillance: What communications surveillance regimes are in place, how are they designed in law and how do they operate in practice?

Adoption of surveillance technologies: Where are governments buying surveillance technologies, and how are they using them? What legal regimes are in place to establish safeguards over the use of advanced surveillance technologies? What is the state of the art in legal protections?

Political intelligence oversight: What is the nature and operation of local intelligence services, what oversight mechanisms are in place, and how can these mechanisms be implemented or enforced?

Politics, Identity, sexual and reproductive health and social sorting: To what the extent do governments misuse personal information to pursue social sorting practices?

Delivery of public services: What is the state of privacy protections in public service delivery, particularly those related to e-health systems and social protection programmes, and how can protections be improved?

ID, DNA and biometrics: What privacy risks are associated with the collection and use of personal information for ID and biometric systems?

Partners

Africa	Latin America	Asia
Zimbabwe Human Rights Forum, Zimbabwe Kenyan Ethical and Legal Issues Network, Kenya Media Institute of Southern Africa, Namibia Jonction, Senegal Centre for Social Sciences Research, University of Cape Town African Platform for Social Protection, Kenya	Dejusticia, Columbia Asociacion por los Derechos Civiles, Argentina Autonomous University of Mexico State, Mexico Centro de Tecnologia y Sociedad, Universidad San Andres, Argentina, in collaboration with the Centro de Tecnologica da Escola de Direito da Fundacao Getulio Vargas, Brasil Instituto NUPEF, Brazil Derechos Digitales, Chile	VOICE, Bangladesh University of Hong Kong, Hong Kong Centre for Internet and Society, India Thai Netizen Network, Thailand Thai Media Policy Center, Thailand Bytes For All, Pakistan Centre for Cyber Law Studies, Indonesia Foundation for Media Alternatives, Philippines

Africa

Latin America

Asia

Zimbabwe Human Rights Forum, Zimbabwe

Kenyan Ethical and Legal Issues Network, Kenya

Media Institute of Southern Africa, Namibia

Jonction, Senegal

Centre for Social Sciences Research, University of Cape Town

African Platform for Social Protection, Kenya

Dejusticia, Columbia

Asociacion por los Derechos Civiles, Argentina

Autonomous University of Mexico State, Mexico

Centro de Tecnologia y Sociedad, Universidad San Andres, Argentina, in collaboration with the Centro de Tecnologica da Escola de Direito da Fundacao Getulio Vargas, Brasil

Instituto NUPEF, Brazil

Derechos Digitales, Chile

VOICE, Bangladesh
University of Hong Kong, Hong Kong
Centre for Internet and Society, India
Thai Netizen Network, Thailand
Thai Media Policy Center, Thailand
Bytes For All, Pakistan
Centre for Cyber Law Studies, Indonesia
Foundation for Media Alternatives, Philippines

Participants

Ababacar Diop
Allan Maleche
Anna Fielder
Anthony Jackson
Arthit Suriyawongkul
Arthur Gwagwa
Ben Hayes
Ben Wagner
Benjamin Barretto
Carly Nyst
Carolin Moeller
Charles Dhewa
Claudio Ruiz
Clement Chen
Danilo Doneda
Eric King
Farjana Akter
Fieke Jansen
Graciela Sulamein
Gus Hosein
Helen Wallace
Juan Camilo Rivera
Karelle Dagon
Katitza Rodriguez
Kevin Donovan
Levinson Kabwato
Malavika Jayaram
Mathias Vermeulen
Michael Rispoli
Nelson Arteaga Botello
Pablo Palazzi
Pirongrong Ramasoota
Ramiro Alvarez Ugarte
Richie Tynan
Sam Smith
Sinta Dewi Rosadi
Shahzad Ahmed
Sinta Dewi Rosadi
Sunil Abraham
Stephanie Perrin
Tavengwa Nhongo
Vera Franz
Vicky Nida
Vivian Newman Pont

Agenda

Friday, March 22, 2013: Reception

Meet with Privacy International staff members and advisors, and workshop participants from more than 20 countries in Latin America, Asia, Africa, Europe and Central Asia. Food and drinks will be provided.

Time: 6.00 p.m.
Location: 2nd Floor, 46 Bedford Row, London WC1R 4LR
Contact: 0207 242 2836
Getting there: Our office is a short walk 10 minute from your hotel. See Map 1 below for directions.

Saturday, March 23, 2013: Day 1 (Objectives and Reviewing the Landscape)

10:00 a.m. - Welcome Breakfast: Setting The Scene
Location: Mercure London Bloomsbury restaurant

Welcome and introduction

Overview of PI’s work in developing countries

Participant introductions

Setting the agenda

12:30 p.m. - Session 1: Reviewing The Landscape
Location: Old Building, Room 3.21, London School of Economics and Political Science, Houghton Street, London WC2A 2AE

Mapping privacy in constitutions

Masterclass 1: communications surveillance laws around the world

Break-out groups on assigned topics, and reporting back

2:30 p.m. - Afternoon tea

Privacy quiz

Masterclass 2: SIM card registration

Building a network: how can PI facilitate your work?

