Centre for Internet and Society

ಭಾರತೀಯ ಡಿಎನ್ಎ ಪ್ರೊಫೈಲಿಂಗ್ ಮಸೂದೆಯ ಸೀಳುನೋಟ

praskrishna — 2012-10-03T15:42:54Z

ಭಾರತೀಯ ದಂಡಸಂಹಿತೆಯನ್ನು ೨೦೦೫ರಲ್ಲಿ ತಿದ್ದುಪಡಿ ಮಾಡಲಾಯಿತು. ಇದರ ಉದ್ದೇಶ ಆಪಾದಿತರನ್ನು ಬಂಧಿಸಿದಾಗ ಅವರ ಬಗ್ಗೆ ವಿವಿಧ ವೈದ್ಯಕೀಯ ಮಾಹಿತಿ ಸಂಗ್ರಹಿಸಲು ಕಾನೂನುರೀತ್ಯಾ ಅವಕಾಶ ಕಲ್ಪಿಸುವುದು.

ದಂಡಸಂಹಿತೆಯ ಸೆಕ್ಷನ್ ೫೩ರ ಪ್ರಕಾರ, ಅಪರಾಧವನ್ನು ಸಾಬೀತು ಪಡಿಸಲು ವೈದ್ಯಕೀಯ ಪರೀಕ್ಷೆ ಸಾಕ್ಷ್ಯ ಒದಗಿಸುತ್ತದೆ ಎಂದು “ನಂಬಲು ತಕ್ಕಮಟ್ಟಿನ ಕಾರಣಗಳಿದ್ದರೆ”, ಆಪಾದಿತನನ್ನು ಬಂಧಿಸಿದಾಗ ಆತನನ್ನು ವೈದ್ಯಕೀಯ ಪರೀಕ್ಷೆಗೆ ಒಳಪಡಿಸಬಹುದು. ೨೦೦೫ರ ತಿದ್ದುಪಡಿಯ ಮೂಲಕ, ಈ ಪರೀಕ್ಷೆಯ ವ್ಯಾಪ್ತಿಯನ್ನು ಇವೆಲ್ಲವನ್ನು ಸೇರಿಸಿಕೊಳ್ಳಲಿಕ್ಕಾಗಿ ವಿಸ್ತರಿಸಲಾಯಿತು: ರಕ್ತದ, ರಕ್ತಕಲೆಗಳ, ವೀರ್ಯದ ಪರೀಕ್ಷೆ, ಲೈಂಗಿಕ ಅಪರಾಧಗಳಲ್ಲಿ ಸ್ವಾಬ್ಗಳ ಪರೀಕ್ಷೆ, ಉಗುಳು, ಬೆವರು, ಕೂದಲಿನ ಸ್ಯಾಂಪಲ್ ಮತ್ತು ಉಗುರಿನ ತುಂಡುಗಳ ಪರೀಕ್ಷೆ. ನಿರ್ದಿಷ್ಟ ಪ್ರಕರಣದಲ್ಲಿ ಅವಶ್ಯವೆಂದು ನೋಂದಾಯಿತ ವೈದ್ಯರು ಭಾವಿಸುವ ಡಿಎನ್ಎ ಪ್ರೊಫೈಲಿಂಗ್ ಹಾಗೂ ಅಂತಹ ಇತರ ಪರೀಕ್ಷೆಗಳ ಸಹಿತವಾಇ ಆಧುನಿಕ ಮತ್ತು ವೈಜ್ನಾನಿಕ ವಿಧಾನಗಳನ್ನು ಬಳಸಿ ವೈದ್ಯಕೀಯ ಪರೀಕ್ಷೆ ನಡೆಸಬೇಕು.

ಕ್ರಿಮಿನಲ್ ಪ್ರಕರಣದಲ್ಲಿ ಆಪಾದಿತ ಷಾಮೀಲಾಗಿರುವುದನ್ನು ತಿಳಿಯಲಿಕ್ಕಾಗಿ ಡಿಎನ್ಎ ಪರೀಕ್ಷೆಗೆ ಆದೇಶ ನೀಡುವುದರ ಕಾನೂನುಬದ್ಧತೆಯನ್ನು ತೊಗೊರಾಣಿ ಅಲಿಯಾಸ್ ಕೆ. ದಮಯಂತಿ ವರ್ಸಸ್ ಒರಿಸ್ಸಾ ಸ್ಟೇಟ್ ಮತ್ತು ಇತರರು (೨೦೦೪ ಕ್ರಿಮಿನಲ್ ಎಲ್ಜೆ ೪೦೦೩ – ಒರಿಸ್ಸಾ) ಪ್ರಕರಣದಲ್ಲಿ ಒರಿಸ್ಸಾ ಹೈಕೋರ್ಟ್ ಎತ್ತಿ ಹಿಡಿದಿದೆ. ಡಿಎನ್ಎ ಪರೀಕ್ಷೆಗೆ ಆಪಾದಿತ ಸಹಕರಿಸದಿದ್ದರೆ, ಅವನ ಬಗ್ಗೆ ವ್ಯತಿರಿಕ್ತ ಅಭಿಪ್ರಾಯ ಮೂಡುತ್ತದೆ.

ಈ ವಿಷಯದಲ್ಲಿ ವೈಯುಕ್ತಿಕ ಗೌಪ್ಯತೆಯ ಅಂಶಗಳನ್ನು ಪರಿಗಣಿಸಿದ ಬಳಿಕ, ಡಿಎನ್ಎ ಪರೀಕ್ಷೆ ಆದೇಶಿಸುವ ಮುನ್ನ, ಈ ವಿಚಾರಗಳನ್ನು ಪರಿಗಣಿಸಬೇಕೆಂದು ಹೈಕೋರ್ಟ್ ನಿರ್ದೇಶನ ನೀಡಿದೆ: (೧) ಅಪರಾಧ ಎಸಗುವುದರಲ್ಲಿ ಆಪಾದಿತನು ಎಷ್ಟರ ಮಟ್ಟಿಗೆ ಭಾಗವಹಿಸಿರಬಹುದು? (೨) ಅಪರಾಧದ ಗಂಭೀರತೆ ಮತ್ತು ಅಪರಾಧ ಎಸಗಿದ ಸಂದರ್ಭ (೩) ಆಪಾದಿತನ ಪ್ರಾಯ, ದೈಹಿಕ ಮತ್ತು ಮಾನಸಿಕ ಆರೋಗ್ಯ (೪) ಅಪರಾಧದಲ್ಲಿ ಆಪಾದಿತ ಭಾಗವಹಿಸಿದ್ದನ್ನು ಖಚಿತಪಡಿಸುವ ಅಥವಾ ಖುಲಾಸೆ ಮಾಡುವ ಸಾಕ್ಷಾಧಾರಗಳನ್ನು ಸಂಗ್ರಹಿಸುವ ಕಡಿಮೆ ಆತಂಕಕಾರಿಯಾದ ಮತ್ತು ಕಾರ್ಯಸಾಧ್ಯವಾದ ಇತರ ವಿಧಾನಗಳು ಇವೆಯೇ? (೫) ಆಪಾದಿತನು ಡಿಎನ್ಎ ಪರೀಕ್ಷೆಗೆ ಒಪ್ಪಿಗೆ ನಿರಾಕರಿಸಲು ಕಾರಣಗಳೇನು?

ಸಂಸತ್ತಿನ ಅನುಮೋದನೆಗಾಗಿ ಕಾದಿರುವ ೨೦೦೭ರ ಡಿಎನ್ಎ ಪ್ರೊಫೈಲಿಂಗ್ ಮಸೂದೆಯ ಉದ್ದೇಶವನ್ನು ಚುಟುಕಾಗಿ ಹೀಗೆ ಹೇಳಬಹುದು: “ದೇಶದ ಕ್ರಿಮಿನಲ್ ನ್ಯಾಯವ್ಯವಸ್ಥೆಯ ಕಿಂಚಿತ್ ಸಂಪರ್ಕಕ್ಕೆ ಬಂದವರೆಲ್ಲರ ಡಿಎನ್ಎ ವಿವರಗಳನ್ನು ದಾಖಲಿಸುವ “ಕೇಂದ್ರ ಡಿಎನ್ಎ ಮಾಹಿತಿ ಬ್ಯಾಂಕನ್ನು” ರಚಿಸುವ ಮಹತ್ವಾಕಾಂಕ್ಷಿ ಪ್ರಯತ್ನ.” ಅಂದರೆ, ಸಂಶಯಕ್ಕೆ ಒಳಗಾದ ವ್ಯಕ್ತಿಗಳು, ಕಾನೂನು ಮುರಿಯುವವರು, ಕಾಣೆಯಾದ್ವರು ಮತ್ತು ಸ್ವ-ಇಚ್ಚೆಯವರು – ಇವರ ಡಿಎನ್ಎ ವಿವರಗಳ ಡಿಎನ್ಎ ಮಾಹಿತಿ

For more details visit https://cis-india.org/news/cadcbecb0ca4caf-ca1cbfc8eca8ccdc8e-caaccdcb0cabcb2cbfc82c97ccd-caecb8cc2ca6cc6caf-cb8cb3cc1ca8c9f

The DNA Profiling Bill: Developing Best Practices

praskrishna — 2012-09-17T05:54:30Z

On the 27th of September 2012 the Centre for Internet & Society invites the public to a meeting and talk with international experts Helen Wallace from GeneWatch UK, and Jeremy Gruber from the Council for Responsible Genetics from the United States. The meeting will take place from 9.00 a.m. to 1.00 p.m. at the India International Centre, Lodhi Road, New Delhi in Conference Room No. 2.

