Centre for Internet and Society

The Criminal Law Amendment Bill 2013 — Penalising 'Peeping Toms' and Other Privacy Issues

divij — 2013-07-12T12:17:06Z

The pending amendments to the Indian Penal Code, if passed in their current format, would be a huge boost for individual physical privacy by criminalising stalking and sexually-tinted voyeurism and removing the ambiguities in Indian law which threaten the privacy and dignity of individuals.

The author, Divij Joshi is a law student at NLS and is interning with CIS for its privacy project. This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

What is the Criminal Law (Amendment) Bill, 2013? What will it change?
The Criminal Law (Amendment) Bill is a bill which is to be introduced in the Indian Parliament, which will replace the Criminal Law (Amendment) Ordinance, 2013[1] currently in force, and aims at amending the existing provisions in criminal law in order to improve the safety of women. The Bill seeks to make changes to the Indian Penal Code, the Code of Criminal Procedure, and the Indian Evidence Act. The Bill will introduce unprecedented provisions in the Indian Penal Code which would criminalise sexual voyeurism and stalking and would amend legal provisions to protect the privacy of individuals, such as discontinuing the practice of examination of the sexual history of the victim of a sexual assault for evidence. With instances of threats to individual privacy on the rise in India, [2] it is high time that the criminal law expands its scope to deal with offences which violate physical privacy.

What threats to privacy will the Act address?
The Act will address the following violations of physical privacy:

Stalking
Draft provision: The ordinance introduces the offence of stalking under Section 345D of the Indian Penal Code, and makes it punishable by imprisonment of not less than one year, which may extend to three years, and a fine. The provision prescribes that ‘Whoever follows a person and contacts, or attempts to contact such person to foster personal interaction repeatedly, despite a clear indication of disinterest by such person, or whoever monitors the use by a person of the internet, email or any other form of electronic communication, or watches or spies on a person in a manner that results in a fear of violence or serious alarm or distress in the mind of such person, or interferes with the mental peace of such person.’ Hence, under the new law, constant, unwanted interaction of any one person with another, for any reason, can be made punishable, if the actions results in fear of violence or distress in any person, or interferes with their mental peace.

Current law and need for amendment: Stalking is generally characterized by unwanted and obsessive harassment or persecution of one person by another. Stalking can be a physical act such as constantly following a person, or can be done through electronic means — usually the internet (known as cyberstalking). Stalking may or may not be an act which physically threatens the security of an individual; however, it can cause mental trauma and fear to the person being stalked. Stalking is a blatant intrusion into an individual’s privacy, where the stalker attempts to establish relationships with their victim which the victim does not consent to and is not comfortable with. The stalker also intrudes into the victim’s private life by collecting or attempting to collect personal information the victim may not want to disclose, such as phone numbers or addresses, and misusing it. If the stalker is left undeterred to continue such actions, it can even lead to a threat to the safety of the victim. Cyber-stalking is a phenomenon which can prove to be even more invasive and detrimental to privacy, as most cyber-stalkers attempt to gain access to private information of the victims so that they can misuse it. Stalking, in any form, degrades the privacy of the victim by taking away their choice to use their personal information in ways they deem fit. [3] Recognizing stalking as an offence would not only protect the physical privacy rights of the victims, but also nip potentially violent crimes in the bud.

Many nations including Australia, the United States of America and Japan have penal provisions which criminalise stalking. [4] In India however, there is no appropriate response to stalking as an offence — either in its physical or electronic forms. The Information Technology Act, the legislation purported to deal with instances of cyber-crimes, overlooks instances of breach of online privacy and stalking which does not lead to publication of obscene images or other obvious manifestations of physical or mental threat. The general provision under which victims of stalking can file complaints is Section 509 of the Indian Penal Code (IPC), which states that — ‘Whoever, intending to insult the modesty of any woman, utters any word, makes any sound or gesture, or exhibits any object, intending that such word or sound shall be heard, or that such gesture or object shall be seen, by such woman, or intrudes upon the privacy of such woman, shall be punished with simple imprisonment for a term which may extend to one year, or with fine, or with both.’There are several problems with using this section as a response to stalking. Without a particular definition of what comes under the scope of ‘intrusion of privacy’ under this section, there is reluctance both for the victim to approach the police and for the police to file the complaint. Usually the offence is coupled with some other form of harassment or violence, and the breach of privacy and trauma is not considered as a separate offence. For example, if a person is continuously following or trying to contact you without your consent or approval, but does not physically threaten or insult you, there is no protection in law against such a person. Hence, as pointed out, there is a need to recognize the breach of privacy as a separate ground of offence, notwithstanding other physical or mental grounds. Secondly, the provisions of this section require the criminal to have the ‘intent of insulting the modesty of a woman’. Aside from the difficulties in adjudging the ‘modesty’ of a woman, the provision limits the scope of harassment to only that which intends to insult the modesty of a woman and excludes any other intention as criminal behaviour. The present law amends these problems by disregarding the reason or intent for the behaviour, and by clearly defining the elements of the offence and making stalking as a stand-alone, punishable offence.

Sexual Voyeurism

Draft provision: The Act will add Section 345D to the Indian Penal Code, which reads as follows — ‘Whoever watches, or captures the image of, a woman engaging in a private act in circumstances where she would usually have the expectation of not being observed either by the perpetrator or by any other person at the behest of the perpetrator shall be punished on first conviction with imprisonment of either description for a term which shall not be less than one year, but which may extend to three years, and shall also be liable to fine, and be punished on a second or subsequent conviction, with imprisonment of either description for a term which shall not be less than three years, but which may extend to seven years, and shall also be liable to fine.

Explanation 1.–– For the purposes of this section, “private act” includes an act carried out in a place which, in the circumstances, would reasonably be expected to provide privacy, and where the victim's genitals, buttocks or breasts are exposed or covered only in underwear; or the victim is using a lavatory; or the person is doing a sexual act that is not of a kind ordinarily done in public.

Explanation 2.–– Where the victim consents to the capture of images or any act, but not to their dissemination to third persons and where such image or act is disseminated, such dissemination shall be considered an offence under this section.’

The provision seeks to protect victims of voyeurism, who have been watched, or recorded, without their consent and under circumstances where the victim could reasonably expect privacy, and where the victim’s genitals, buttocks or breasts have been exposed. A reasonable expectation of privacy means that in the circumstances, whether in a public or a private place, the victim has a reasonable expectation that she is not being observed engaging in private acts such as disrobing or sexual acts. The test of reasonable expectation of privacy can be derived from similar provisions in voyeurism laws across the world, and also section 66E of the Information Technology Act.[5] It is particularly important because voyeurism does not necessarily take place in private places like the victims home, but also in public spaces where there is generally an expectation that exposed parts of one’s body are not viewed by anyone.

Current law and need for amendment: A ‘voyeur’ is generally defined as "a person who derives sexual gratification from the covert observation of others as they undress or engage in sexual activities." [6] Voyeurism is the act of a person who, usually for sexual gratification, observes, captures or distributes the images of another person without their consent or knowledge. With the development in video and image capturing technologies, observation of individuals engaged in private acts in both public and private places, through surreptitious means, has become both easier and more common. Cameras or viewing holes may be placed in changing rooms or public toilets, which are public spaces where individuals generally expect a reasonable degree of privacy, and where their body may be exposed. Voyeurism is an act which blatantly defies reasonable expectations of privacy that individuals have about their bodies, such as controlling its exposure to others.[7] Voyeurism is an offence to both the privacy as well as the dignity of a person, by infringing upon the right of individuals to control the exposure of their bodies without their consent or knowledge, either through unwarranted observation of the individual, or through distribution of images or videos against the wishes or without the knowledge of the victim.

Voyeurism is a criminal offence in many jurisdictions across the world such as Australia,[8] the United States,[9] Canada,[10] and the UK,[11] which criminalise either the capturing of certain images, or observation of individuals, or both. In India, the capturing, distribution and transferring of images of ‘private areas’ of a person’s body, under circumstances where the person would have a reasonable expectation of privacy that their body would not be exposed to public view, is punishable with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both. However, this does not cover instances where a person observes another in places and situations where they do not consent to being observed. The inclusion of voyeurism as an offence in the IPC would close several loopholes in the voyeurism law and hopefully be a precedent for the state to better work towards securing the bodily privacy of its citizens.