Masterclass 3: Oversight of intelligence agencies

6:00 p.m. - Drinks

7:00 p.m. - Dinner

Location: Tohbang, 164 Clerkenwell Road
http://www.tohbang.com/sub_eng/main.php

Sunday, March 24: Day 2 (Research Topics and Strategies)

Location: Old Building, Room 3.21, London School of Economics and Political Science, Houghton Street, London WC2A 2AE

10:00 a.m. - Recap of day one

Masterclass 4 - The UN Universal Periodic Review

Open-space - research and policy priorities

1:00 p.m. - Lunch
Location: Ship Tavern, Holborn

2:30 p.m. - Reconvene

Open space - research, dissemination and communication strategies

Wrapping up and going forward

6:00 p.m. - Dinner
Location: Wahaca, Charlotte St, http://www.wahaca.co.uk/

For more details visit https://cis-india.org/news/global-partners-meeting-london

Indian police set up lab to monitor social media

praskrishna — 2013-03-19T09:23:12Z

Mumbai police have set up India's first "social media lab" to monitor Facebook, Twitter and other networking sites, sparking concerns about freedom of speech online.

This was published by AFP on March 18, 2013. This was also carried in Global Post on the same day. Sunil Abraham is quoted.

A specially-trained team of 20 police officers will staff the lab, which was launched over the week end and will work around the clock to keep an eye on issues being publicly discussed and track matters relating to public order.

"They will work under Special Branch. They will monitor and find out which topics are trending among the youth so we can plan law and order in a good way," police spokesman Satyanarayan Choudhary told AFP on Monday.

In November police sparked outrage and fierce debate about India's Internet laws by arresting two young women over a Facebook post criticising the shutdown of Mumbai after the death of a local hardline politician.

The pair were arrested under laws including section 66a of the Information Technology Act, which forbids "sending false and offensive messages through communication services" and can lead to three years in jail.

The case followed several arrests across the country for political cartoons or comments made online.

Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society research group, said the "natural reaction" was to worry about the new police lab given the way the law has been used.

"Police in the last four years have acted in an arbitrary and random fashion, often using the IT Act to settle political scores," he told AFP.

"When there's no crisis for the police, proactively keeping an eye on what people are saying or doing is overkill," he said.

Choudhary said the lab was not set to censor comments, echoing a statement made by police commissioner Satyapal Singh at the launch.

"By reading the mindset of what people are writing on various modes of communication, we will try to provide better and improved safety and security to the Mumbai citizens," Singh said.

For more details visit https://cis-india.org/news/afp-march-18-2013-indian-police-set-up-lab-to-monitor-social-media

Human DNA Profiling Bill 2012 Analysis

Jeremy Gruber — 2013-03-19T09:53:22Z

Jeremy Gruber from the Council for Responsible Genetics, US provides an analysis of the Human DNA Profiling Bill, 2012. He says that India’s updated 2012 Human DNA Profiling Bill offers largely superficial changes from its predecessor, the Draft DNA Profiling Bill, 2007.

Indeed, where there are significant departures from prior language, they tend to raise additional privacy and human rights concerns. Overall the current version of the Bill is littered with significant and striking human rights and privacy concerns and, if passed in its current form, would place India far outside the mainstream of both law and policy in this area. Beyond the privacy and human rights concerns that are addressed in this analysis of the Bill, the breadth of the structural and financial costs of enacting the Bill in its current form should also be seriously considered as they would most certainly be staggeringly high.

Bill Analysis

Introduction

The introduction of the Bill sets out the broad policy objectives of its drafters. The most telling portion in paragraph 1 states: “[DNA analysis] makes it possible to determine whether the source of origin of one body substance is identical to that of another, and further to establish the biological relationship, if any, between two individuals, living or dead without any doubt.” (emphasis added). It is evident that the policy animating the Bill presupposes the objective infallibility of genetic analysis. This patent mistruth underpins the policy rationale for the Bill, and as such casts a long shadow over its substantive provisions. At the very least, it tells the reader (and perhaps one day the court) to broadly interpret the Bill’s language to favor DNA analysis as the privileged solution to investigational and prosecutorial needs. This provision, and indeed the bill as a whole, ignores the occurrence of false matches, cross-contamination, laboratory error and other limitations of forensic DNA analysis.

The introduction goes on to state, truthfully, that “DNA analysis offers sensitive information which, if misused can cause harm to person or society.” However this statement does not acknowledge that DNA analysis often causes more harm when used as intended as part of unnecessarily expansive powers given to law enforcement authorities. Indeed this is further illustrated by language showing the legislative intent to draft a broad based bill that would govern the use of DNA in a variety of civil and criminal proceedings as well as for purposes to be determined at a later point.