The public meeting and talk will focus on the proposed DNA Profiling Bill pending in Parliament and explore best practices concerning the collection, storage, and retention of DNA samples and best practices concerning the analysis of DNA samples and use of DNA samples as evidence in courts. Case studies from the US and the UK will be explored to understand what India can do better from the experiences of other countries.

Dr Helen Wallace

Dr Helen Wallace is Director of GeneWatch UK, a not-for-profit organisation which aims to engage members of the public in ensuring that genetic science and technologies are used in the public interest. She is the author of numerous articles and book chapters on the social and ethical issues raised by DNA databases and is widely quoted in the UK press. Helen provided expert evidence to the applicants in the case of S. and Marper v. the UK at the European Court of Human Rights, in which the Court ruled unanimously that the indefinite retention of innocent people's DNA database records was in breach of the European Convention on Human Rights. She has supplied both oral and written evidence on this issue to numerous parliamentary committees including the Scottish Parliament’s Justice Committee and the UK Science and Technology, Home Affairs and Constitutional Committees, as well as the scrutiny committee for the Protection of Freedoms Act 2012. This new Act requires the removal of about a million innocent people's records from the UK National DNA Database and the destruction of all stored biological samples.

Jeremy Gruber

Jeremy Gruber is the JD, President and Executive Director of Council for Responsible Genetics. Jeremy joined CRG in March 2009. Previously he served as the legal director of the National Workrights Institute, a human rights organization dedicated to the rights of American workers. Prior to that he served as the field director for the ACLU’s National Taskforce on Civil Liberties in the Workplace. Jeremy has worked for over a decade on genetic non-discrimination legislation at the state and Federal level. He helped author and pass numerous state laws on genetic non-discrimination. Jeremy is a founder and executive committee member of the Coalition for Genetic Fairness, a group of 500 organizations that advocated for genetic non-discrimination legislation on Capitol Hill and played a major role in the recently passed Genetic Information Non-Discrimination Act (GINA) by Congress. He worked closely with members of Congress and staff on GINA language as well as strategy and support. He is a prolific writer on privacy issues and is often consulted by state legislatures. He is regularly featured in print, radio and television. Jeremy holds a Juris Doctor (J.D.) from St. John’s University School of Law and a B.A. in Politics from Brandeis University.

Forensic DNA: A Human Rights Challenge

The above video was originally posted in YouTube

Click on the links below to download the files:

For more details visit https://cis-india.org/internet-governance/the-dna-profiling-bill-developing-best-practices

DNA Databases and Human Rights

praskrishna — 2012-09-17T05:39:06Z

Using DNA to trace people who are suspected of committing a crime has been a major advance in policing.

For more details visit https://cis-india.org/internet-governance/dna-databases-and-human-rights.pdf

Consumer Privacy

praskrishna — 2012-09-13T09:21:26Z

This chapter will examine the present legal state of consumer privacy in India and seek to understand the gap between policy and implementation of policy. In doing so, it will look at what are the existing avenues for protection of consumer privacy in India, how is the definition of consumer privacy evolving through case law and public opinion, and what are the current challenges to consumer privacy in India. Traditionally speaking, and according to the Consumer Protection Act, 1986, in India, a consumer is a broad label for any person who buys goods or services with the intent of using them for non-commercial purposes. In the typical sense, when people think of themselves as being consumers, they think about transactions with a vendor through a physical exchange of money in a store or through an online exchange for a product or service. Certain services that consumers use put an extraordinary amount of sensitive personal information into the hands of vendors.

For more details visit https://cis-india.org/internet-governance/consumer-privacy.pdf

Seventh Meeting of the Group of Experts on Privacy Issues under the Chairmanship of Justice AP Shah

praskrishna — 2012-09-11T06:20:53Z

The seventh meeting of the Group of Experts on Privacy Issues under the Chairmanship of Justice A.P. Shah, former Chief Justice of Delhi High Court is scheduled to be held on September 18, 2012 at 10.30 a.m. in the Committee Room No. 228, Yojana Bhawan, Sansad Marg, New Delhi - 110001.

The agenda of the meeting is to discuss and finalize the draft report prepared on the basis of the recommendations of the two Sub-Groups of the Expert Group.

The meeting notice was sent by S. Bose, Deputy Secretary (CIT&I) to the following individuals:

Justice A.P. Shah, Chairman
Shri R. S. Sharma, D.G., UIDAI
Shri R. Ragupathi,Additional Secretary, Department of Legal Affairs
Dr. Gulshan Rai, D.G. CERT-In, DeITy
Shri Manoj Joshi, J.S. DOPT
Shri Som Mittal, Nasscom
Ms. Barkha Dutt, NDTV
Ms. Usha Ramanathan
Shri Sunil Abraham, CIS
Dr. Kamlesh Bajaj
Ms. Mala Dutt
Shri R.K. Gupta

For more details visit https://cis-india.org/news/seventh-meeting-of-group-of-experts-sept-18-2012-under-chairmanship-of-justice-shah

UK DNA Database and the European Court of Human Rights: Lessons that India can Learn from Its Mistakes

praskrishna — 2012-09-17T03:40:07Z

On September 24, 2012, the Centre for Internet & Society in collaboration with the Alternative Law Forum invites the public to a talk with international experts, Helen Wallace from GeneWatch, UK and Jeremy Gruber from the Council for Responsible Genetics in the United States. The meeting will be held at the Centre for Internet & Society office in Bangalore from 5.00 p.m. to 7.30 p.m.

The UK National DNA Database was the first to be established, in 1995, and is the largest per capita in the world. A major DNA expansion programme began in 2000 but is now being rolled back by the implementation of a new Protection of Freedoms Act, following a judgment against the UK government by the European Court of Rights. The lessons for the UK experience for the DNA Bill in India will be discussed, including the need for safeguards to protect privacy and rights, maintain public trust in police use of DNA, and prevent miscarriages of justice.

Dr. Helen Wallace

Dr. Helen Wallace is Director of GeneWatch UK, a not-for-profit organisation which aims to engage members of the public in ensuring that genetic science and technologies are used in the public interest. She is the author of numerous articles and book chapters on the social and ethical issues raised by DNA databases and is widely quoted in the UK press. Helen provided expert evidence to the applicants in the case of S. and Marper v. the UK at the European Court of Human Rights, in which the Court ruled unanimously that the indefinite retention of innocent people's DNA database records was in breach of the European Convention on Human Rights. She has supplied both oral and written evidence on this issue to numerous parliamentary committees including the Scottish Parliament’s Justice Committee and the UK Science and Technology, Home Affairs and Constitutional Committees, as well as the scrutiny committee for the Protection of Freedoms Act, 2012. This new Act requires the removal of about a million innocent people's records from the UK National DNA Database and the destruction of all stored biological samples.

Jeremy Gruber

Jeremy Gruber is the President and Executive Director of Council for Responsible Genetics. Jeremy joined CRG in March 2009. Previously he served as the legal director of the National Workrights Institute, a human rights organization dedicated to the rights of American workers. Prior to that he served as the field director for the ACLU’s National Taskforce on Civil Liberties in the Workplace. Jeremy has worked for over a decade on genetic non-discrimination legislation at the state and Federal level. He helped author and pass numerous state laws on genetic non-discrimination. Jeremy is a founder and executive committee member of the Coalition for Genetic Fairness, a group of 500 organizations that advocated for genetic non-discrimination legislation on Capitol Hill and played a major role in the recently passed Genetic Information Non-Discrimination Act (GINA) by Congress. He worked closely with members of Congress and staff on GINA language as well as strategy and support. He is a prolific writer on privacy issues and is often consulted by state legislatures. He is regularly featured in print, radio and television. Jeremy holds a Juris Doctor (J.D.) from St. John’s University School of Law and a B.A. in Politics from Brandeis University.