Examination of Sexual History and Privacy
Draft provision: The amendment to Section 53A of the Indian Evidence Act in the Bill reads, “In a prosecution for an offence under section 354, section 354A, section 354B, section 354C, sub-section (1) or sub-section (2) of section 376, section 376A, section 376B, section 376C, section 376D or section 376E of the Indian Penal Code or for attempt to commit any such offence, where the question of consent is in issue, evidence of the character of the victim or of such person’s previous sexual experience with any person shall not be relevant on the issue of such consent or the quality of consent.”

A similar proviso is added to Section 376 of the Indian Evidence Act.

According to the above provision, in a trial for sexual assault or rape the evidence supplied of a victim’s previous sexual experience or her ‘character’ would not be admissible as relevant evidence to determine the fact of the consent or the quality of the consent.

Current law and need for amendment: The Indian Evidence Act is the legislation which governs the admissibility of evidence in the different courts. In cases of rape or sexual assault and related crimes, the evidence of consent often considered is not just that of the consent of the woman in the act at that time itself, but rather her previous sexual experience and “promiscuous character”. Even though it has been widely censured by the highest court,[12] such practices continue to dominate and prejudice the justice of victims of sexual assault and harassment.[13] The examination of the victim’s sexual history in court is an unwarranted intrusion into their privacy through public disclosure of the sexual history and details of her sexual life, which causes potential embarrassment and sexual stereotyping of the victim, especially in a conservative, patriarchal society like in India. With the new amendments, such evidence will not be permitted in a court of law, hence, it will act as a safeguards against defendants attempting to influence the court's decision through disparaging the ‘character’ of the victim, and will protect the disclosure of intimate, personal details like previous sexual encounters of the victim.

Conclusion
Privacy, crime, and safety of women are intricately linked in any legal system. An essential part of the security of citizens is the safety of their privacy and personal information. If any legal system does not protect the privacy — both of body and of information — of its people, there will always be insecurity in such a system. With the recent debates on women’s safety, several crucial privacy and security issues have been raised, such as the criminalization of voyeurism and stalking, which is a huge boost for privacy rights of citizens in India, and it is hopeful that the government will continue the trend of considering privacy issues along when addressing security concerns for the state.

Update to the Criminal Law Amendment Bill 2013 - Penalising Peeping Toms and other privacy issues

The Criminal Law (Amendment) Bill, 2013, was made into law on April 3, 2013. Several provisions under the Act differ from the provisions in the ordinance. Under the Act, unlike in the Ordinance, the terms or watches or spies on a person in a manner that results in a fear of violence or serious alarm or distress in the mind of such person, or interferes with the mental peace of such person are not included as a part of the offence of stalking. Hence, the offence is limited to the physical act of following or contacting a person, provided that there has been a clear sign of disinterest, or to monitoring the use by a woman of the internet, email or any other forms of electronic communication.

Hence, from the confusing language of the provision, it would seem that the offence of stalking related to monitoring of activities of a woman is restricted to the monitoring of online communications, and not physical acts. The caveat of such monitoring having to cause serious alarm, distress or interference with the mental peace of the victim is also removed. The removal of unwaranted intrusion through watching or spying of a person, and indeed, the removal of any subjective test to determine the effect of stalking is a departure from stalking provisions accross the world, and is a setback for individual privacy, because stalking per se is a privacy offence, relating not only to the physical interference but also the mental harassment it causes to the victims.

The provision has also increased the puinishment for the crime in the first offence to upto three years, and subsequently to upto five years. Further, the provisions sought to be included within Section 53A and Section 376 of the Indian Evidence Act are now included in Section 146 of the Act.

Link to the Criminal Law (Amendment) Act, 2013

[1]. Criminal Law (Amendment) Ordinance, 2013, available at http://mha.nic.in/pdfs/criminalLawAmndmt-040213.pdf

[2]. http://bit.ly/10nMSTT

[3]. Anita Gurumurthy and Nivedita Menon, Violence against Women via Cyberspace, Economic and Political Weekly, 44 (40), 19, (October, 2009).

[4]. For example, see laws listed http://bit.ly/126hBpO

[5]. Section 66E, The Information Technology Act, 2000: ‘66E. Punishment for violation of privacy.- Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both.

Explanation - For the purposes of this section--

(a) “transmit” means to electronically send a visual image with the intent that it be viewed by a person or persons;
(b) “capture”, with respect to an image, means to videotape, photograph, film or record by any means;
(c) “private area” means the naked or undergarment clad genitals, pubic area, buttocks or female breast;
(d) “publishes” means reproduction in the printed or electronic form and making it available for public;
(e) “under circumstances violating privacy” means circumstances in which a person can have a reasonable expectation that--(i) he or she could disrobe in privacy, without being concerned that an image of his private area was being captured; or
(ii) any part of his or her private area would not be visible to the public, regardless of whether that person is in a public or private place.

[6]. Oxford English Dictionary, available at http://bit.ly/YN2ZvI

[7]. Lance Rothenberg, Rethinking Privacy: Peeping Toms, Video Voyeurs, and the failure of criminal law to recognize a reasonable expectation of privacy in the public space, American University Law Review, 49, 1127, (1999).

[8]. Section 91J, Crimes Act, 1910: "A person who, for the purpose of obtaining sexual arousal or sexual gratification, observes a person who is engaged in a private act without the consent of the person being observed to being observed for that purpose, and knowing that the person being observed does not consent to being observed for that purpose, is guilty of an offence."

[9]. Video Voyeurism Protection Act, 2004.

[10]. Section 162, Criminal Code of Canada: " (1) Every one commits an offence who, surreptitiously, observes — including by mechanical or electronic means — or makes a visual recording of a person who is in circumstances that give rise to a reasonable expectation of privacy, if
(a) the person is in a place in which a person can reasonably be expected to be nude, to expose his or her genital organs or anal region or her breasts, or to be engaged in explicit sexual activity;
(b) the person is nude, is exposing his or her genital organs or anal region or her breasts, or is engaged in explicit sexual activity, and the observation or recording is done for the purpose of observing or recording a person in such a state or engaged in such an activity; or
(c) the observation or recording is done for a sexual purpose.

[11]. Section 67, Sexual Offences Act, 2003.

[12]. http://bit.ly/10nNDwg

[13]. http://reut.rs/13CIDXU

For more details visit https://cis-india.org/internet-governance/blog/the-criminal-law-amendment-bill-2013

March 2013 Bulletin

praskrishna — 2013-04-14T11:45:29Z

The Centre for Internet & Society (CIS) welcomes you to the third issue of its newsletter for the year 2013. In this issue we bring you an overview of our research programs, updates of events organised by us, events we participated in, news and media coverage, and videos of some of our recent events.

Jobs
CIS invites applications for the posts of Developer (NVDA Screen Reader Project), Programme Officer (Access to Knowledge and Openness), and Programme Officer (Internet Governance). To apply send your resume to sunil@cis-india.org and pranesh@cis-india.org.

Accessibility

CIS is doing two projects in partnership with the Hans Foundation. One of this is to create a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India and another is for developing a screen reader and text-to- speech synthesizer for Indian languages. CIS is also working with the World Blind Union and many other organisations to develop a Treaty for the Visually Impaired helped by the WIPO:

National Resource Kit for Persons with Disabilities
Anandhi Viswanathan from CIS and Manojna Yeluri from the Centre for Law and Policy Research are working in this project. Draft chapters have been published. Feedback and comments are invited from readers for the chapters on Lakshadweep, Meghalaya and Uttar Pradesh:

The Lakshadweep Chapter (by Anandhi Viswanathan, March 25, 2013): The union territory of Lakshadweep has not passed any legislation for persons with disabilities, but implements the provisions under the central laws. The benefits currently available to persons with disabilities in Lakshadweep include disability pension, unemployment allowance and grant for setting up kiosks.
The Meghalaya Chapter (by Manojna Yeluri, March 25, 2013): Meghalaya is one of the few north-eastern states, which has appointed a Commissioner for Disabilities. Most of the schemes and benefits given to persons with disabilities in Meghalaya are under centrally sponsored schemes. Very few schemes are initiated by the state government.
The Uttar Pradesh Chapter (by Manojna Yeluri, March 31, 2013): The Government of Uttar Pradesh has established shelter homes and vocational training centres in several parts of the states — most recently in Meerut, Bareilly and Gorakhpur. It has also undertaken to finance nearly 4340 corrective surgeries for polio across nine cities of Uttar Pradesh. It also intends to start several projects in 2013. These include the establishment of a Braille Press in order to produce Braille books, magazines and other study material.