Definitions (Chapter II)

A number of the Bill’s definitions are overbroad, further expanding the scope of its later provisions. The “crime scene index” is defined to include “DNA profiles from forensic material found . . . on or within the body of any person, on anything, or at any place, associated with the commission of a specified offence.” Chapter II(2)(iv). A “specified offence” is defined as any “offence listed in Part 1of the Schedule [to the Bill].” Part 1 of the “Schedule,” on page 56 of the Bill , includes in (A) “Offences under Indian Penal Code” without any specification. In the 2007 version of the bill, the language related to criminal offences was incredibly expansive but specified the various crimes covered inc. rape,“offences relating to dowry,” defamation, and “unnatural offenses.” (See 2007 Bill Schedule p. 34). The current Bill version dispenses with such identified crimes and seemingly expands the Schedule to create an “all crimes” database. The new Bill (Section B) further adds a variety of additional offences under special laws ranging from the Medical Termination of Pregnancy Act to the Motor Vehicles Act and empowers the Board to add any new law it wants to the Schedule. Section C of the Schedule identifies a wide variety of civil matters to be included in the Schedule including disputes related to paternity, pedigree, and organ transplantation. In adds additional civil categories not contemplated by prior versions of the Bill including issues related to assisted reproductive technologies, issues related to immigration/emigration and similar to Section B of the Schedule and in another significant departure from previous Bill versions, empowers the Board to include any other civil matter it chooses in the future. The Crime Scene Index also defines victim expansively to include a person “reasonably suspected of being a victim” (Section 2 ii). Taken together, the government is empowered to conduct genetic testing on almost anyone in any way connected with even minor infractions of the criminal law or involved in virtually any civil proceeding.

The definition of “offender” (Section 2y) is not limited to one with a criminal conviction but includes anyone even charged with an offense, thereby expanding coverage of the criminal provisions of the Bill to include individuals who have not yet been convicted of any crime.

The crucial term “suspect” (Section 2zi) is defined as anyone “suspected of having committed an offence.” By intentionally leaving out the qualifier “specified,” the drafters’ intent is plain: to sweep within the Bill’s breadth all persons suspected of any crime whatsoever even if there is insufficient probable cause for arrest. And, accordingly, the Bill defines the “suspects index” to include “DNA profiles derived from forensic material lawfully taken from suspects.”

Furthermore the definitions include a category of persons entitled “volunteers,” (Section 2 zo) defined as “a person who volunteers to undergo a DNA procedure and, in case of a child or incapable person, his parent or guardian having agreed…” There is no additional clarification as to how this category might be treated in practice but without any clear provisions for informed consent, it is highly unlikely that such participation will be truly voluntary; especially without provisions for decision making subsequent to offering the sample such as future expungement from the system.

Taken together the definitions of victim, offender and suspect expand the reach of this Bill to a broad range of potentially innocent individuals involved in the criminal justice system, while the Schedule and definition of “volunteers” sweep a broad range of categories of innocent citizens into the purview of this Bill- including children and the mentally incapacitated-having nothing to do with the criminal justice system. There is simply no corollary in any other country to such expansive authority. The Bill places India far outside the mainstream of policy in this area and raises serious and far ranging human rights concerns

DNA Profiling Board (Chapter III)

The DNA Profiling Board (hereinafter “Board”) is responsible for administering and overseeing the Indian DNA database . Oversight is an important and valuable concept, however the value of such principles in this Bill are completely overshadowed by the expansive powers given to the Board.

The Bill lays out a number of fields from which the members are to be chosen inc. molecular biology, population biology, criminal justice and bioethics. There is no representation from civil society human rights organizations or the criminal defense bar to ensure that privacy, human rights and the general public interest are ensured. Furthermore the Chief Executive Office of the Board is to be a scientist and therefore unlikely to be familiar with criminal justice matters and evaluations of their efficacy. (Chapter III, Section 10)

The Board is given an almost limitless list of responsibilities including “recommendations for maximizing the use of DNA techniques and technologies (Section 10k) and identifying scientific advances that may assist law enforcement (Section 10L). Such powers are particularly concerning because the Bill does not include any privacy provisions whatsoever but rather invests in the Board the power to make “recommendations for privacy protection laws, regulations and practices relating to access to, or use of stored DNA samples or DNA analyses,” as well as “mak[ing] specific recommendations to . . . ensure the appropriate use and dissemination of DNA information [and] take any other necessary steps required to be taken to protect privacy.” (Section 10o and p). Furthermore the Board is given the responsibility of “deliberating and advising on all ethical and human rights issues emanating out of DNA profiling.” (Section 10t).

These provisions are in lieu of any substantive language limiting the scope of the legislation, and protecting privacy and human rights principles (which the bill otherwise lacks.) These are significant omissions. As expressed in the introduction, the stated purpose of the Bill is “to enhance protection of people in the society and [the] administration of justice.” Taken alone, this Bill actually expresses only the government’s interest in the legislation, suggesting an ambiguously wide scope for its provisions. Substantive concepts of individual privacy and human rights are required to counterbalance the interests of the government and provide protections for the equally vital privacy and human rights interests of the individual. As such, limiting privacy and human rights principles should be included alongside the expression of the government’s security interest. Without it, the Board will effectively have carte blanche with regard to what privacy and human rights protections are—or are not—adopted.

Also in a departure from previous versions of this Bill, this Bill expands the Boards powers to include areas of policy beyond the coverage of the Bill’s other provisions including “intellectual property issues. (Section 10i)

Finally, as noted earlier in the discussion of the Schedule (and in a significant departure from previous versions of the Bill), the Board is given total control to expand every category of person to be included under the Bill. In a democratic system of government, such decisions should rest exclusively with the Parliament and therefore be subject to the checks and balances of government as well as the transparency necessary to ensure public participation. Leaving such decision making to an unelected body raises serious human rights concerns.