Overview and Concerns Regarding the Indian Draft DNA Profiling Act

Forensic DNA: A Human Rights Challenge

The above video was originally posted in YouTube

For more details visit https://cis-india.org/internet-governance/uk-dna-database-and-european-court-of-human-rights-lessons-that-india-can-learn-from-mistakes

Sixth Meeting of the two Sub-Groups on Privacy Issues under the Chairmanship of Justice AP Shah

praskrishna — 2012-08-23T09:48:55Z

The sixth meeting of the two sub-groups on privacy issues will be held on August 31, 2012 at 10.00 a.m. in Committee Room No. 228, Yojana Bhawan, Sansad Marg, New Delhi under the chairmanship of Justice AP Shah, former chief justice of Delhi High Court.

No. M-13040/43/2012-CIT&I (Pt. File)
Government of India
Planning Commission
(CIT&I Division)

Yojana Bhawan, Sansad Marg,
New Delhi, dated the 23rd August, 2012

Meeting Notice

Subject: Meeting of the Group of Experts on Privacy Issues to be held on 31st August, 2012 under the Chairmanship of Justice A.P. Shah, former Chief Justice of Delhi High Court.

The meeting of the Group of Experts on Privacy Issues under the Chairmanship of Justice A.P. Shah, former Chief Justice of Delhi High Court is scheduled to be held on 31st August, 2012, at 10.00 AM in the Committee Room No. 228, Yojana Bhawan, Sansad Marg, New Delhi - 110001.

The agenda of the meeting is to discuss and finalize the draft report prepared on the basis of the recommendations of the two Sub-Groups of the Expert Group (Copy enclosed).

You are requested to kindly make it convenient to attend the meeting.

(S. Bose)
Deputy Secretary (CIT&I)

Through e-mail to:

Justice A.P. Shah, Chairman
Shri R. S. Sharma, D.G., UIDAI
Dr. Gulshan Rai, D.G. CERT-In, DeITy
Shri Manoj Joshi, J.S. DOPT
Shri R. Ragupathi,Additional Secretary, Department of Legal Affairs
Shri Som Mittal, Nasscom
Ms. Barkha Dutt, NDTV
Ms. Usha Ramanathan
Shri Sunil Abraham, CIS
Dr. Kamlesh Bajaj
Ms. Mala Dutt
Shri R.K. Gupta

Copy for information to:
Dr. C.M. Kumar, Sr. Adviser (CIT&I)
PS to MOS (Planning, S&T and Earth Sciences)

(S. Bose)
Deputy Secretary (CIT&I)

For more details visit https://cis-india.org/news/sixth-meeting-of-sub-groups-on-privacy-issues

Role of the US Tech Companies in Government Surveillance: A Lecture by Christopher Soghoian

praskrishna — 2012-08-26T11:03:19Z

Christopher Soghoian will deliver a lecture on the role US tech companies play in assisting government surveillance at the Centre for Internet & Society office in Bangalore on August 27, 2012, from 5.00 p.m. to 7.00 p.m.

Your internet, phone and web application providers are all, for the most part, in bed with US and other foreign government agencies. They all routinely disclose their customers' communications and other private data to law enforcement and intelligence agencies. Worse, firms like Google and Microsoft specifically log data in order to assist the government. How many government requests does your ISP get for its customers' communications each year? How many do they comply with? How many do they fight? How much do they charge for the surveillance assistance they provide? Who knows? Most companies have a strict policy of not discussing such topics.

The differences in the privacy practices of the major players in the telecommunications and internet applications market are significant. Some firms retain identifying data for years, while others retain no data at all; some voluntarily provide the government access to user data, while other companies refuse to voluntarily disclose data without a court order; some companies charge government agencies when they request user data, while others disclose it for free. For an individual, later investigated by the police or intelligence services, the data retention practices adopted by their phone company or email provider can significantly impact their freedom.

Unfortunately, although many companies claim to care about end-user privacy, and some even that they compete on their privacy features, none seem to be willing to compete on the extent to which they assist or resist the government in its surveillance activities. Because information about each firms' practices is not publicly known, consumers cannot vote with their wallets, and pick service providers that best protect their privacy.

This talk will pierce the veil of secrecy surrounding these practices. Based upon a combination of Freedom of Information Act requests, off the record conversations with industry lawyers, and investigative journalism, the practices of many of these firms will be revealed.

Christopher's Personal Experience

In the year 2006, the Federal Bureau of Investigation (FBI) raided Christopher’s home at 2.00 a.m. seizing his personal documents and computers. Two attorneys, Stephen Braga and Jennifer Granick came to his defence. With their expert assistance, Christopher was able to get back his possessions within three weeks, and FBI’s criminal and TSA’s civil investigations were closed without any charges being filed.

Jennifer Granick came to Christopher’s assistance once again (joined by Steve Leckar) in 2010 after the Federal Trade Commission’s Inspector General investigated Christopher for using his government badge to attend a closed-door surveillance industry conference. It was at that event that Christopher recorded an executive from wireless carrier ‘Sprint’ bragging about the eight million times his company had obtained GPS data on its customers for law enforcement agencies in the previous years.

To know more, read Christopher Soghoian’s dissertation titled "The Spies We Trust: Third Party Service Providers and Law Enforcement Surveillance". [PDF, 1056 Kb]

About Christopher Soghoian

Christopher Soghoian is a privacy researcher and activist, working at the intersection of technology, law and policy. He is a Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union and is based in Washington, D.C.

Soghoian completed his Ph.D. at Indiana University in 2012, which focused on the role that third party service providers play in facilitating law enforcement surveillance of their customers. In order to gather data, he has made extensive use of the Freedom of Information Act, sued the Department of Justice pro se, and used several other investigative research methods. His research has appeared in publications including the Berkeley Technology Law Journal and been cited by several federal courts, including the Ninth Circuit Court of Appeals.

Between the years, 2009-2010, he was the first ever in-house technologist at the Federal Trade Commission's Division of Privacy and Identity Protection, where he worked on investigations of Facebook, Twitter, MySpace and Netflix. Prior to joining the FTC, he co-created the Do Not Track privacy anti-tracking mechanism now adopted by all of the major web browsers.

He is a TEDGlobal 2012 Fellow, was an Open Society Foundations Fellow between the years, 2011-2012, and was a Student Fellow at the Berkman Center for Internet & Society, Harvard University between 2008 and 2009.

For more details visit https://cis-india.org/internet-governance/role-of-us-tech-companies-in-govt-surveillance

Fifth Meeting of the two Sub-Groups on Privacy Issues under the Chairmanship of Justice AP Shah

praskrishna — 2012-08-07T10:11:25Z

The fifth meeting of the two sub-groups on privacy issues will be held on July 22, 2012 under the chairmanship of Justice AP Shah, former chief justice of Delhi High Court.

The next meeting of the two Sub-Groups (5th Meeting) on privacy issues under the Chairmanship of Justice A.P. Shah, former Chief Justice of Delhi High Court is scheduled to be held on July 22, 2012 at 11.00 a.m. This was announced vide notice No. M-13040/47/2011-CIT&I, dated the 10th June, 2012.

A copy of the notice was sent to the following individuals:

Justice AP Shah, Chairman
Dr. Kamlesh Bajaj
Usha Ramanathan
Sunil Abraham
Prashant Reddy
Prof. Arghya Sengupta
Shri Som Mittal
Shri Gulshan Rai
Mala Dutt

For more details visit https://cis-india.org/news/fifth-meeting-of-two-sub-groups-on-privacy

Privacy Matters — Medical Privacy

natasha — 2012-07-10T13:41:26Z

On June 30, 2012, Privacy India in partnership with the Indian Network for People living with HIV/AIDS, Centre for Internet & Society, IDRC, Society in Action Group, with support from London-based Privacy International, held a public discussion on "Medical Privacy" at the Yashwantrao Chavan Academy of Development Administration.

The conversation brought together a cross section of citizens, lawyers, activists, researchers, academia and students.