Resources
We now have a new section on our website which contains all government notifications, RTI applications, and accessibility related resources: cases, statutes, etc. The following were published earlier this month:

Information about Schemes for Disabled Persons in Haryana We received this notification on schemes and policies for persons with disabilities from the Government of Haryana.
Haryana Government Notification (Hindi version): The notification that we received from the state government was in Hindi. We will put up the English translation soon.
West Bengal (Govt) Notifications: We received a series of notifications from the West Bengal Government from its various departments such as finance, higher education, transport, health and family welfare, labour, land and land reforms, panchayats and rural development, etc. OCR versions of the same have been published.
Lakshadweep (Govt) Notifications: Notifications received from the Lakshadweep Government including guidelines for functioning of KIOSKS, grant of unemployment allowance and special jobs to persons with disabilities, issuing identity card to persons with disabilities for availing government benefits, etc., are published. OCR versions have also been put up.

Event Participated In

A Discussion on Intercept between UNCRPD & CEDAW (organized by the Shanta Memorial Institute of Rehabilitation – Odisha, CBR Network and Mitra Jyoti, Bangalore, Karnataka, February 4, 2013): Anandhi Viswanathan participated in this event.

Access to Knowledge and Openness

The Wikimedia Foundation awarded CIS a two year grant of INR 26,000,000 to support and develop the growth of Indic language communities and projects by community collaborations and partnerships. This is being carried out by the Access to Knowledge team based in Delhi. CIS is also doing a project (Pervasive Technologies) on examining the relationship between production of pervasive technologies and intellectual property. CIS also promotes openness including open government data, open standards, open access, and free/libre/open source software through its Openness programme.

Wikipedia

Beginning from September 1, 2012, Wikimedia Foundation awarded CIS a two-year grant of INR 26,000,000 to support and develop free knowledge in India. The A2K team consists of four members based in Delhi: T. Vishnu Vardhan, Nitika Tandon, Subhashish Panigrahi and Noopur Raval, and one team member Dr. U.B. Pavanaja who is working from Bangalore office.

Indic Wikipedia Visualisation Project

Visualising Basic Parameters (by Sajjad Anwar and Sumandro Chattapadhyay, March 26, 2013): Sajjad and Sumandro bring you a visualisation of the growth of Indic Wikipedia in this first post on Indic Wikipedia Visualisation project. They look into the different aspects of the past and present activities of Indic Wikipedias, and divide the visualisation into three different focus areas: (1) basic parameters, (2) geographic patterns of edits, and (3) exploring the topics that receives the greatest number of edits.

Events Organised

Introductory Wikipedia session at BITS Goa (organised by CIS, Birla Institute of Technology & Science, Pilani, Goa, March 7, 2013). The Access to Knowledge team was invited by Nikhil Dixit from BITS to organise a Wikipedia editing session. Nitika Tandon led the session on IP editing.
Kannada Wikipedia Workshop (organised by CIS, Institution of Engineers, JLB Road, Mysore, March 24, 2013). Dr. U.B. Pavanaja led this workshop.

Events Co-organised

Wiki Women's Day in Goa (organised by the Wikimedia India Chapter and CIS, Nirmala Institute of Education, Panaji, Goa, March 8, 2013). Nitika Tandon participated in this workshop held on International Working Women's Day, and shares the developments in this report.
Wikipedia Workshop for Kannada Science Writers (organised by Wikimedia India Chapter, Karnataka Rajya Vijnana Parishath and CIS, Karnataka Rajya Vijnana Parishath Conference Hall, Banashankari 2nd Stage, Bangalore, March 17, 2013). Dr. U.B. Pavanaja participated in the event.

Upcoming Event

Telugu Wiki Mahotsavam 2013 (co-organised with the Telegu Wikipedia community, Hyderabad, April 9 to 11, 2013). Vishnu Vardhan is participating in this event as a speaker. A public event will be held on April 11 from 5.00 p.m. to 8.00 p.m. at Golden Threshold (Sarojini Naidu's house) in Hyderabad.

Events Participated

Wikipedia Women's Workshop Bangalore 2013 (organised by Wikimedia India, Servelots Infotech, Jayanagar, Bangalore, March 8, 2013). The event was covered by Kannada Prabha on March 9, 2013. Dr. U.B. Pavanaja participated in the event.
Wikipedia at Avenir (organised by the Wikipedia community, Netaji Subhash Engineering College, Kolkata, West Bengal, March 11, 2013). CIS supported this event.

Event Report from Other Organisations
Wikipedia Community members helped the Higher Education Innovation and Research Applications Programme (HEIRA) of CSCS Bangalore to organize a day-long workshop on ‘Digital Literacy’ at Ahmednagar College, Ahmednagar, Maharasthra on January 17, 2013. Tanveer Hasan of HEIRA shares with us the developments in this report.

Other Openness Updates

Event Report

Iraqi Public Data Scenario Workshop: A Summary (by Sumandro Chattapadhyay, March 26, 2013): A workshop on public data was conducted by Sunil Abraham and Sumandro Chattapadhyay for the officials of the Government of Iraq. It was organized by UNDP Iraq in Amman, Jordan from October 18 to 23, 2012. Sumandro Chattapadhyay shares with us the developments from the workshop held over five days.

Event Participated

Open DataCamp - 2013 (organized by Open Data Camp, Dharmaram Vidya Kshetram (inside Christ University Campus), Dairy Circle, Bangalore, March 2 and 3, 2013): Sunil Abraham was a panelist.

HasGeek
HasGeek creates discussion spaces for geeks and has organised conferences like the Fifth Elephant, Droidcon India 2011, Android Camp, etc. HasGeek is supported by CIS and works from the CIS office in Bengaluru.

Upcoming Events

Pig Workshop (organized by HasGeek, Alchemy Solutions, Domlur, Bangalore, 9.00 a.m. to 6.00 p.m.): A workshop on how to use Pig for mining useful information from data. It is open to programmers who have a background in Java programming, some familiarity with Hadoop and MapReduce algorithms, and have worked with large chunks of data.
The Fifth Elephant 2013 (organized by HasGeek, July 11 to 13, 2013, NIMHANS Convention Centre, Bangalore).

Internet Governance

The Internet Governance programme conducts research around the various social, technical, and political underpinnings of global and national Internet governance, and includes online privacy, freedom of speech, and Internet governance mechanisms and processes. Currently, CIS is doing a project with Privacy International, London to facilitate research and events around surveillance, and freedom of speech and expression.

Privacy

Policy

Draft Human DNA Profiling Bill (April 2012): High Level Concerns (by Elonnai Hickok, March 12, 2013). The post examines the high level concerns that CIS has with the April 2012 draft of the Bill.
Human DNA Profiling Bill 2012 Analysis (by Jeremy Gruber, Council for Responsible Genetics, US, March 19, 2013). Jeremy provides an analysis of the Human DNA Profiling Bill, 2012. He says that India’s updated 2012 Human DNA Profiling Bill offers largely superficial changes from its predecessor, the Draft DNA Profiling Bill, 2007.

The Privacy (Protection) Bill 2013: A Citizen's Draft (by Bhairav Acharya, March 26, 2013). Bhairav Acharya has drafted the Privacy (Protection) Bill 2013. It contains provisions that speak to data protection, interception, and surveillance and also establishes the powers and functions of the Privacy Commissioner, and lays out offenses and penalties for contravention of the Bill. The Bill represents a citizen's version of possible privacy legislation for India, and will be shared with key stakeholders including civil society, industry, and government.