Approval of Laboratories (Chapter IV)

Sections 13 to 17 provide for the approval by the DNA Profiling Board of DNA laboratories that will process and analyze genetic material for eventual inclusion on the DNA database. Under Section 13, all laboratories must be approved in writing prior to processing or analyzing any genetic material. However, a conflicting provision appears in the next section, Section 14(2), which permits DNA laboratories in existence at the time the legislation is enacted to process or analyze DNA samples immediately, without first obtaining approval.

Either an oversight on the part of the drafters, or the product of overly-vague language, the result is that established genetic laboratories—including whatever genetic material or profiles they may already have for whatever reason—are in effect “grandfathered” into the system. The only review of these laboratories is the post hoc approval of the laboratory by the DNA profiling board. The potential for abuse and error that this conflict of provisions would be best addressed in keeping with the rule articulated in Section 13, i.e. correcting the language of Section 14(2) that allows for laboratories to be “grandfathered” into the system.

Standards, Obligations of DNA Laboratory (Chapter V)

Chapter V, which concerns the obligations of and the standards to be observed by approved DNA laboratories, lacks adequate administrative requirements. For example, Section 21 requires that labs ensure “adequate security” to minimize contamination without providing for accountability in the event of contamination. Similarly, Section 27 provides for audits of DNA laboratories only, withholding from similar scrutiny of the DNA Profiling Board itself. However, the greatest limitation of every Section of this Chapter is that rather than offering any specific substantive requirements, they instead offer categories requiring attention “as may be specified “ by the DNA Board. Any actual standard or obligation by a laboratory is set entirely by the DNA Board. Minimum standards must be set by law to ensure compliance.

Infrastructure and Training (Chapter VI)

Similar to Chapter V, this section offers no legislative benchmarks but rather categories of activities, with further regulation “as may be specified” by the Board. As noted earlier, there are serious concerns in using DNA analysis with regards to false matches, cross-contamination and laboratory error. Not taking such concerns seriously, and taking serious steps to minimize their occurrence, can lead to significant distrust of government and police authority when such incidents occur.

DNA Databank (Chapter VII)

In addition on one national DNA database, the Bill sanctions the several Indian states to maintain their own DNA databases, provided these state-level databases forward copies of their content to the national database. Section 32(3). Section 32(5) states that the indices should include records related thereto” the DNA analysis. (See also Section 35(b)) Such provisions allow for access to “the information” contained in the database, not simply “the DNA profiles” contained in the database. Without further clarification it would appear to authorize an unlimited amount of private information unrelated to identification to be included in the indices.

The national database is envisioned to comprise several sub-databases (Section 32(4)), each to contain the genetic information of a subset of persons/samples, namely: (a) unidentified crime scene samples, (b) samples taken from suspects, (c) samples taken from offenders inc. persons convicted or currently subject to prosecution for criminal offenses (d) samples associated with missing persons, (e) samples taken from unidentified bodies, (f) samples taken from “volunteers,” and finally (g) samples taken for reasons “as may be specified by regulations made by the Board. Section 33 (4) et seq. Putting to one side the breadth of persons subject to inclusion under subcategories (1) through (6), subsection (7) appears on its face to be a “catch all” provision, leaving one only to guess at the circumstances under which its specificities may be promulgated.

A close reading of Section 32(6) strongly suggests that the agency conducting the forensic analyses and populating the DNA database shall retain the actual DNA samples thereafter. This section reads in relevant part:

The “DNA Data Bank shall contain . . . the following information, namely: (a) in case of a profile in the offenders index, the identity of the person from whose body substance or body substances the profile was derived, and (b) in case of all other profiles, the case reference number of the investigation associated with the body substance or body substances from which the profile was derived.

Allowing retention of the biological sample, even after a profile has been created from it, in conjunction with the unlimited ability of the Board to create regulations for additional uses of that sample raises serious privacy and human rights concerns.

Moreover, rather than choosing to link the DNA profile data to a specific offender or case, the drafters of the Bill instead link the “body substance or body substances” with that specific offender or case. Whether sloppy drafting or clever nuance, this provision equates the DNA profile with the DNA sample, injecting unneeded—and potentially harmful—ambiguity into the proposed law.

Section 37 (1) allows for indefinite retention of information in the offenders index (which includes individuals charged with an offense but not convicted). This provision raises serious human rights concerns as it would appear to allow indefinite retention of profiles of individuals who have not been convicted of a crime. This directly conflicts with Section 37 (II) which allows for expungement when a certified copy of a court order stating that the individual in question has been acquitted. This provision also appears to conflict with Chapter VIII Section 43(b) which appears to allow indefinite retention of DNA of suspects even after they’ve been excluded from an investigation. Indeed no process or procedures for expungement and removal of records are in place for suspects generally who are never charged or for any of the other categories of indices that are present in the Bill, thereby raising serious question as to how and even whether such profiles can be removed from the Databank.