	Prashant Iyengar, Assistant Professor, Jindal Law University, opened the conference with an explanation of Privacy India’s mandate to raise awareness, spark civil action and promote democratic dialogue around privacy challenges and violations in India. He summarized the series of ten consultations previously organized across India: Identity & Privacy, Kolkata, January 23, 2011 Internet & Privacy, Bangalore, February 5, 2011 National Security & Privacy, Ahmedabad, March 26, 2011 Transparency & Privacy, Guwahati, June 23, 2011 Telecommunication & Privacy, Chennai, August 6, 2011 Analyzing the Right to Privacy Bill, Mumbai, January 21, 2012 The High Level Privacy Conclave, New Delhi, February 3, 2012 The All India Privacy Symposium, New Delhi, February 4, 2012 Freedom of Expression & Privacy, Goa, June 2, 2012 Securing e-Governance, Ahmedabad, June 16, 2012

Prashant Iyengar, Assistant Professor, Jindal Law University, opened the conference with an explanation of Privacy India’s mandate to raise awareness, spark civil action and promote democratic dialogue around privacy challenges and violations in India. He summarized the series of ten consultations previously organized across India:

Identity & Privacy, Kolkata, January 23, 2011
Internet & Privacy, Bangalore, February 5, 2011
National Security & Privacy, Ahmedabad, March 26, 2011
Transparency & Privacy, Guwahati, June 23, 2011
Telecommunication & Privacy, Chennai, August 6, 2011
Analyzing the Right to Privacy Bill, Mumbai, January 21, 2012
The High Level Privacy Conclave, New Delhi, February 3, 2012
The All India Privacy Symposium, New Delhi, February 4, 2012
Freedom of Expression & Privacy, Goa, June 2, 2012
Securing e-Governance, Ahmedabad, June 16, 2012

Elonnai Hickok, a member of Privacy India, introduced the draft book Privacy in India: A Policy Guide that Privacy India has been compiling. Focusing on the draft chapter, Medical Privacy, she provided examples of legislation and policy containing safeguards to privacy such as Medical Council of India's Code of Ethics Regulations 2002, and pointed out legislation with missing safeguards such as in the Mental Health Act of 1987. Additionally, she gave many examples of projects being implemented in India that impact health privacy including Save the Baby Girl Project, the Mother and Child Tracking System, the UID, and a cloud based system known as Health Hiway.

Elonnai Hickok, a member of Privacy India, introduced the draft book Privacy in India: A Policy Guide that Privacy India has been compiling. Focusing on the draft chapter, Medical Privacy, she provided examples of legislation and policy containing safeguards to privacy such as Medical Council of India's Code of Ethics Regulations 2002, and pointed out legislation with missing safeguards such as in the Mental Health Act of 1987. Additionally, she gave many examples of projects being implemented in India that impact health privacy including Save the Baby Girl Project, the Mother and Child Tracking System, the UID, and a cloud based system known as Health Hiway.

Medical Privacy in India

	Dr. Dharmesh Lal, MBBS, DHA, MD, DNB, DVLDP, Officiating Dean, IIHMR, Delhi, discussed the correlation between medical privacy and confidentiality. Medical Privacy involves the confidentiality of patient-provider encounters, along with the secrecy and security of information memorialized in physical, electronic and graphic records created as a consequence of patient-provider encounters. Confidentiality involves restricting information to persons belonging to a set of specifically authorized recipients.

Dr. Dharmesh Lal, MBBS, DHA, MD, DNB, DVLDP, Officiating Dean, IIHMR, Delhi, discussed the correlation between medical privacy and confidentiality. Medical Privacy involves the confidentiality of patient-provider encounters, along with the secrecy and security of information memorialized in physical, electronic and graphic records created as a consequence of patient-provider encounters. Confidentiality involves restricting information to persons belonging to a set of specifically authorized recipients.

He went on to explain that limited financial resources in public hospitals often preclude the separate examination of one patient at a time. “In Government hospitals, large numbers of patients congregate in the doctors office,” he says. Privacy is also related to a patient's financial status and decreases as one goes down the socio-economic ladder.

Additionally, he described the privacy concerns that arise due to infrastructural constraints. India's healthcare infrastructure has not kept up with the development of government health initiatives. For examples, the Janani Suraksha Yojana (JSY) initiative was launched in 2005, under the National Rural Health Mission (NRHM). JSY was implemented with the objective of reducing maternal and neo-natal mortality by promoting institutional delivery among the Poor Pregnant Woman. Financial incentives were provided to mothers. There was a phenomenal increase of institutional delivery. However, there was no proportional increase in infrastructure.

He called for a change in medical education, administration and management, stating, “Privacy protection has to be established as a core value that connects organizational culture. Alarmingly, medical curriculum in India does not have formal component on medical privacy, significant curriculum reforms in undergraduate medical teaching is necessary.

Medical Privacy- Legal Aspects

Mr. Pandit, Advocate, Pandit law Office, discussed the Hippocratic oath, which includes the duty of the caregiver to ‘keep secret’ and ‘never reveal’ ‘all that may come to my knowledge’. In other words, right to medical privacy has to be balanced with right to healthy life of another whose right will be affected unless such information is disclosed to her/him. He described the code of conduct prescribed by Indian Medical Council to its members, as a guideline to be followed is intended to preserve protect and uphold dignity of profession. Physicians should merit the confidence of patients entrusted to their care, rendering to each a full measure of service & devotion.

Mr. Pandit, Advocate, Pandit law Office, discussed the Hippocratic oath, which includes the duty of the caregiver to ‘keep secret’ and ‘never reveal’ ‘all that may come to my knowledge’. In other words, right to medical privacy has to be balanced with right to healthy life of another whose right will be affected unless such information is disclosed to her/him.

He described the code of conduct prescribed by Indian Medical Council to its members, as a guideline to be followed is intended to preserve protect and uphold dignity of profession. Physicians should merit the confidence of patients entrusted to their care, rendering to each a full measure of service & devotion.

Referring to the Dr.Tokugha Yepthomi Vs Appollo Hospital Enterprises Ltd & Anr. III case, he described the Supreme Court’s verdict on the ‘Right to Life’.

The “Right to life” would positively include the right to be told that a person, with whom she was proposed to be married, was a victim of deadly disease, which was sexually communicable, since right of life includes right to lead a healthy life. Moreover where there is a clash of two fundamental rights, The RIGHT which would advance the public morality or public interest, would alone be enforced through the process of Court.

He concluded by asserting that there is considerable force in the argument that there is a need for a comprehensive legislation to protect the interest of poor patients and ordinary citizens who cannot afford to initiate a protracted legal battle to protect their medical privacy.

Supreme Court views on Medical Negligence

	Professor K. Elumalai, Director, School of law, IGNOU, provided numerous Supreme Court verdicts on medical negligence cases. He summarized the cases and discussed their salient features. He discussed the manner in which a Medical professional can be prosecuted for medical negligence under criminal law. It must be shown that the accused did something or failed to do something which in the given facts and circumstances, no medical professional in his ordinary senses and prudence would have done or failed to do.

Professor K. Elumalai, Director, School of law, IGNOU, provided numerous Supreme Court verdicts on medical negligence cases. He summarized the cases and discussed their salient features. He discussed the manner in which a Medical professional can be prosecuted for medical negligence under criminal law. It must be shown that the accused did something or failed to do something which in the given facts and circumstances, no medical professional in his ordinary senses and prudence would have done or failed to do.

Confidentiality and privacy in medical Settigs vis-a-vis PLHIV

Ms. Nitu Sanadhya, Senior Legal Officer, Lawyers Collective, HIV/ AIDS Unit, stressed the importance of a rights-based approach and integrationist legal response to the HIV epidemic. When legislations or policies discriminate or isolate persons living with HIV, for example, through mandatory testing and breach of confidentiality, it drives the epidemic underground.

In India, there is no comprehensive law on HIV. In 2007, the National Aids Control Organization (NACO) released the Operational Guidelines for Integrated Counseling and Testing Centres. She described the salient features of the guideline especially focusing on the privacy provisions. She described the various situations that permit a health practitioner to disclose the HIV status of a patient to a partner and/ or third party. Discriminatory practices that arise out of a breach or confidentiality or privacy violation include stigmatization, denial of access to treatment, loss of employment, etc.

In India, there is no comprehensive law on HIV. In 2007, the National Aids Control Organization (NACO) released the Operational Guidelines for Integrated Counseling and Testing Centres. She described the salient features of the guideline especially focusing on the privacy provisions. She described the various situations that permit a health practitioner to disclose the HIV status of a patient to a partner and/ or third party.

Discriminatory practices that arise out of a breach or confidentiality or privacy violation include stigmatization, denial of access to treatment, loss of employment, etc.

Under the RTI Act, A person’s HIV status is confidential and is protected in law and can only be disclosed to a third person in limited circumstances. The RTI Act specifically exempts the disclosure of personal information which is not of public interest; information which would cause an unwarranted invasion of privacy; and information which has been received in a fiduciary capacity. Therefore, The RTI Act 2005 cannot be used to obtain a person’s HIV report.