Upcoming Events

A Privacy Round Table in Delhi (organized by CIS and Federation of Indian Chambers of Commerce and Industry, FICCI Federation House, Tansen Marg, New Delhi, April 3, 2013).
A Privacy Round Table in Bangalore (organized by CIS and Federation of Indian Chambers of Commerce and Industry, Jayamahal Palace, Jayamahal Road, Bangalore, April 20, 2013).

Event Organized

Analyzing the Draft Human DNA Profiling Bill 2012 (organized by the Centre for Internet and Society, Bangalore, March 1, 2013): Maria Xynou shares a summary of the workshop in this report.

Events Participated In

Global Partners Meeting @ London (organized by Privacy International, London School of Economics and Political Science, March 22 – 25, 2013). Sunil Abraham and Malavika Jayaram participated in the event.
India’s Civil Liberties Crisis: Of Bans, Blocks, Bullying and Biometrics (organized by the Center for Global Communication Studies, Annenberg School of Communication, University of Pennsylvania, Philadelphia, March 28, 2013). Malavika Jayaram participated as a speaker.
Future of Privacy in India (organized by DSCI and ICOMP, Oberoi Hotel, New Delhi, April 5, 2013). Sunil Abraham is a speaker at this event.

Blog Posts

Hacking without borders: The future of artificial intelligence and surveillance (by Maria Xynou, March 15, 2013). In this post, Maria looks at some of DARPA´s artificial intelligence surveillance technologies in regards to the right to privacy and their potential future use in India.
Driving in the Surveillance Society: Cameras, RFID tags and Black Boxes... (by Maria Xynou, March 26, 2013). Maria examines red light cameras, RFID tags and black boxes used to monitor vehicles in India.
Microsoft Releases its First Report on Data Requests by Law Enforcement Agencies around the World (by Maria Xynou, March 27, 2013). CIS presents Microsoft´s report on law enforcement requests, with a focus on data requested by Indian law enforcement agencies.
The Criminal Law Amendment Bill 2013 — Penalising 'Peeping Toms' and Other Privacy Issues (by Divij Joshi, March 31, 2013). The pending amendments to the Indian Penal Code, if passed in their current format, would be a huge boost for individual physical privacy by criminalising stalking and sexually-tinted voyeurism and removing the ambiguities in Indian law which threaten the privacy and dignity of individuals.

IT Act

Featured Blog Post

CIS Welcomes Standing Committee Report on IT Rules (by Pranesh Prakash, March 27, 2013). CIS welcomes the report by the Standing Committee on Subordinate Legislation, in which it has lambasted the government and has recommended that the government amend the Rules it passed in April 2011 under section 79 of the Information Technology Act. The post was quoted in: The Times of India (March 28, 2013), The Statesman (March 28, 2013), Economic Times (March 28, 2013), Data Quest (March 28, 2013), and The Hindu (April 1, 2013).

Submissions
Bhairav Acharya, on behalf of CIS submitted comments to the Committee on Subordinate Legislation of the 15^th Lok Sabha for the following rules:

Comments on the Information Technology (Electronic Service Delivery) Rules, 2011. The Rules were notified by the Central Government in the Gazette of India vide Notification GSR 316(E) on April 11, 2011.
Comments on the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. The Rules were notified by the Central Government in the Gazette of India vide Notification GSR 313(E) on April 11, 2011.
Comments on the Information Technology (Guidelines for Cyber Cafe) Rules, 2011. The Rules were notified by the Central Government in the Gazette of India vide Notification GSR 315(E) on April 11, 2011.

Note: The above rules were submitted earlier but published on our website only recently.

Unique ID Project

Event Organized

Unique Identity Number (UID), National Population Register (NPR), and Governance (organized by CIS and Say No to UID Campaign, TERI, Bangalore, March 2, 2013): CIS interviewed Usha Ramanathan and Anant Maringanti. Watch the videos uploaded in this blog post by Maria Xynou. This was covered in newzfirst on March 3, 2013 and in the Hindu on March 3, 2013.

Interview

Unique Identification Scheme (UID) & National Population Register (NPR), and Governance (by Elonnai Hickok, March 14, 2013). The post examines the UID, NPR and Governance as it exists in India. A video on the UID interview Questions and Answers is published.

News and Media

Indian ID crisis unveils Aadhaar doubts (ZDNet, March 14, 2013). Sunil Abraham is quoted.
New $1 Billion RIC Project Casts Doubts on Aadhaar (AEG India, March 16, 2013). Sunil Abraham is quoted.

Blog Entry

India's Biometric Identification Programs and Privacy Concerns (by Divij Joshi, March 31, 2013).

Free Speech and Expression

News and Media

Foreign Funding of NGOs (by Prashant Reddy, Open Magazine, March 2, 2013).
Iceland’s proposed porn ban ‘like repression in Iran, N. Korea’ – activists (RT, March 1, 2013). Sunil Abraham is quoted.
Chidambaram to Talk Budget on Google+ Hangout (by Dhanya Ann Thoppil, Wall Street Journal, March 4, 2013). Sunil Abraham is quoted.
Responding to govt requests is a challenge for online firms: Colin Maclay (LiveMint, March 13, 2013). Colin M. Maclay, managing director of Berkman Center for Internet and Society at Harvard mentioned CIS.
Indian police set up lab to monitor social media (originally published by AFP, March 18, 2013, and also carried in Global Post on the same day). Sunil Abraham is quoted.
Namaste, Mr. Eric Schmidt (by R. Jai Krishna, Wall Street Journal, March 20, 2013). Sunil Abraham is quoted.
Parliament panel blasts govt over ambiguous internet laws (by Ishan Srivastava, The Times of India, March 28, 2013). Pranesh Prakash is quoted.
What if the Net shut down for a few days (by Atul Sethi, The Times of India, March 30, 2013). Sunil Abraham is quoted.
Press controls ‘send wrong message to rest of world’ (by Jerome Starkey from Johannesburg, Francis Elliott from Delhi and David Brown, The Times, UK).

Event Organized

Freedom Song: Film Screening and Discussion (IIHS Bangalore City Campus, March 21, 2013). Freedom Song, a documentary film produced by the Public Service Broadcasting Trust and directed by Paranjoy Guha Thakurta and Subi Chaturvedi was screened.

Events Participated In

Is Social Media Incredible? (organized by Indian Institute of Journalism & New Media, Bangalore, March 2, 2013). Snehashish Ghosh participated in a panel discussion. The New Indian Express published a post-event report.
Rethinking the Internet: The Way Forward (organized by Telecom Italia and Financial iTimes, Telecom Italia Future Centre, Italy, March 21 – 22, 2013). Pranesh Prakash participated in this event.

Others

Events Organised

DML 2013: Fourth Annual Conference (co-organised by CIS and Digital Media & Learning Research Hub Central, Sheraton Chicago Hotel & Towers - Chicago, Illinois, March 14 – 16, 2013). We had a special track that ran through the conference on "Whose Change Is It Anyway? Futures, Youth, Technology And Citizen Action In The Global South (And The Rest Of The World)". Noopur Raval was one of the 16 presenters that we had selected on the tracks. Nishant Shah was one of the members in the Conference Committee.

Blog Posts

WGIG+8: Stock-Taking, Mapping, and Going Forward (Fontenoy Building, conference room # 7, UNESCO Headquarters, Paris, February 27, 2013). Pranesh Prakash was the moderator for the session. A summary of the discussion has been published.
What’s In a Name? — DNS Singularity of ICANN and the Gold Rush (by Sharath Chandra Ram, March 31, 2013). March 2013 being the 28th birthday of the first ever registered Internet domain as well as the exigent launch of the Trademark Clearing House disguised as a milestone in rights protection by ICANN for its new gTLD program, Sharath Chandra Ram, dissects the transitory role of ICANN from being a technical outfit to the Boardroom Big Brother of Internet Governance.
An Introduction to Bitfilm & Bitcoin in Bangalore, India (by Benson Samuel, March 12, 2013). Video of the event organized by CIS on January 23, 2013 is published in this blog post.