Confidentiality, Access to DNA Profiles, Samples, and Records (Chapter VIII)

Two further provisions regarding access to the database warrant close scrutiny. First, Sections 39 and 40 confers upon the Board the unlimited power to expand categories for which DNA profiles, samples and records can be used. Considering that the Bill (Section 40(e)) already questionably allows such records to be used for population research, these provisions raise serious questions as to the classes of potential use such private information might be subject.
Sections 40-42 purport to confer upon the police and other authorized individuals direct access to all of the information contained in the national DNA database. While administratively expedient, this arrangement opens up the possibility for misuse. A more prudent system would place the Board (or some administrative subordinate portion thereof) between the police and the content of the DNA database, with the latter having to make specific and particular requests to the former. This would minimize the risks inherent in the more expansive model of database access the bill currently envisions.

Section 45 related to post-conviction DNA testing has the laudable goal of offering “any individual undergoing a sentence of imprisonment or death pursuant to conviction for an offence, may apply to the court which convicted him for an order of DNA testing” in order to prove their innocence. However such an application lists eleven separate criteria that such an applicant must meet before qualifying, and allows a court total discretion in deciding whether all such criteria have been met. High barriers and absolute discretion make such testing highly unlikely and therefore make a provision seeming to offer human rights protections completely hollow.

Offences and Penalties (Chapter X)

This chapter lays out penalties for misuse of the Database. Most notably, the bill specifically excludes a private cause of action for the unlawful collection of DNA, or for the unlawful storage of private information on the national DNA database. A new provision in Section 58 does allow for an aggrieved person to petition the Central Government or Board if an instance of misuse is not being addressed but such provision does not contain any required processes such entities must follow in responding to such a petition, making an otherwise positive new provision relatively empty. Nor does the bill grant an individual right to review one’s personal data contained on the database. Without these key features, there are limited checks against the unlawful collection, analysis, and storage of private genetic information on the database.

Best Practices Analysis

Collection of DNA

With consent: only for a specific investigation (e.g. from a victim or for elimination purposes). Volunteers should not have information entered on a database.	No provision.
Without consent: only from persons suspected of a crime for which DNA evidence is directly relevant i.e. a crime scene sample exists or is likely to exist. Or, broader categories?	No provision.
Requirement for an order by a court? Or allowed in other circumstances?	No provision.
Samples collected by police officers, or only medical professionals? Must take place in a secure location i.e. not on the street, etc.	No provision.
Provision of information for all persons from whom DNA is taken.	No provision.
Crime scenes should be promptly examined if DNA evidence is likely to be relevant, and quality assurance procedures must protect against contamination of evidence.	No provision; regulated at discretion of DNA Profiling Board.

Analysis of DNA

Should take place only in laboratories with quality assurance.	Regulated at discretion of DNA Profiling Board.
Laboratories should be independent of police.	No provision; regulated at discretion of DNA Profiling Board.
Profiling standards must be sufficient to minimize false matches occurring by chance. This must take account of increased likelihood of false matches in transboundary searches, and with relatives.	No provision; regulated at discretion of DNA Profiling Board.

Storage of DNA and Linked Data

Data from convicted persons should be separate from others e.g. missing persons’ databases.	Unclear.
Access to databases and samples must be restricted and there must be an independent and transparent system of governance, with regular information published e.g. annual reports, minutes of oversight meetings.	Access to database at discretion of DNA Data Bank Manager.
Personal identification information should not be sent with samples to laboratories.	No provision; regulated at discretion of DNA Profiling Board.
Any transfer of data e.g. from police station to lab or database, must be secure.	No provision; regulated at discretion of DNA Profiling Board.

Uses of Samples and Data

Research uses should be restricted to anonymised verification of database performance (e.g. checking false matches etc.). Third party access to data for such purposes should be allowed, provided public information on research projects is published. There should be an ethics board.	No provision.
Research uses for other purposes e.g. health research, behavioral research should not be allowed.	No provision.
Uses should be restricted by law to solving crimes or identifying dead bodies/body parts. Identification of a person is not an acceptable use. Missing persons databases (if they exist) should be separate from police databases. .	Ambiguous provisions suggest much wider scope.
Any transfer of data e.g. from police station to lab or database, must be secure.	No provision.

Destruction of DNA and Linked Data

DNA samples should be destroyed once the DNA profiles needed for identification purposes have been obtained from them, allowing for sufficient time for quality assurance, e.g. six months.	DNA samples are retained.
An automatic removals process is required for deletion of data from innocent persons. This must take place within a reasonable time of acquittal, etc.	No provision.
There should be limits on retention of DNA profiles from persons convicted of minor crimes.	No provision.
There should be an appeals process against retention of data.	No provision.
Linked data on other databases (e.g. police record of arrest, fingerprints) should be deleted at the same time as DNA database records.	No provision.
Crime scene DNA evidence should be retained for as long as a reinvestigation might be needed (including to address miscarriages of justice).	DNA evidence permitted to be retained indefinitely.

Use in court

Individuals must have a right to have a second sample taken from them and reanalyzed as a check.	No provision.
Individuals must have a right to obtain re-analysis of crime scene forensic evidence in the event of appeal.	Allowed but with impossibly high barriers.
Expert evidence and statistics must not misrepresent the role and value of the DNA evidence in relation to the crime. .	No provision.

Other

Relevant safeguards must be proscribed by law and there should be appropriate penalties for abuse.	No provision.
Impacts on children and other vulnerable persons (e.g. mentally ill) must be considered.	No provision.
Potential for racial bias must be minimized.	No provision.