Privacy in Practice

	Dr. Anand Philip, Personal Physician at NationWide Primary Healthcare Service Pvt. Ltd., drew from his personal experiences. During his presentation he emphasized how privacy is important, but it is clear that privacy does not happen the way it is theorized by. In fact there are many dichotomies in what we believe privacy is and how it is used. He pointed out that we often take for granted why privacy matters and where it comes from. He discussed how without patient autonomy and patient dignity, privacy cannot

Dr. Anand Philip, Personal Physician at NationWide Primary Healthcare Service Pvt. Ltd., drew from his personal experiences. During his presentation he emphasized how privacy is important, but it is clear that privacy does not happen the way it is theorized by. In fact there are many dichotomies in what we believe privacy is and how it is used. He pointed out that we often take for granted why privacy matters and where it comes from. He discussed how without patient autonomy and patient dignity, privacy cannot

be upheld. Yet, one sees a constant breach of people’s dignities in the medical system. Some people rationalize this violation of dignity by explaining that in India, doctors are used to people who have nothing and thus, dignity is not important. Yet, he argued, dignity is something that is inherent. The lack of dignity practiced in India's medical system shows a problem with how we are trained. Giving an example of how dignity is breached in India, Dr. Philip referred to two people being treated on the same table. He pointed out that the physical aspects of privacy are non-existent. For example, the WHO recommends five feet between beds, but typically two or three feet exist between hospital beds. Furthermore, there are often no curtains in hospitals. He then moved from physical privacy to information physical. In a hospital information flows in all directions, it is not a controlled environment and the patient does not choose who sees his/her information – the hospital decided. Dr. Philip then talked about training. The health care system encompasses a larger team of people from doctors to sweepers. Training is only given to clinical staff. Thus other aspects such as the Indian culture, infrastructure, and training all impact how privacy is carried out in the medical field. In conclusion Dr. Philip re-stated that privacy is a byproduct of autonomy and dignity. He noted that offering a patient dignity was a critical step that must be taken by service providers. Closing his presentation, he challenged the audience with the following questions: Considering how autonomy is not important, how do we reach people with the idea? Since physical privacy is key to other forms of privacy, how do we take it more seriously? What can we do about the medical team's approach to privacy?

Best Practices of Medical Privacy in Various Health Settings

	Sriram Lakshmanan, Head Information Security, UnitedHealth Group Information Systems, spoke about the US health-care market touching on medicare, medicaid, employer-sponsored insurance, and individual insurance plans. He also commented on the EU regime pointing out that most of the laws in the EU have a long list of identifiers indicating when your information counts as being compromised. Canada PIPEDA, is very strict and protects health privacy. In his opinion, the IT Act caters to many aspects of privacy. He also touched upon the eight OECD Privacy Principles and

Sriram Lakshmanan, Head Information Security, UnitedHealth Group Information Systems, spoke about the US health-care market touching on medicare, medicaid, employer-sponsored insurance, and individual insurance plans. He also commented on the EU regime pointing out that most of the laws in the EU have a long list of identifiers indicating when your information counts as being compromised. Canada PIPEDA, is very strict and protects health privacy. In his opinion, the IT Act caters to many aspects of privacy. He also touched upon the eight OECD Privacy Principles and

how they can be adopted for the Indian scenario. A few of the principles included collection limitation principle, data quality principle, purpose specification principle, use limitation principle. For example, if health information for treating malaria is collected, than that information should only be used for that purpose. Closing his presentation, he noted that most of the technologies that we use today for health run on IT, and thus can be used to compromise individual or hospital wide information.

Epidemics and Privacy

Dr. Rajib Dasgupta, Assistant Professor, Center of Social Medicine and Community Heath at Jawaharlal Nehru University, examined conflicts of issues of privacy, confidentiality and the role of the state in the context of epidemics and the provisions within the Epidemic Diseases Act. Epidemics are population-level events in contrast to illnesses that only involve individuals; therein lies the uniqueness of the intersection between medical privacy and public health ethics. The state has unique responsibilities to detect, diagnose, manage and control epidemics. This has local/regional and international ramifications. Also linked to these are limits to the powers, rights of individuals and the extent to which such rights may need to be suspended.

Dr. Rajib Dasgupta, Assistant Professor, Center of Social Medicine and Community Heath at Jawaharlal Nehru University, examined conflicts of issues of privacy, confidentiality and the role of the state in the context of epidemics and the provisions within the Epidemic Diseases Act. Epidemics are population-level events in contrast to illnesses that only involve individuals; therein lies the uniqueness of the intersection between medical privacy and public health ethics. The state has unique responsibilities to detect, diagnose, manage and control epidemics. This has local/regional and international ramifications. Also linked to these are limits to the powers, rights of individuals and the extent to which such rights may need to be suspended.

The exercise of actions within the Act is not necessarily bereft of infringement of privacy and overt discrimination. Certain diseases, as indeed limitations imposed by the state, have elements of stigma that further confound the fuzziness of this debate.

When an epidemic occurs, the need for privacy in the mind of the individual goes down, as they are concerned solely with receiving treatment. He also pointed out that there are contradictory elements during epidemics. For instance an area might not want to be named as having an outbreak of a disease, but at the same time individuals will line up outside hospitals for treatment, exposing the fact that they have the disease. He also spoke about how steps taken to address epidemics can invade privacy. For example, during the SARS outbreak, it was the practice to put the patient in an infectious disease hospital. This was invasive to personal privacy as it created stigma and discrimination. Closing his presentation he explained how the conventional notions of privacy do not necessary hold in the case of epidemics because it is an emergency outbreak. Thus, protocol is established on a case-to-case basis. Despite this he believes that it is possible and valuable to protect privacy in cases of epidemics.

HIV/ AIDS and Privacy

	KK Abraham, President of Indian Network for People Living with HIV/AIDS, described how privacy could be understood as a luxury, in some cases it can be understood as a right, and in other cases it is understood of responsibility. Regarding HIV patients, Mr. Abraham emphasized the need for privacy to be understood as a right. Mr. Abraham also pointed out that as trends are changing in India, and more services are becoming available, that this is the right time to talk about privacy. Closing his presentation Mr. Abraham called for a greater understanding of patients' privacy needs and the negative effect of stigma.

KK Abraham, President of Indian Network for People Living with HIV/AIDS, described how privacy could be understood as a luxury, in some cases it can be understood as a right, and in other cases it is understood of responsibility. Regarding HIV patients, Mr. Abraham emphasized the need for privacy to be understood as a right. Mr. Abraham also pointed out that as trends are changing in India, and more services are becoming available, that this is the right time to talk about privacy. Closing his presentation Mr. Abraham called for a greater understanding of patients' privacy needs and the negative effect of stigma.

HIPPA with reference to Applicability to Patient Privacy and Clinical Data Confidentiality in India

Dr. Lavanian Dorairaj, MD, CEO at HCIT Consultants, described how IT is a powerful tool for health care, despite the fact that health care has been hesitant to use IT. He explained that IT can help reduce errors in health care; it can help increase accessibility of patient data, improve diagnosis, treatment, and prognosis. Healthcare IT has great advantages but needs to be handled with great responsibility. He also pointed out that IT can lead to privacy violations if inappropriate access to patient records takes place. He argued that though India has recognized the need for privacy, it still needs to find a way to implement privacy protections and police the implementation of the guidelines. Drawing on examples from HIPPA, he argued that India would benefit from establishing privacy standards and security standards for health information. He explained further that HIPPA is a flexible rule, which obligates relevant entities to comply. The Rule is designed to be flexible. Entities regulated by the rules are obligated to comply.

Dr. Lavanian Dorairaj, MD, CEO at HCIT Consultants, described how IT is a powerful tool for health care, despite the fact that health care has been hesitant to use IT. He explained that IT can help reduce errors in health care; it can help increase accessibility of patient data, improve diagnosis, treatment, and prognosis. Healthcare IT has great advantages but needs to be handled with great responsibility. He also pointed out that IT can lead to privacy violations if inappropriate access to patient records takes place. He argued that though India has recognized the need for privacy, it still needs to find a way to implement privacy protections and police the implementation of the guidelines. Drawing on examples from HIPPA, he argued that India would benefit from establishing privacy standards and security standards for health information. He explained further that HIPPA is a flexible rule, which obligates relevant entities to comply. The Rule is designed to be flexible. Entities regulated by the rules are obligated to comply.

Presentations

Click to download the presentation files. [Zip files, 2184 Kb]

For more details visit https://cis-india.org/internet-governance/blog/medical-privacy-conference-report

Fourth Meeting of the two Sub-Groups on Privacy Issues under the Chairmanship of Justice AP Shah

praskrishna — 2012-08-07T10:12:41Z

The next meeting of the two Sub-Groups (4th meeting) on privacy issues under the Chairmanship of Justice A.P. Shah, former Chief Justice of Delhi High Court is scheduled to be held on July 9, 2012 at 11.00 a.m. in Committee Room No. 228, Yojana Bhawan, Planning Commission, New Delhi.

Members of both the Sub-Groups are requested to send their final drafts as decided in the meeting held on June 27, 2012, by July 4, 2012 so that these could be circulated for obtaining feedback and for discussions/deliberations on July 9, 2012.