Knowledge Repository on Internet Access

CIS in partnership with the Ford Foundation is executing a project on Internet Access. It covers the history of the internet, technologies involved, principle and values of internet access, broadband market and universal access and will touch upon various polices and regulations which has an impact on internet access and bodies and mechanism which are responsible for formulation policies related to internet access. The blog posts and modules will be published in a new website: www.internet-institute.in.

Upcoming Event
We are hosting an “Institute on Internet and Society” in collaboration with the Ford Foundation India, which is to be held from June 8, 2013 to June 14, 2013. Call for registration and relevant details will be announced soon on our website.

The following units have been published:

Internet Protocols (by Srividya Vaidyanathan, March 18, 2013).
How email works, how do you get your email? Email Protocols (SMTP, POP, IMAP), SPAM/Phishing (by Srividya Vaidyanathan, March 19, 2013).
Internet Corporation for Assigned Names and Numbers (by Snehashish Ghosh, March 19, 2013).
ITU sectors — ITU-R, ITU-T, ITU-D, etc. (by Snehashish Ghosh, March 27, 2013).
World Conference on International Telecommunications 2012 (by Snehashish Ghosh, March 29, 2013).

Telecom

CIS is involved in promoting access and accessibility of telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Are India's Glory Days Over? (by Shyam Ponappa, Organizing India Blogspot, March 8, 2013, originally published in the Business Standard, March 6, 2013).

Digital Natives

Digital Natives with a Cause? examines the changing landscape of social change and political participation in light of the role that young people play through digital and Internet technologies, in emerging information societies. Consolidating knowledge from Asia, Africa and Latin America, it builds a global network of knowledge partners who critically engage with discourse on youth, technology and social change, and look at alternative practices and ideas in the Global South:

Events Participated In

Video Vortex # 9 Re:assemblies of Video (organized by the Institute of Network Cultures, Post Media Lab, Moving Image Lab, Leuphana, et.al, February 28 – March 2, 2013). Nishant Shah gave the key note. Videos of the event are published.

Digital Humanities

From 2012 to 2015, the Researchers @ Work series is focusing on building research clusters in the field of Digital Humanities. We organised the first Habits of Living workshops in Bangalore last year. The next workshop is being held in Brown University

Event Co-organised

Habits of Living: Networked Affects, Glocal Effects (co-organised with Brown University, March 21 – 23, 2013, Brown University, Rhode Island). Nishant Shah was a speaker at this event. He made a presentation on network ontologies.

Event Participated

Korean Trans Cine-Media in Global Contexts: Asia and the World (organized by Trans-Asia Screen Culture Institute, Cinema Studies, Korean National University of Arts, Korean Film Archive and Tsubouchi Memorial Theatre Museum, Waseda University, Seoul, March 27 – 29, 2013). Nishant Shah was a speaker at this event. He spoke on "The Asian Intercourse: Reimagining the Inter-Asia moment through ‘net-porn’ in networks".

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

Follow us elsewhere

Get short, timely messages from us on Twitter
Join the CIS group on Facebook
Visit us at http://cis-india.org

Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration

We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/march-2013-bulletin

India's Biometric Identification Programs and Privacy Concerns

divij — 2016-07-21T10:51:42Z

The invasiveness of individual identification coupled with the fallibility of managing big data which biometric identification presents poses a huge risk to individual privacy in India.

Divij Joshi is a 2nd year at NLS. He is interning with the Centre for Internet and Society for the privacy project. This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Introduction

Biometric technology looks to be the way ahead for the Indian government in its initiatives towards identification. From the Unique Identity Scheme (Aadhaar) to the National Population Register and now to Election ID’s, [1] biometric identification seems to have become the government’s new go-to solution for all kinds of problems. Biometrics prove to be an obvious choice in individual identification schemes – it’s easiest to identify different individuals by their faces and fingerprints, unique and integral aspects of individuals – yet, the unflinching optimism in the use of biometric technology and the collection of biometric data on a massive scale masks several concerns regarding compromises of individual privacy.

‘Big Data’ and Privacy Issues

Biometric data is going to be collected under several existing and proposed identification schemes of the government, from the Centralized Identities Data Register of the UID to the draft DNA Profiling Bill which seeks to improve criminal forensics and identification. With the completion of the biometric profiling under the UID, the Indian government will have the largest database of personal biometric data in the world. [3] With plans for the UID to be used for several different purposes — as a ration card, for opening a banking account, for social security and healthcare and several new proposed uses emerging everyday,[1] the creation of ‘Big Data’ becomes possible. ‘Big Data’ is characterized by the volume of information that is produced, the velocity by which data is produced, the variety of data produced and the ability to draw new conclusions from an analysis of the data.[2] The UID will generate “Big Data” as it is envisioned that the number will be used in every transaction for any platform that adopts it — for all of the 1.2 billion citizens of India. In this way the UID is different any other identity scheme in India, where the identifier is used for a specific purpose at a specific point of time, by a specific platform, and generates data only in connection to that service. Though the creation of “Big Data” through the UID could be beneficial through analysing data trends to target improved services, for example, at the same time it can be problematic in case of a compromise or breach, or if generated information is analyzed to draw new and unintended conclusions about individuals without their consent, and using information for purposes the individuals did not mean for it to be used.

Biometric ID and Theft of Private Data

The government has touted identification schemes such as the UID and NPR as a tool to tackle rural poverty, illegal immigration and national security issues and with this as the premise, the concerns about privacy seem to have been left in the lurch. The optimism driving the programmes also means that its potential fallibility is often overlooked in the process. Biometric technology has been proven time and again to be just as easily jeopardized as any other and the threat of biometric identity theft is as real and common as something like credit card fraud, with fingerprints and iris scans being easily capable of replication and theft without the individual owners consent. [2] In fact, compromise or theft of biometric identity data presents an even greater difficulty than other forms of ID because of the fact that it is unique and intrinsic, and hence, once lost cannot be re-issued or reclaimed like traditional identification like a PIN, leaving the individual victim with no alternative system for identification or authentication. This would also defeat the entire purpose behind any authentication and identification schemes. With the amount of personal data that the government plans to store in databases using biometrics, and without adequate safeguards which can be publicly scrutinized, using this technology would be a premature and unsafe move.

Biometric data and Potential Misuse

Centralised data storage is problematic not only for the issues with data compromise and identity theft, but the problems of potential third-party misuse in the absence of an adequate legal framework for protecting such personal data, and proper technical safeguards for the same, as has been pointed out by the Standing Committee on Finance in its report on the UIDAI project.[4] The threat to privacy which these massive centralized databases pose has led to the shelving of similar programmes in England as well as France. [4] Further, concerns have been voiced about data sharing and access to the information contained in the biometric database. The biometric database is to be managed by several contracting companies based in the US. These same companies have legal obligations to share any data with the US government and Homeland Security. [5]

A second, growing concern over biometric identification schemes is over the use of biometrics for state surveillance purposes. While the UID’s chief concern on paper has been development, poverty, and corruption alleviation, there is no defined law or mandate which restricts the number from being used for other purposes, hence giving rise to concerns of a function creep - a shift in the use of the UID from its original intended purpose. For example, the Kerala government has recently proposed a scheme whereby the UID would be used to track school children.[5] Other schemes such as the National Population Register and the DNA Profiling Bill have been specifically set up with security of the State as the mandate and aim.[6] With the precise and accurate identification which biometrics offers, it also means that individuals are that much easier to continuously survey and track, for example, by using CCTV cameras with facial recognition software, the state could have real-time surveillance over any activities of any individual.[7]

With all kinds of information about individuals connected by a single identifier, from bank accounts to residential and voter information, the threat of increased state surveillance, and misuse of information becomes more and more pronounced. By using personal identifiers like fingerprints or iris scans, agencies can potentially converge data collected across databases, and use it for different purposes. It also means that individuals can potentially be profiled through the information provided from their various databases, accessed through identifiers, which leads to concerns about surveillance and tracking, without the individuals knowledge. There are no Indian laws or policies under data collection schemes which address concerns of using personal identifiers for tracking and surveillance.[8] Even if such such use is essential for increased national security, the implementation of biometrics for constant surveillance under the present regime ,where individuals are not notified about the kind of data being collected and for what its being used, would be a huge affront on civil liberties, as well as the Right to Privacy, and prove to be a powerful and destructive weapon in the hands of a police state. Without these concerns being addressed by a suitable, publicly available policy, it could pose a huge threat to individual privacy in the country. As was noted by the Deputy Prime Minister of the UK, Nick Clegg, in a speech where he denounced the Identity Scheme of the British government, saying that “This government will end the culture of spying on its citizens. It is outrageous that decent, law-abiding people are regularly treated as if they have something to hide. It has to stop. So there will be no ID card scheme. No national identity register, a halt to second generation biometric passports.” [6]

Biometric technology has been useful in several programmes and policies where its use has been open to scrutiny and restricted to a specific function, for example, the recent use of facial recognition in Goa to tackle voter fraud, and similar schemes being taken up by the Election Commission. [7] However, with lack of any guidelines or specific legal framework covering the implementation and collection of biometric data schemes, such schemes can quickly turn into ‘biohazards’ for personal liberty and individual privacy, as has been highlighted above and these issues must be brought to light and adequately addressed before the Government progresses on biometric frontiers.