Click for more information on the Council for Responsible Genetics.

For more details visit https://cis-india.org/internet-governance/blog/human-dna-profiling-bill-analysis

Workshop on the Unique Identity Number (UID), the National Population Register (NPR) and Governance: What will happen to our data?

maria — 2013-07-12T15:28:50Z

On March 2nd, 2013, the Centre for Internet and Society and the Say No to UID campaign organized a workshop to discuss the present state of the UID and NPR schemes. Some of the questions which were addressed included ´How do the UID and NPR impact citizenship´, ´Why and how is national security linked to UID/NPR´, and ´What is the relationship between UID and Big Data´.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

“The UIDAI will own our data...When we hand over information, we hand over the ownership of that data...”, stated Usha Ramanathan, legal researcher and human rights activist.She also pointed out that, although the UID has been set up by an executive order, there is no statute which legally backs up the UID. In other words, the collection of our data through the UID scheme is currently illegal in India, hinging only on an executive order. However, Usha Ramanathan stated that if the UID scheme is going to be carried out, it is highly significant that a statute for the UID is enacted to prevent potential abuse of human rights, especially since the UIDAI is currently collecting, sharing, using and storing our data on untested grounds.

´What is alarming is that the Indian government has not even attempted to legalize the UID! When a government does not even care about legalizing its actions, then we have much bigger problems...”

The NPR is legally grounded in the provisions of the Citizenship Act 1955 and in the Citizenship Rules 2003 and it is mandatory for every usual resident in India to register with the NPR. Even though the collection of biometrics is not accounted for in the statute or rules, the NPR is currently collecting photographs, iris prints and fingerprints. Concerns regarding the use of biometrics in the UID and NPR schemes were raised during the workshop; biometrics are not infallible and can be spoofed, an individual´s biometrics can change in response to a number of factors (including age, environment and stress), the accuracy of a biometric match depends on the accuracy of the technology used and the larger the population is, the higher the probability of an error. Thus, individuals are required to re-enrol every two to three years, to ensure that the biometric data collected is accurate; but the accuracy of the data is not the only problem. The Indian government is illegally collecting biometrics and as of yet has not amended the 2003 Citizenship Rules to include the collection of biometrics! As Usha Ramanathan stated:

“It´s not really about the UID and the NPR per se...it´s more about the idea of profiling citizens and the technologies which enable this...”

In his presentation, Anant Maringanti, from the Hyderabad Urban Labs and Right to the City Foundation, stated that even though seventy seven lakh duplicates have been found, no action has been taken, other than discarding one of them. Despite the fact that enrolment with the UID is considered to be voluntary, children in India are forced to get a unique identification number as a prerequisite of going to school. Anant emphasized that the UID scheme supposedly provides some form of identity to the poor and marginalised groups in India, but it actually targets some of the most vulnerable groups of people, such as HIV patients and sex workers. Furthermore, though Indians living below the poverty line (BPL) are eligible for direct cash transfer programmes, apparently registration with the UID scheme is considered essential to determine whether beneficiaries belong in the BLP category. This is problematic as individuals who have not enrolled in the UID or do not want to enroll in the UID could risk being denied benefits because they did not enroll and thus were not classified in the BPL category. Anant also pointed out that, linking biometric data to a bank account through the UID scheme is basically exposing personal data to fraud. Anant Maringanti characteristically stated:

“I wish the 100 people applying the UID scheme had UIDs so that we could track them...!”

Following the end of the workshop on the UID and NPR schemes, CIS interviewed Usha Ramanathan and Anant Maringanti:

The workshop can be viewed in two parts:

For more details visit https://cis-india.org/internet-governance/blog/workshop-on-the-uid-and-npr

New $1 Billion RIC Project Casts Doubts on Aadhaar

praskrishna — 2013-04-04T08:28:51Z

The Indian Government is going ahead with a new project dubbed RIC that will effectively undermine the existing UIDAI – Unique Identification Authority of India project and will cost a whopping $1 billion.

This was published in AEG India on March 16, 2013. Sunil Abraham is quoted.

The National Population Register and the Unique Identification Authority of India (UIDAI) are the two organizations which will capture the biometric details of the citizens and will develop the resident identity card (RIC) and create the unique identifier number (UID) popularly known as Aadhar number respectively.

Both the RIC and UID projects are designed to unify the distribution of social and welfare services to the citizens. Sunil Abraham, Executive Director of Centre for Internet and Society India, said that the ID number and the ID smartcard are both different and are not at all complementary as declared by the Indian Government previously.

The ID number and the ID smart card are two completely separate visions. They cannot be mixed up together to make some kind of salad which can be consumed partly, added Abraham.

He said that it was easy for the Indian government to proceed simultaneously with both the projects rather than cancelling the much criticized Aadhaar project.

Minister P. Karunakaran, on March 12 in the Lok Sabha, asked R.P.N. Singh, the Minister of State, to clarify the confusion over the proposed biometric identity card and the UID (Aadhaar number). The government has planned to spend more than US$1 billion to issue the Indian citizens a resident identity card (RIC) which will also feature the Aadhaar number as well.