The above information was communicated by Shri S. Bose, Under Secretary, (CIT & I) to the following individuals:

Justice A.P. Shah, Chairman
Dr. Kamlesh Bajaj
Ms. Usha Ramanathan
Shri Sunil Abraham/Shri Pranesh Prakash
Prashant Reddy
Prof. Arghya Sengupta (requested to join the meeting on skype. Exact time for coming online will be communicated separately)
Shri Som Mittal
Shri Gulshan Rai
Ms. Mala Dutt

A copy of this information was sent to the following individuals:

Dr. C.M. Kumar, Sr, Adviser (CIT&I)

Shri R.K. Gupta, Adviser (CIT&I)

Shri Ramesh Kumar, Director (CIT&I)

For more details visit https://cis-india.org/news/fourth-meeting-of-sub-groups-on-privacy-issues

India Privacy Meet

praskrishna — 2012-07-02T10:48:54Z

Microsoft, DSCI and Greyhead came together to organise India Privacy Meet at Hotel LeMeridien on June 29, 2012 in New Delhi. Sunil Abraham was a panelist in the event.

Agenda

10:00a.m.- 10:10a.m.	Welcome and Introduction: Rahul Neel Mani, Editor & Co-founder Grey Head Media
10:10a.m.- 10:30a.m.	Conference Opening Remarks: Dr. Kamlesh Bajaj, CEO Data Security Council of India
10:30a.m.- 10:45a.m.	Theme Address: Deepak Rout, CSO & Director Privacy, Microsoft India
10:45a.m.- 11:00a.m.	Tea/Coffee Break
11:00a.m.- 12:00p.m.	Panel 1: Consumer Privacy – Creating the Right Balance

Brief: Data Privacy is perhaps the most concerning issue in the digital age. Consumer privacy or customer privacy, involves the handling and protection of sensitive personal information that individuals provide in the course of everyday commercial or professional transactions. This involves exchange or use of data electronically or by other means, including telephone, fax, writing, and word of mouth. With the advent and evolution of Internet and other electronic methods of mass communications, consumer privacy has become a major concern to deal with. Personal information, when misused or inadequately protected, can result in identity theft, financial fraud, and other problems that collectively cost individuals, businesses, and governments. In addition, Internet crimes and civil disputes consume law enforcement and judicial resources, confound legislators and bureaucracy, and produce untold personal aggravation.

Key Discussion Areas:

Handling of Personal Information including Sensitive Personal Information
Customer education on understanding business models and motives behind collection and use of Personal Information?
Privacy legislation and striking the right balance between various objectives
Privacy by design, online tracking, and transparency issues
Role of Government, Academia and Citizen groups

Panelists:

Chair - Dr. Kamlesh Bajaj, CEO, Data Security Council of India (DSCI)
Sivarama Krishnan, Executive Director, PwC India
Pankaj Agarwal, Head of IT Governance & CISO Aircel
Prashant Mali, Advocate & Cyber Law Expert
Deepak Rout, CSO & Director Privacy, Microsoft India
Vishal Jain, Director, Ernst & Young

12:00p.m.- 01:00p.m.	Panel 2: Citizen Privacy Transparency, Accountability and Social Progress

Brief: While citizens are adopting new technologies which are increasingly making it easier to share information more freely and thereby track individuals more easily, they are also demanding more accountability and openness. Experience indicates that having a more informed citizenry improves services, and accelerates innovation; thus the era of copious content has the potential to generate a host of new services and businesses. However, there is a need for greater transparency in the handling of citizen data and its legitimate use in governance and law enforcement. While new age technologies, if inappropriately used, have a potential impact on citizens’ privacy, they also arm us with the capability to protect citizen data and provide opportunities for privacy conscious and transparent usage of such data, provided there is an enabling environment created by informed and responsible privacy legislation.

Key Discussion Areas:

Core objectives for privacy legislation
Role of government in protecting citizen privacy
Citizen awareness of privacy concerns in today’s legal, business and technology landscape
Expectations of government and citizens on policies around usage and collection of personal data and ability to build profiles for being used for different purposes
Model privacy legislation

Panelists:

Chair - Nirmaljeet Singh Kalsi, Jt. Secretary, Ministry of Home Affairs
Na Vijaya Shankar, E-business Consultant & Cyber Law Specialist (Coordinator)
Sunil Abraham, Executive Director, Centre for Internet & Society
Akhilesh Tuteja, Executive Director, KPMG India
A P Singh, DDG, Unique Identification Authority of India (UIDAI)
Kailas Karthikeyan, Regulatory & Pub Policy Manager, Legal and Corp Affairs Microsoft

01:00p.m.- 01:10p.m.	Conference Closing Remarks by Deepak Rout, CSO & Director, Privacy Microsoft India Vote of Thanks
01:15p.m. onwards	Lunch

For more details visit https://cis-india.org/news/india-privacy-meet

How Facebook is Blatantly Abusing our Trust

nishant — 2012-06-28T12:42:32Z

‘Don’t fix it, if it ain’t broken’ is not an adage Facebook seems to subscribe to. Nishant Shah's column on privacy and Facebook was published in First Post on June 27, 2012.

Facebook is just re-emerging from the controversies around how it conducted the voting on its new privacy policies, when it goes and digs itself deeper by trying to push down its email services down the throats of its users. If you have recently logged-in to Facebook, you will have received a notification that says that you have been ‘gifted’ with a free Facebook email account.

However, that is a later phenomenon. A couple of days ago, the whole community of Facebook users went about their usual way, without knowing that something substantial had changed.

Facebook, who launched their email service as a part of their social networking empire, with or without your consent, has given us a ‘yourname@facebook.com’ email account. I know free things are considered good, but not an email account that I did not sign up for!

And to make things worse, this email account was, without our consent, added to our time-line and displayed as the primary email address.

In itself, it is a small move – with the redesign of the Timeline, Facebook had already introduced many such forced disclosures and changes that most of just had to accept, even if it might have had us fuming. However, with this change, Facebook has now started showing exactly what it can do in building your public profile and creating information about you, without your consent.

In their lame PR spiel, the company tried to pass it off as a freebie that they were gifting their users. But anybody who was not born yesterday realises that this is a desperate attempt to make a floundering service work.

Facebook messaging may work despite the clunky user interface, but its email services remain terribly underused. One of the paradoxes for this lies in the fact that you cannot open a Facebook account without a primary email account with another service, which is used as your authentication as well as the system through which Facebook notifications work.

Thus, many times, when introducing Facebook to first-time users of the web, we have to first train them in creating and using an email account before they can get on to the social network.

Hence, when Facebook did offer users the option of using a Facebook email service, most of them politely declined because nobody in their right mind is going to migrate to new a email services unless there was a substantial range of benefits being offered.

So how did Facebook respond? It just forced the email service upon its millions of users. While this is no different from the other kind of restrictions that are imposed upon us within the Facebook universe – the advertisements we see, the design and layout, the insipid white-and-blue background, the kind of information we can and cannot share and display – etc. this is the first time that Facebook actually added to our information profile and displayed it to the public.

Which means, that the next time somebody looks you up on Facebook – and let’s face it, one of the things we all use Facebook for, is to find people we know and get connected with them – they will see your Facebook email id listed as your contact address. And while you might get a notification in your primary email about any mails that you receive in your Facebook account, the fact is that, all those emails will become a part of Facebook’s huge data farms.

In a move that is almost a pale imitation of Google’s growing monopoly over our private information, Facebook seems to be now looking to expand its data empires. However, while Google did it through strategic design and marketing, offering innovations and incentives for its users to use their services, Facebook seems to have decided to build a Trojan horse and sneak these services in through the back door.

While this might not seem a big deal right now, it has deeper repercussions for what this corporate behemoth can do, not only with our data, but also to our data that we think is actually our own.

If your alarm bells aren’t already ringing, they should be, as Facebook demonstrates a blatant abuse of the trust that we have put in its system, to keep our private data safe.

The million dollar question – or maybe a slightly reduced price, given its public listing status on the stock-exchange right now – is that while Facebook might keep us safe from other people using our data, will it also be able to keep us safe from itself?

Read the original here

For more details visit https://cis-india.org/internet-governance/how-facebook-is-blatantly-abusing-our-trust

Securing e-Governance

natasha — 2012-06-26T06:45:26Z

On June 16, 2012, Privacy India in partnership with the Centre for Internet & Society, Bangalore, International Development Research Centre, Canada, Privacy International, UK and the Society in Action Group, Gurgaon organised a public discussion on “Securing e-Governance: Ensuring Data Protection and Privacy”, at the Ahmedabad Management Association.

The conversation brought together a cross section of citizens, lawyers, activists, researchers, academia and students.