[1]. http://www.goacom.com/goa-news-highlights/3520-biometric-scanners-to-be-used-for-elections.

[2]. http://www.wired.com/threatlevel/2008/03/hackers-publish.

[3].https://www.eff.org/deeplinks/2012/09/indias-gargantuan-biometric-database-raises-big-questions.

[4]. http://www.informationweek.com/security/privacy/britain-scraps-biometric-national-id-car/228801001.

[5]. http://www.thehindu.com/opinion/op-ed/questions-for-mr-nilekani/article4382953.ece.

[6]. http://news.bbc.co.uk/2/hi/8691753.stm

[7]. Supra note 1.

For more details visit https://cis-india.org/internet-governance/blog/indias-biometric-identification-programs-and-privacy-concerns

What’s In a Name? — DNS Singularity of ICANN and The Gold Rush

sharath — 2013-03-31T05:35:33Z

March 2013 being the 28th birthday of the first ever registered Internet domain as well as the exigent launch of the Trademark Clearing House disguised as a milestone in rights protection by the Internet Corporation for Assigned Names and Numbers (ICANN) for it’s new gTLD program, Sharath Chandra Ram, dissects the transitory role of ICANN from being a technical outfit to the Boardroom Big Brother of Internet Governance.

Click to read more about the Trademark Clearing House.

As a non-profit organization, established in agreement with the US Department of Commerce in 1998, the current arrangement of ICANN has come under serious questions in recent years, with the United Nations wanting the ITU to oversee Internet Governance while Europe seeking more public participation in the decision making process that currently comprises a majority of private stakeholders as ICANN board members with vested interests. In this post we shall look at a few instances that give room for thought about the regulatory powers and methods adopted by ICANN as well as reparatory measures taken to reaffirm it’s image as an able governing body amidst disputes over trademarks and fair competition that might actually call for a wider and objective inclusion in future. An outline of functional and structural arrangements of ICANN maybe found at the CIS Knowledge Repository page.

The Business Model

Earlier this month, (March 15, 2013) was the 28^th birthday of symbolics.com, the first ever domain name registered in 1985 through the formal ICANN process. (nordu.net being the first domain name created by the registry on January 1, 1985 for the first root server, nic.nordu.net) Symbolics, that spun-off the MIT AI Lab and specialized in building workstations running LISP finally sold the domain for an undisclosed amount to XY.com, an Internet investment firm that has been proudly boasting about their acquired relic for over three years now. The golden days of fancy one word domain name resale at exorbitant prices are over, as Google’s page ranking crawler now really looks at unique content and backlinks. Nevertheless, those with the same archaic view of a real estate agent still believe that a good domain name does have a high ROI and have managed to find naïve takers who will offer ridiculous amounts. One of many such examples is the plain looking www.business.com that was bought initially for $1,50,000 and changed hands twice from $7.5 million to an absurd $345 million of R.H. Donnelley Inc., that soon filed for bankruptcy!

The top level domain market however, is consistently lucrative. A TLD registry on an average receives $5 - $7 per domain registered under it. So the .COM registry run by VeriSign which, as of 2013 has over a 100 million registered domains, receives a revenue of $500 to $700 million per year of which a fraction is paid to ICANN periodically on a per-registration or per-renewal basis. Competing registrars and registries across TLDs, their revenue generation practices as well as the application process for new TLDs gradually began to be regulated by ICANN in mysterious ways, as we will see in the following legal case studies.

VeriSign vs. ICANN

VeriSign began to operate the .COM and .NET TLD after taking over Network Solutions Inc. and entering into a contractual agreement with ICANN in 2001. Let’s take a look at some methods used by VeriSign to garner internet traffic and registrant revenue, that were clamped down by the ICANN, which resulted in a lawsuit by plaintiff VeriSign claiming prevention of fair competition and revenue by impeding innovation.

Clamping of Site Finder & WLS: In September 2003, VeriSign introduced a Wild Card DNS Service called Site Finder for all .com and .net domains. This meant that any user trying to access a non-existent domain name no longer received the 404 Error but were instead redirected to the VeriSign website with adverts and links to affiliate registrars. Often a result of a misspelled domain, in ICANN’s view, the redirection by VeriSign amounted to typo squatting internet users as within a month VeriSign’s traffic rose dramatically moving it to the top 20 most visited websites on the web. As seen below in this archived image of Alexa’s 2003 traffic statistic (Courtesy: cyber.law.harvard.edu).

Shortly, in October 2003, ICANN issued a suspension ultimatum pointing Site Finder in violation of the 2001 .Com agreement. This was not the first time ICANN clamped down on VeriSign’s ‘profiteering’ methods. In 2001, ICANN prevented VeriSign’s WLS (Wait Listing Service) that allowed a registrant (through selected participating affiliate registrars of VeriSign) to apply to register an already registered domain in the event that the registration is deleted – a nifty scheme considering the fact that about 25000 domains are deleted everyday!

Remarks and Submissions

The long drawn case of VeriSign Vs. ICANN ended on a reconciliatory note, with ICANN bringing the Site Finder service to a halt at the cost of VeriSign walking away happier with a free 5 year extension on the .COM domain (2007 extended to 2012).

While the ingenious Site Finder service did pose a huge problem to spam filters, both the WLS and yet another service that VeriSign launched to allow registration of non-English language SLDs were also met with a cringe by ICANN.

However looking closer, one may realize that the act of ICANN permitting a DNS root redirect service such as Site Finder for all TLD operators (with an acceptable template that also carried information about the 404 error besides other marketing options) meant the first step towards paving the way towards a plausible scenario of multiple competing DNS roots across TLDs being able to interact with each other — a system often argued by network theorists to be the most efficient and competitive model that would reduce the disjoint between the demand and supply of TLDs in a decentralized infrastructure, and that definitely was not in the best interest of ICANN’s monopolistic plan. Hence, this could be seen as a move by ICANN to nip the Site Finder bud while still young.

Finally, as brought to public notice in more than one instance (name.Space Vs. ICANN, IOD Vs. ICANN), the vested interests of ICANN board members has come under glaring light. Can the ICANN leadership consisting of members from the very same domain name business industry be able to objectively deal with competing registry services and legal issues? Conspicuous targets have been chairperson Steve Crocker who owns a consulting firm Shinkuro, whose subtle investor is infact AFILIAS INC which runs the .INFO and .MOBI TLDs, provides backend services to numerous TLDs (.ORG, .ASIA, .AERO (aviation)), has applied for a further 31 new TLDs and has it’s CTO Ram Mohan on the Board of Directors of ICANN. Also ICANN Vice Chariman, Bruce Tonkin is Senior Executive at Australia’s largest domain name provider Melbourne IT, and Peter Thrush former chairman of the ICANN Board of Directors is Executive Chairman of Top Level Domain Holdings,Inc which filed 92 gTLD applications in 2012.

Trademark Protection and Domain Names

Image Online Design (IOD) is a company that since 1996 has been providing Internet registry services using the trademark .WEB (trademark #3,177,334 including computer accessories) registered with the US Patents and Trademarks Office (USPTO).