For more details visit https://cis-india.org/news/aeg-india-march-16-2013-new-dollar-one-billion-ric-project-casts-doubts-on-aadhar

Hacking without borders: The future of artificial intelligence and surveillance

maria — 2013-07-12T15:30:27Z

In this post, Maria Xynou looks at some of DARPA´s artificial intelligence surveillance technologies in regards to the right to privacy and their potential future use in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Robots or computer systems controlling our thoughts is way beyond anything I have seen in science fiction; yet something of the kind may be a reality in the future. The US Defence Advanced Research Projects Agency (DARPA) is currently funding several artificial intelligence projects which could potentially equip governments with the most powerful weapon possible: mind control.

Combat Zones That See (CTS)

Source: swanksalot on flickr

Ten years ago DARPA started funding the Combat Zones That See (CTS) project, which aims to ´track everything that moves´ within a city through a massive network of surveillance cameras linked to a centralized computer system. Groundbreaking artificial intelligence software is being used in the project to identify and track all movement within cities, which constitutes Big Brother as a reality. The computer software supporting the CTS is capable of automatically identifying vehicles and provides instant alerts after detecting a vehicle with a license plate on a watch list. The software is also able to analyze the video footage and to distinguish ´normal´ from ´abnormal´ behavior, as well as to discover links between ´places, subjects and times of activity´ and to identify patterns. With the use of this software, the CTS constitute the world´s first multi-camera surveillance system which is capable of automatically analyzing video footage.

Although the CTS project was initially intended to be used for solely military purposes, its use for civil purposes, such as combating crime, remains a possibility. In 2003 DARPA stated that 40 million surveillance cameras were already in use around the world by law enforcement agencies to combat crime and terrorism, with 300 million expected by 2005. Police in the U.S. have stated that buying new technology which may potentially aid their work is an integral part of the 9/11 mentality. Considering the fact that literally millions of CCTV cameras are installed by law enforcement agencies around the world and that DARPA has developed the software that has the capability of automatically analyzing data gathered by CCTV cameras, it is very possible that law enforcement agencies are participating in the CTS network.

However if such a project was used for non-military level purposes, it could raise concerns in regards to data protection, privacy and human rights. As a massive network of surveillance cameras, the CTS ultimately could enable the sharing of footage between private parties and law enforcement agencies without individuals´ knowledge or consent. Databases around the world could be potentially linked to each other and it remains unclear what laws would regulate the access, use and retention of such databases by law enforcement agencies of multiple countries. Furthermore, there is no universal definition for ´normal´ and ´abnormal´ behaviour, thus if the software is used for its original purpose, to distinguish between “abnormal” and “normal” behaviour, and used beyond military purposes, then there is a potential for abuse, as the criteria for being monitored, and possibly arrested, would not be clearly set out.

Mind´s Eye

Source: watchingfrogsboil on flickr

A camera today which is only capable of recording visual footage appears futile in comparison to what DARPA´s creating: a thinking camera. The Mind´s Eye project was launched in the U.S. in early 2011 and is currently developing smart cameras endowed with ´visual intelligence´. This ultimately means that artificial intelligence surveillance cameras can not only record visual footage, but also automatically detect ´abnormal´ behavior, alert officials and analyze data in such a way that they are able to predict future human activities and situations.

Mainstream surveillance cameras already have visual-intelligence algorithms, but none of them are able to automatically analyze the data they collect. Data analysts are usually hired for analyzing the footage on a per instance basis, and only if a policeman detects ´something suspicious´ in the footage. Those days are over. General James Cartwright, the vice chairman of the Joint Chiefs of Staff, stated in an intelligence conference that “Star[ing] at Death TV for hours on end trying to find the single target or see something move is just a waste of manpower.” Today, the Mind´s Eye project is developing smart cameras equipped with artificial intelligence software capable of identifying operationally significant activity and predicting outcomes.

Mounting these smart cameras on drones is the initial plan; and while that would enable military operations, many ethical concerns have arisen in regards to whether such technologies should be used for ´civil purposes.´ Will law enforcement agencies in India be equipped with such cameras over the next years? If so, how will their use be regulated?

SyNAPSE

Source: A Health Blog on flickr

The Terminator could be more than just science fiction if current robots had artificial brains with similar form, function and architecture to the mammalian brain. DARPA is attempting this by funding HRL Laboratories, Hewlett-Packard and IBM Research to carry out this task through the Systems of Neuromorphic Adaptive Plastic Scalable Electronics (SyNAPSE) programme. Is DARPA funding the creation of the Terminator? No. Such artificial brains would be used to build robots whose intelligence matches that of mice and cats...for now.

SyNAPSE is a programme which aims to develop electronic neuromorphic machine technology which scales to biological levels. It started in the U.S. in 2008 and is scheduled to run until around 2016, while having received $102.6 million in funding as of January 2013. The ultimate aim is to build an electronic microprocessor system that matches a mammalian brain in power consumption, function and size. As current programmable machines are limited by their computational capacity, which requires human-derived algorithms to describe and process information, SyNAPSE´s objective is to create biological neural systems which can autonomously process information in complex environments. Like the mammalian brain, SyNAPSE´s cognitive computers would be capable of automatically learning relevant and probabilistically stable features and associations, as well as of finding correlations, creating hypotheses and generally remembering and learning through experiences.