	Prashant Iyengar, Assistant Professor, Jindal Global Law, opened the conference with an explanation of Privacy India’s mandate to raise awareness, spark civil action and promote democratic dialogue around privacy challenges and violations in India. He summarized the series of eight consultation previously organized across India in Kolkata on January 23, 2011, in Bangalore on February 5, 2011, in Ahmedabad on March 26, 2011, in Guwahati on June 23, 2011, in Chennai on August 6, 2011, in Mumbai on January 21, 2012, in New Delhi on February 3, 2012 and again in New Delhi on February 4, 2012. He described an egregious instance where the State Government of Karnataka, announced a plan to “post on its website all details of (1.51 crore) ration cardholders in the state”, to weed out duplicate ration cards and promote transparency. Details posted on the website would include the “ration card number, category of card (BPL/APL), names and photographs of the head and other members of a family, address, sources of income, LPG gas connection and number of cylinders in village/taluk/district wise.” An official said, “This would also work as a marriage bureau, for instance, a boy can see a photograph of a girl on the website and see whether she suits him”.[1] He described another embarrassing incident, which took place in 2008. Sixteen surveillance cameras were stolen from the Taj Mahal. After they had been replaced, in December 2010, it was reported that all of the CCTVs in the Taj Mahal had stopped working due to a “virus attack” on their computer systems. The district administration and the police department were apparently in disagreement as to who bore the burden of their maintenance.

Prashant Iyengar, Assistant Professor, Jindal Global Law, opened the conference with an explanation of Privacy India’s mandate to raise awareness, spark civil action and promote democratic dialogue around privacy challenges and violations in India. He summarized the series of eight consultation previously organized across India in Kolkata on January 23, 2011, in Bangalore on February 5, 2011, in Ahmedabad on March 26, 2011, in Guwahati on June 23, 2011, in Chennai on August 6, 2011, in Mumbai on January 21, 2012, in New Delhi on February 3, 2012 and again in New Delhi on February 4, 2012.

He described an egregious instance where the State Government of Karnataka, announced a plan to “post on its website all details of (1.51 crore) ration cardholders in the state”, to weed out duplicate ration cards and promote transparency. Details posted on the website would include the “ration card number, category of card (BPL/APL), names and photographs of the head and other members of a family, address, sources of income, LPG gas connection and number of cylinders in village/taluk/district wise.” An official said, “This would also work as a marriage bureau, for instance, a boy can see a photograph of a girl on the website and see whether she suits him”.[1]

He described another embarrassing incident, which took place in 2008. Sixteen surveillance cameras were stolen from the Taj Mahal. After they had been replaced, in December 2010, it was reported that all of the CCTVs in the Taj Mahal had stopped working due to a “virus attack” on their computer systems. The district administration and the police department were apparently in disagreement as to who bore the burden of their maintenance.

Prof. Subhash Bhatnagar, Advisor Center for e-Governance IIM, Ahmedabad, dismissed the notion that privacy is irrelevant in India. A survey on e-governance, of 50,000 people conducted in major cities of India shows that confidentiality and security of data were among the top 3 concerns among 20 choices. He discussed various mission mode projects in the National e-Governance Plan that holds and shares large amounts of data on individuals and business. He referred to his personal experience when enrolling for UID. He noticed that the box concerning consent for sharing of information with third parties was, by default, automatically ticked. When he asked the UID staff, they mentioned that the software does not allow for enrollment to continue if the box is not ticked. He called for increased vigilance among citizens, a phone helpline dedicated to resolution of privacy intrusions and sensitizing designers of e-Governance projects.

Prof. Subhash Bhatnagar, Advisor Center for e-Governance IIM, Ahmedabad, dismissed the notion that privacy is irrelevant in India. A survey on e-governance, of 50,000 people conducted in major cities of India shows that confidentiality and security of data were among the top 3 concerns among 20 choices. He discussed various mission mode projects in the National e-Governance Plan that holds and shares large amounts of data on individuals and business. He referred to his personal experience when enrolling for UID. He noticed that the box concerning consent for sharing of information with third parties was, by default, automatically ticked. When he asked the UID staff, they mentioned that the software does not allow for enrollment to continue if the box is not ticked. He called for increased vigilance among citizens, a phone helpline dedicated to resolution of privacy intrusions and sensitizing designers of e-Governance projects.

	Dr. Nityesh Bhatt, Sr. Associate Prof and Chairperson-Information Management Area, Institute of Management, Nirma University, Ahmedabad, stressed the importance of limiting access of information on a need-to-know basis, which is one of the most fundamental security principles. He described various characteristics of information security management including: planning, policy, programs, protection, people and project management. Lastly, he recommended ‘SETA’ as an essential program, designed to reduce the incidence of accidental security breaches by employees, contractors, consultants, vendors, and business partners. A SETA program consists of three elements: security education, security training, and security awareness. It can improve employee behavior and enables the organization to hold employees accountable for their actions.

Dr. Nityesh Bhatt, Sr. Associate Prof and Chairperson-Information Management Area, Institute of Management, Nirma University, Ahmedabad, stressed the importance of limiting access of information on a need-to-know basis, which is one of the most fundamental security principles. He described various characteristics of information security management including: planning, policy, programs, protection, people and project management. Lastly, he recommended ‘SETA’ as an essential program, designed to reduce the incidence of accidental security breaches by employees, contractors, consultants, vendors, and business partners. A SETA program consists of three elements: security education, security training, and security awareness. It can improve employee behavior and enables the organization to hold employees accountable for their actions.

Dr. Neeta Shah, Director (e-Governance) Gujarat Informatics Limited, described the extent of e-governance initiatives in Gujarat (there are more than 100 e-governance applications running) and its impact. She discussed successful e-governance initiatives that have helped solve critical problems such as the online teacher application process, which accelerates the recruitment process of primary teachers. E-governance applications of various departments ensure security of data and privacy protection through the following measures: Network security (NIPS, Firewalls, content filtering, HIPS, antivirus, etc.) Data security (robust SAN environment with high raid levels to prevent any data loss) Application security (audited by empanelled TPA) DR/BCP provisioning (real-time data is replicated to DR site in case of any physical calamity or damage to resources at primary site, backup exists at remote different seismological locations) When designing e-government projects, the government tends to think about security of the system, but not privacy of the data. Security in the minds of the government is achieved through strengthening infrastructure, but they often overlook the human dynamic.

Dr. Neeta Shah, Director (e-Governance) Gujarat Informatics Limited, described the extent of e-governance initiatives in Gujarat (there are more than 100 e-governance applications running) and its impact. She discussed successful e-governance initiatives that have helped solve critical problems such as the online teacher application process, which accelerates the recruitment process of primary teachers.

E-governance applications of various departments ensure security of data and privacy protection through the following measures:

Network security (NIPS, Firewalls, content filtering, HIPS, antivirus, etc.)
Data security (robust SAN environment with high raid levels to prevent any data loss)
Application security (audited by empanelled TPA)
DR/BCP provisioning (real-time data is replicated to DR site in case of any physical calamity or damage to resources at primary site, backup exists at remote different seismological locations)

When designing e-government projects, the government tends to think about security of the system, but not privacy of the data. Security in the minds of the government is achieved through strengthening infrastructure, but they often overlook the human dynamic.

Gopalkrishnan Devnathan (Kris dev), Co-founder, International Transparency and Accountability Network, described e-Governance as the application of Information and Communication Technology for delivering government services. It involves the integration of various systems and services between Government-to-Citizens, Government-to-Business, Government-to-Government as well as back office processes and interactions within the entire government framework. E-governance initiatives can ensure privacy and security through: Securing data/transaction using Smart Card with triple access control, Card, PIN and Biometrics (multimodal) Mirrored data storage with proper security Indelible audit trail using encrypted flat file Prevent server intrusion and data theft upfront rather than do post-mortem analysis Information on data accessed can be communicated on real time basis using ICT tools Lastly, he identified the usefulness, inhibitions and potential security solutions for the Unique Identification System.

Gopalkrishnan Devnathan (Kris dev), Co-founder, International Transparency and Accountability Network, described e-Governance as the application of Information and Communication Technology for delivering government services. It involves the integration of various systems and services between Government-to-Citizens, Government-to-Business, Government-to-Government as well as back office processes and interactions within the entire government framework. E-governance initiatives can ensure privacy and security through:

Securing data/transaction using Smart Card with triple access control, Card, PIN and Biometrics (multimodal)
Mirrored data storage with proper security
Indelible audit trail using encrypted flat file
Prevent server intrusion and data theft upfront rather than do post-mortem analysis
Information on data accessed can be communicated on real time basis using ICT tools

Lastly, he identified the usefulness, inhibitions and potential security solutions for the Unique Identification System.

	Anindya Kumar Banerjee, Regional Manager- East, CG & MP at Ncomputing Inc., discussed a comparative analysis of e-governance initiatives in India. He analyzed various factors such as ease of use, simplicity of procedures, time savings compared to manual, affordable cost of service and reduction in corruption. He described the difference infrastructural threats of security and privacy in e-Governance.