It’s registry services however, were not through the primary DNS root server maintained by ICANN, but through an alternate DNS root that required prospective users to manually make changes in their browser settings in order to resolve .WEB domains registered through IOD. Despite not running the primary DNS root server for. WEB, by the year 2000 IOD had acquired about 20,000 registered .WEB customers.

The beacon of ‘hope’ arrived upon IOD in mid-2000 as ICANN (on advise of supporting organization GNSO) opened a call for proposals for registrations of new TLDs, with a non-refundable deposit of $50,000 for an application to be considered. By then the importance of the .WEB TLD for e-commerce was well known amongst ICANN board members with Louis Touton lobbying for his preferred applicant AFILIAS INC to be given the .WEB TLD, with others raising concerns about IOD’s preregistration of .WEB domains. One of the founding fathers of the internet, Vinton Cerf, the then Chairman of ICANN took a benevolent stance-- "I'm still interested in IOD," he repeated over Touton's objections. "They've worked with .WEB for some time. To assign that to someone else given that they're actually functioning makes me uneasy," he said, prompting board member Linda Wilson to chime in, "I agree with Vint." (http://goo.gl/d1v6X , http://goo.gl/eV9Jd).

Finally amidst all the contention, no one was offered the .WEB domain and ICANN announced that all applications not selected will remain pending and those who submitted will have the option of being re-considered when additional TLD selections are made in future. And the future being, 2012, when ICANN invited a new round of TLD applicants, this time with the non-refundable deposit of whopping $185,000 for a single application (1 TLD/application as opposed to the $50,000 in the year 2000 that allowed multiple TLD requests within the same application) to be considered. While 7 new applicants for the .WEB TLD registered their interest, IOD considered their application to be still pending and did not join the new pool that included AFILIAS INC. and GOOGLE.

The litigation of IOD Vs ICANN ended in Feb 2013, with IOD claiming weak causes of action under “Trademark Infringement” and “Breach of Contract” &“Fair Dealing” hinging on the fact that the initial $50,000 application was still pending and never was officially rejected by ICANN. Further, there was not enough room to make a valid trademark infringement, as there was no substantial room for consumer confusion in the .WEB case.

Remarks and Submissions

The IOD Vs. ICANN case not only increased concerns globally, over the uncertainty associated with the ICANN application process for generic TLDs along with questions regarding the objectivity of its board members, but at the same time has alerted ICANN to take the necessary big sister steps to ensure that it’s well in the game.

The fact of the matter is that the USPTO does not provide trademark protection services for the Top level Domain industry citing the reason that TLDs trademarks do not provide a distinct service mark that can identify or differentiate the service of an applicant from others, and further cannot be used to ascertain the source of an applicant’s services. This view is flawed, as by looking at a TLD, say BBC.com, an informed person can easily say that VeriSign INC manages the service of directing a user to a correct location on the .COM registry. With introduction of new gTLDs, perhaps BBC would shift it’s content to BBC.news, where the source may be an abstracted Registrar and the nature of service being quite evident. And to those registered trademarks, especially those that shall result in substantial brand confusion to the customer if infringed, granting a TLD like .ibm or .bbc may well be granted to the owner of the trademark who may then outsource registry services to a service provider. This shall invert the current model by relegating the role of a TLD registry holder to that of a contracted service provider.

So the question is, should have the US Department of Commerce, who contracted ICANN in the first place, mediated with USPTO to place the business of a registrar on par with other trades and businesses, and modify it’s trademark infringement policies? And more importantly, will ICANN view this as introducing yet another key stakeholder to the gTLD assignment process?

The answer to the latter is already clear as ICANN being in the top of it’s game decided to take matters into its own hands and on March 26, 2013) launched http://trademark-clearinghouse.com/ with a new set of guidelines for accepted trademarks and a mechanism that allows trademark holders to submit their application to a central repository.

Accepted trademark holders shall be given priority to register gTLDs during the ‘sunrise’ period. Deloitte Enterprise Risk Services have been assigned the responsibility of evaluating submitted trademarks while IBM shall maintain the actual database of trademarks by the later half of 2013.

The tip of the iceberg is well in scope of view. ICANN46 is currently being hosted in Beijing, at the China Internet Network Information Centre (CINIC) from April 7 to 11, 2013 while hopefully parallel discussions will happen on all other global forums to hopefully re-consider a future of multiple competing DNS root servers towards healthy competition that is decentralized.

Key References

http://www.icann.org/en/news/litigation
http://cyber.law.harvard.edu/tlds/
Lynn, S. [2001] “Discussion Draft: A Unique, Authoritative Root for the DNS” Internet Corporation for Assigned Names and Numbers, 28 May, 2001.
Internet Architecture Board [2000] “IAB Technical Comment on the Unique DNS Root.” RFC 2826, Internet Society, May 2000.

For more details visit https://cis-india.org/internet-governance/blog/dns-singularity-of-icann-and-the-gold-rush

What if the Net shut down for a few days

praskrishna — 2013-04-03T11:01:38Z

When spammers attacked Spamhaus, a European spam-fighting group in what was billed as the "biggest cyber attack in history", they managed to temporarily slow down the internet. But what if dedicated attackers succeeded in shutting down the internet for a longer time, maybe a few days? What would be the potential impact of such a scenario in a world where crucial data is stored on emails, most financial transactions have shifted online and an entire generation has grown up not realising what life without the web could be like?

The article by Atul Sethi was published in the Times of India on March 30, 2013. Sunil Abraham is quoted.

"The thought itself is frightening," says Vijay Mukhi, president of the Foundation of Information Security and Technology and co-founder of the Internet Users Community of India. "Most people use their email or cloud computing to store their data. What happens when you can't access your crucial information? Also, financial activity in the absence of the internet will come to a standstill since there would be no money flow happening between banks or transactions in the stock market. The implications are huge. And I'm not even thinking of the withdrawal symptoms that many youngsters are going to go through when they can't log on. "

However, contrary to the horror that this situation might elicit from those whose lives revolve around the web, the impact on India, at least, should not be much, says Sunil Abraham, director of the Bangalore-based Centre for Internet and Society. "An internet blackout in India can at most be compared to a bandh. Life becomes uncomfortable but it still goes on. This is because in India, the internet is used by just about 20% of the population. At the most, one can argue that since this 20% also constitutes the elite of the country - bureaucrats, politicians, businessmen, media, etc, any disruption in their work could also affect the remaining 80% of the country indirectly."

Even though complete shutdown of the internet is believed to be virtually impossible - since it is made up of thousands of interconnections which ensure its infallibility - hackers haven't stopped trying as the latest cyber attack shows. Internet security consultant Ankit Fadia points out that the only way somebody can bring down the internet is if a few million hackers combine together as part of a sustained project. "Even then, it's a remote possibility that they can pull it off," he says.

If it does happen, though, remember to polish up your letter-writing skills and go over to your friend's house if you want to chat.

For more details visit https://cis-india.org/news/times-of-india-atul-sethi-march-30-2013-what-if-the-net-shut-down-for-a-few-days

A Privacy Round Table in Delhi

praskrishna — 2013-04-12T09:33:46Z

The Centre for Internet and Society and the Federation of Indian Chambers of Commerce and Industry cordially invite you to a "Privacy Round Table" at the FICCI Federation House in Tansen Marg, New Delhi on April 13, 2013, from 10.30 a.m. to 4.00 p.m.

To discuss, in furtherance of Internet Governance Initiatives and Dialogue in 2013, the “Report of the Group of Experts on Privacy” by the Justice AP Shah Committee, and the text of the Citizens’ Privacy (Protection) Bill 2013, drafted by the Centre for Internet and Society.

The discussions and recommendations from the meeting will be published into a compilation, and presented at the Internet Governance meeting planned for October 2013.

Time	Detail
10.30 11.30	Overview of Justice AP Shah report: Purpose, principles, and framework
11.30 12.00	Tea
12.00 13.00	Overview, explanation, and discussion on the Citizens’ Privacy Protection Bill 2013
13.00 14.00	Lunch
14.00 16.00	In depth explanation and discussions regarding the Citizens’ Privacy Protection Bill 2013 (time for review and comments)
16.00 16.30	Tea

Confirmations and RSVP

Please send your email confirmations for attending the first New Delhi Roundtable on April 13, 2013, to Snehashish Ghosh at snehashish@cis-india.org, mobile no. +91- 9902763325,latest by end-of-business 5:30 p.m. on Friday April 5, 2013. As the conference is a roundtable dialogue, we request that attendees submit a brief introduction about themselves and their interest in the topic.