Although this original type of computational device could be beneficial to predict natural disasters and other threats to security based on its cognitive abilities, human rights questions arise if it were to be used in general for surveillance purposes. Imagine surveillance technologies with the capacity of a human brain. Imagine surveillance technologies capable of remembering your activity, analyzing it, correlating it to other facts and/or activities, and of predicting outcomes; and now imagine such technology used to spy on us. That might be a possibility in the future.

Such cognitive technology is still in an experimental phase and although it could be used to tackle threats to security, it could also potentially be used to monitor populations more efficiently. No such technology currently exists in India, but it could only be a matter of time before Indian law enforcement agencies start using such artificial intelligence surveillance technology to supposedly enhance our security and protect us.

Brain-Computer Interface (BCI)

Remember Orwell's ´Thought Police´? Was Orwell exaggerating just to get his point across? Well, the future appears to be much scarier than Orwell's vision depicted in 1984. Unlike the ´Thought Police´ which merely arrested individuals who openly expressed ideas or thoughts which contradicted the Party´s dogma, today, technologies are being developed which can literally read our thoughts.

Once again, DARPA appears to be funding one of the world´s most innovative projects: the Brain-Computer Interface (BCI). The human brain is far better at pattern matching than any computer, whilst computers have greater analytical speed than human brains. The BCI is an attempt to merge the two together, and to enable the human brain to control robotic devices and other machines. In particular, the BCI is comprised of a headset (an electroencephalograph - an EEG) with sensors that rest on the human scalp, as well as of software which processes brain activity. This enables the human brain to be linked to a computer and for an individual to control technologies without moving a finger, but by merely thinking of the action.

Ten years ago it was reported that the brains of rats and monkeys could control robot arms through the use of such technologies. A few years later brainstem implants were developed to tackle deafness. Today, brain-computer interface technologies are able to directly link the human brain to computers, thus enabling paralyzed people to conduct computer activity by merely thinking of the actions, as well as to control robotic limbs with their thoughts. BCIs appear to open up a new gateway for disabled persons, as all previously unthinkable actions, such as typing on a computer or browsing through websites, can now be undertaken by literally thinking about them, while using a BCI.

Brain-controlled robotic limbs could change the lives of disabled persons, but ethical concerns have arisen in regards to the BCI´s mind-reading ability. If the brain can be used to control computers and other technologies, does that ultimately mean that computers can also be used to control the human brain? Researchers from the University of Oxford and Geneva, and the University of California, Berkley, have created a custom programme that was specially designed with the sole purpose of finding out sensitive data, such as an individuals´ home location, credit card PIN and date of birth. Volunteers participated in this programme and it had up to 40% success in obtaining useful information. To extract such information, researchers rely on the P300 response, which is a very specific brainwave pattern that occurs when a human brain recognizes something that is meaningful, whether that is personal information, such as credit card details, or an enemy in a battlefield. According to DARPA:

´When a human wearing the EEG cap was introduced, the number of false alarms dropped to only five per hour, out of a total of 2,304 target events per hour, and a 91 percent successful target recognition rate was introduced.´

This constitutes the human brain as a new warfighting domain of the twenty-first century, as experiments have proven that the brain can control and maneuver quadcopter drones and other military technologies. Enhanced threat detection through BCI´s scan for P300 responses and the literal control of military operations through the brain, definitely appear to be changing the future of warfare. Along with this change, the possibility of manipulating a soldier´s BCI during conflict is real and could lead to absolute chaos and destruction.

Security expert, Barnaby Jack, of IOActive demonstrated the vulnerability of biotechnological systems, which raises concerns that BCI technologies may also potentially be vulnerable and expose an individual's´ brain to hacking, manipulation and control by third parties. If the brain can control computer systems and computer systems are able to detect and distinguish brain patterns, then this ultimately means that the human brain can potentially be controlled by computer software.

Will BCI be used in the future to interrogate terrorists and suspects? What would that mean for the future of our human rights? Can we have human rights if authorities can literally hack our brain in the name of national security? How can we be protected from abuse by those in power, if the most precious thing we have - our thoughts - can potentially be hacked? Human rights are essential because they protect us from those in power; but the privacy of our thoughts is even more important, because without it, we can have no human rights, no individuality.

Sure, the BCI is a very impressive technological accomplishment and can potentially improve the lives of millions. But it can also potentially destroy the most unique quality of human beings: their personal thoughts. Mind control is a vicious game to play and may constitute some of the scariest political novels as a comedy of the past. Nuclear weapons, bombs and all other powerful technologies seem childish compared to the BCI which can literally control our mind! Therefore strict regulations should be enacted which would restrict the use of BCI technologies to visually impaired or handicapped individuals. Though these technologies currently are not being used in India, explicit laws on the use of artificial intelligence surveillance technologies should be enacted in India, to help ensure that they do not infringe upon the right to privacy and other human rights.

Apparently, anyone can buy Emotiv or Neurosky BCI online to mind control their computer with only $200-$300. If the use of BCI was imposed in a top-down manner, then maybe there would be some hope that people would oppose its use for surveillance purposes; but if the idea of mind control is being socially integrated...the future of privacy seems bleak.

For more details visit https://cis-india.org/internet-governance/blog/hacking-without-borders-the-future-of-artificial-intelligence-and-surveillance