Anindya Kumar Banerjee, Regional Manager- East, CG & MP at Ncomputing Inc., discussed a comparative analysis of e-governance initiatives in India. He analyzed various factors such as ease of use, simplicity of procedures, time savings compared to manual, affordable cost of service and reduction in corruption. He described the difference infrastructural threats of security and privacy in e-Governance.

Dr. Mrinalini Shah, Professor of Operations Management at Institute of Management Technology, Ghaziabad identified the slow legal system and multiple jurisdiction system as a challenge for privacy and security of data and implementations of suitable access controls and authorization as a helping factor.

Utkarsh Jani, Advocate, Jani Advocates, described the relevant section of the Information Technology Act (ITA) relating to privacy and the political and social challenges surrounding the right to privacy. He discussed the right to privacy vis-à-vis data protection. Though the ITA does enforce a level of data protection, it is far from flawless.

The ITA lacks the following:

The definition and classification of data types.

The nature and protection of the categories of data.

Data controllers and data processors have distinct
Clear restrictions on the manner of data collection.
Clear guidelines on the purposes for which the data can be put and to whom it can be sent.

Standards and technical measures governing the collection, storage, access to, protection, retention and destruction of data.
It does not provide strong safeguard and penalties against the aforesaid breaches.

Sunny Vaghela, Founder and CTO, TechDefence Pvt. Ltd., provided a hacker’s perspective to security and privacy issues in e-governance. Cyber crimes such as privacy violations and data breaches are increasing because of the dependence on complex computer infrastructures. Complex computer infrastructures make systems vulnerable because if one application is hacked, the entire network can be accessed and compromised. He conducted a live demonstration, showing how simple it is to hack into a government website. From his personal experience as an ethical hacker, he stated that government agencies are extremely negligent about the privacy and the security of data. A major concern with e-governance websites is that they not designed with privacy in mind, leaving the personal and private details of citizens vulnerable. He called for full penetration testing and vulnerability assessment of e-governance portals in order to maintain the privacy of citizens and protect government data. Some government websites that were hacked include AMC e-governance (was awarded one best e-governance award in 2010), CBI server and the Income Tax of India server. Lastly, he described the frequent mistakes made by the government in e-Governance projects. The government started using the e-Governance systems in 2003. Typically, three things are a component of the application: the person, the source code and the database, but the security is on the network. Governments work on developing the network to be secure, but they often overlook the application. A solution to this could be the use of high interaction honey pots.

Sunny Vaghela, Founder and CTO, TechDefence Pvt. Ltd., provided a hacker’s perspective to security and privacy issues in e-governance. Cyber crimes such as privacy violations and data breaches are increasing because of the dependence on complex computer infrastructures. Complex computer infrastructures make systems vulnerable because if one application is hacked, the entire network can be accessed and compromised.

He conducted a live demonstration, showing how simple it is to hack into a government website. From his personal experience as an ethical hacker, he stated that government agencies are extremely negligent about the privacy and the security of data. A major concern with e-governance websites is that they not designed with privacy in mind, leaving the personal and private details of citizens vulnerable.

He called for full penetration testing and vulnerability assessment of e-governance portals in order to maintain the privacy of citizens and protect government data. Some government websites that were hacked include AMC e-governance (was awarded one best e-governance award in 2010), CBI server and the Income Tax of India server.

Lastly, he described the frequent mistakes made by the government in e-Governance projects. The government started using the e-Governance systems in 2003. Typically, three things are a component of the application: the person, the source code and the database, but the security is on the network. Governments work on developing the network to be secure, but they often overlook the application. A solution to this could be the use of high interaction honey pots.

	Nisha Thompson, Data Project Manager at Arghyam/ India Water Portal, discussed the increased amount of data generated through e-governance initiatives and its impact. When more data is generated and collected, politics and privacy become intertwined. There can be a conflict between opening up data and privacy thus; one needs to decide on parameters. For example, with regards to privacy and national security, parameters should be in place to determine where privacy ends and the public good starts. In India, this line does not begin with the individual as it does in many contexts. Collective privacy in India is important. She described various online tools that increase transparency and awareness such as: Transparency Chennai, India Governs and I Paid a Bribe. Over the course of the day, participants engaged in lively discussion on various issues such as the objectives and features of e-governance, examples of e-governance projects, and the parameters, problems, loopholes and tensions in e-governance projects. Participants response to privacy concerns have to a large extent focused on the fact that e-Governance is a double-edge sword. E-governance initiatives are an invariable tool for ensuring wider participation and deeper involvement of citizens, institutions, NGOs as well as private firms in the decision making process. However, the political and regulatory environment must be strengthened.

Nisha Thompson, Data Project Manager at Arghyam/ India Water Portal, discussed the increased amount of data generated through e-governance initiatives and its impact. When more data is generated and collected, politics and privacy become intertwined. There can be a conflict between opening up data and privacy thus; one needs to decide on parameters. For example, with regards to privacy and national security, parameters should be in place to determine where privacy ends and the public good starts. In India, this line does not begin with the individual as it does in many contexts. Collective privacy in India is important. She described various online tools that increase transparency and awareness such as: Transparency Chennai, India Governs and I Paid a Bribe.

Over the course of the day, participants engaged in lively discussion on various issues such as the objectives and features of e-governance, examples of e-governance projects, and the parameters, problems, loopholes and tensions in e-governance projects.

Participants response to privacy concerns have to a large extent focused on the fact that e-Governance is a double-edge sword. E-governance initiatives are an invariable tool for ensuring wider participation and deeper involvement of citizens, institutions, NGOs as well as private firms in the decision making process. However, the political and regulatory environment must be strengthened.

About Privacy India

Privacy India was established in 2010 with the objective of raising awareness, sparking civil action and promoting democratic dialogue around privacy challenges and violations in India. One of our goals is to build consensus towards the promulgation of comprehensive privacy legislation in India through consultations with the public, policymakers, legislators and the legal and academic community.

[1] Nagesh Prabhu, A way to check bogus ration cards, THE HINDU, September 18, 2010, http://www.thehindu.com/todays-paper/tp-national/tp-karnataka/article696087.ece (last visited Oct 23, 2011).

Click below to download the following resources:

E-Governance, Identity and Privacy [PDF, 253 Kb]
Event Brochure [PDF, 1618 Kb]

For more details visit https://cis-india.org/internet-governance/securing-e-governance-event-report

Privacy Matters — Consumer Privacy

praskrishna — 2012-07-31T10:55:30Z

Privacy India, in partnership with the Centre for Internet & Society, International Development Research Centre, Society in Action Group and Privacy International, invites you to a public conference focused on discussing the challenges and concerns to consumer privacy in India. The event will be held at the Indian International Centre, New Delhi on Saturday, July 7, 2012, from 9 a.m. to 5 p.m.

According to the Consumer Protection Act, 1986, a consumer is a broad label for any person who buys any goods or services for consideration with the intent of using them for a non-commercial purpose. Certain services that consumers use may, by their very nature, put an extraordinary amount of sensitive personal information into the hands of vendors.

Consumer privacy is concerned with accuracy of how a consumers information is collected and used. Because a consumers relationship with another entity is based on an exchange along consented terms, a breach in consumer privacy can be constituted as an action that was not agreed to. In the age of data collection – a breach in privacy occurs when information is used in different ways than was intended. Consumer privacy in India is determined at the sectoral level, and differs depending on the services that is provided for.

As corporations sell data banks, ISP's expose consumer habits, or ones personal information falls in the wrong hands – the consequences are far reaching, and can result in spamming, unwanted marketing, theft, or the violation can impact an individual's ability to buy a home, potential employment opportunities, or gain access to credit.

In India, the right to privacy has been a neglected area of study and engagement. Although sectoral legislation deals with privacy issues, India does not as yet have a horizontal legislation that deals comprehensively with privacy across all contexts. The absence of a minimum guarantee of privacy is felt most heavily by marginalized communities, including HIV patients, children, women, sexuality minorities, prisoners, etc. - people who most need to know that sensitive information is protected.

Since June 2010, Privacy India in collaboration with Privacy International, based in London, has been conducting workshops and engaging in public awareness. Participants include policy makers, researchers, sectoral experts, NGOs, and the public to discuss and deliberate different questions of privacy, its intersections and its implications with our everyday life. The discussions have ranged from topics of online privacy to minority rights and privacy and e-Governance initiatives privacy. The workshops have been organized in different cities - Bangalore, Guwahati, Mumbai, Delhi, Kolkata, Ahmedabad, Chennai, Goa, etc.

Click here for the agenda

Please confirm your participation with natasha@cis-india.org

Download the invite here [PDF, 160 Kb]

Download our research here [PDF, 178 Kb]

For more details visit https://cis-india.org/internet-governance/consumer-privacy-delhi