For more details visit https://cis-india.org/internet-governance/events/privacy-round-table

Parliament panel blasts govt over ambiguous internet laws

praskrishna — 2013-03-28T08:37:30Z

The Parliamentary Standing Committee on Subordinate Legislation has come out with a report in which it has lambasted the government and asked it to make changes to IT rules that govern internet-related cases in India.

This article by Ishan Srivastava was published in the Times of India on March 28, 2013. Pranesh Prakash is quoted.

It said in the report that multiple clauses in the laws had inherent ambiguity and that discrepancies exist in the government's stand on whether some rules are mandatory or only of advisory nature.

The committee said that inherent ambiguity of words like 'blasphemy' and `disparaging', among others, could lead to harassment of people as has happened with Section 66A of the IT Act repeatedly in recent times. Incidents include the arrest of two girls over 'liking' a Facebook post and a defamation case against an individual for an 'offensive' tweet. It has also been used by multiple politicians to suppress voices of dissent by branding them as 'defamatory'.

These ambiguous terms are used in the Intermediary Guidelines rules, passed in April 2011, which the committtee said could lead to legitimate speech being removed. Also, the Standing Committee noted that many categories of speech prohibited by the Intermediary Guidelines rules were not prohibited by any statute, and hence could not be prohibited by the government through these rules. The Standing Committee has asked the government to ensure that "no new category of crimes or offences is created" by these rules.

The committee also said that discrepancies exist in the nature of implementation of these laws. While the government's stand is that Intermediary Guidelines are only "of advisory nature and self-regulation" and that "it is not mandatory for the Intermediary to disable the information", the wording of the laws suggest otherwise. In many of the laws, terms like "shall act" within 36 hours are used. The committee said that there was a "need for clarity on the aforesaid contradiction" and "safeguards to protect against any abuse" since it could lead to censorship.

"The government has told the Committee that the rules are for "self-regulation", but they in fact aren't. The rules dictate what content cannot be hosted. And our research found that intermediaries react to fake takedown requests too, just to avoid being liable for their users' content. This is not self-regulation, but government-mandated private censorship," said Pranesh Prakash, policy director at the Centre for Internet and Society (CIS). CIS is a Bangalore-based non-profit body looking at issues of public accountability, privacy, free expression, and openness, and has consistently argued that many parts of the IT Act are unconstitutional.

The committee also suggested that all evidence relating to foreign websites refusing to honour Indian laws should be made public and a public debate should be encouraged as the internet is a global phenomena. Recently there have been instances of issues between the Indian government and tech giants like Facebook and Google related to censorship and taking down of 'offensive' and 'defamatory' content.

While the government's stand is that Intermediary Guidelines are only "of advisory nature and self-regulation" and that "it is not mandatory for the Intermediary to disable the information," the wording of the laws suggest otherwise.

For more details visit https://cis-india.org/news/times-of-india-ishan-srivastava-march-28-2013-parliament-panel-blasts-govt-over-ambiguous-internet-laws

Microsoft releases its first report on data requests by law enforcement agencies around the world

maria — 2013-07-12T12:19:31Z

In this post, the Centre for Internet and Society presents Microsoft´s report on law enforcement requests, with a focus on data requested by Indian law enforcement agencies.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Last week, Microsoft released its first report with data on the number of requests received from law enforcement agencies around the world relating to Microsoft online and cloud services. Microsoft´s newly released 2012 Law Enforcement Requests Report depicts the company's willingness to join the ranks of Google, Twitter and other Web businesses that publish transparency reports.

As of 30 June 2012, 137 million Indians are regular Internet users, many of which use Microsoft services including Skype, Hotmail, Outlook.com, SkyDrive and Xbox Live. Yet, until recently, it was unclear whether Indian law enforcement agencies were requesting data from our Skype calls, emails and other Microsoft services. Thus, Microsoft's release of a report on law enforcement requests is a decisive step in improving transparency in regards to how many requests for data are made by law enforcement agencies and how many requests are granted by companies. Brad Smith, an executive vice president and Microsoft´s general counsel, wrote in his blog post:

“As we continue to move forward, Microsoft is committed to respecting human rights, free expression and individual privacy.”

Microsoft 2012 Law Enforcement Requests

Democratic countries requested the most data during 2012, according to Microsoft´s report. The law enforcement agencies in the United States, the United Kingdom, Germany, France and Turkey accounted for 69 percent of the 70, 665 requests Microsoft (excluding Skype) received last year. Although India did not join the rank of the countries which made the fewest requests from Microsoft, it did not join the top-five league which accounted for the most requests, despite the country having one of the world´s highest number of Internet users.

Out of the 70,665 requests to Microsoft by law enforcement agencies around the world, only about 0.6 percent of the requests were made by Indian law enforcement agencies. These 418 requests specified 594 accounts and users, which is significantly low in comparison to the top-five and other countries, such as Taiwan, Spain, Mexico, Italy, Brazil and Australia. Indian law enforcement requests accounted for about 0.5 percent of the total 122, 015 accounts and user data that was requested by law enforcement agencies around the world.

Content data is defined by Microsoft as what customers create, communicate and store on or through their services, such as words in an e-mail or photographs and documents stored on SkyDrive or other cloud offerings. Non-content data, on the other hand, refers to basic subscriber information, such as the e-mail address, name, location and IP address captured at the time of registration. According to Microsoft´s 2012 report, the company did not disclose any content data to Indian law enforcement agencies. In fact, only 2.2 percent of requests from law enforcement agencies around the world resulted in the disclosure of content data, 99 percent of which were in response to warrants from courts in the United States. Microsoft may have not disclosed any of our content data, but 370 requests from Indian law enforcement agencies resulted in the disclosure of our non-content data. In other words, 88.5 percent of the requests by India resulted in the disclosure of e-mail addresses, IP addresses, names, locations and other subscriber information.

Out of the 418 requests made to Microsoft by Indian law enforcement agencies, only 4 were rejected (1 percent) and no data was found for 44 requests (10.5 percent). In total, Microsoft rejected the disclosure of 1.2 percent of the requests made by law enforcement agencies around the world, while data was not found for 16.8 percent of the international requests. Thus, the outcome of the data shows that the majority of the requests by Indian law enforcement agencies resulted in the disclosure of non-content data, while very few requests were rejected by Microsoft (excluding Skype). The following table summarizes the requests by Indian law enforcement agencies and their outcome:

Total number of requests	418 (0.6%)
Accounts/Users specified in requests	594 (0.5%)
Disclosure of content	0 (0%)
Disclosure of non-content data	370 (88.5%)
No data found	44 (10.5%)
Requests rejected	4 (1%)

Skype 2012 Law Enforcement Requests

Microsoft acquired Skype towards the end of 2011 and the integration of the two companies advanced considerably over the course of 2012. According to the Microsoft 2012 report, Indian law enforcement agencies made 53 requests for Skype user data and 101 requests for specified accounts on Skype. In other words, out of the total 4,715 requests for Skype user data by law enforcement agencies around the world, the requests by Indian law enforcement accounted for about 0.1 percent. 15,409 international requests were made for specified accounts on Skype, but Indian law enforcement requests only accounted for about 0.6 percent of those.

The report appears to be extremely reassuring, as it states that Skype did not disclose any content data to any law enforcement agencies around the world. That essentially means that, according to the report, that all the content we created and communicated through Skype during 2012 was kept private from law enforcement. Although Microsoft claims to not have disclosed any of our content data, it did disclose non-content data, such as SkypeID, name, email account, billing information and call detail records if a user subscribed to the Skype In/Online service, which connects to a telephone number. However, Microsoft did not report how many requests the company received for non-content data, nor how much data was disclosed and to which countries.

Microsoft reported that data was not found for 47 of India´s law enforcement requests, which represents 88.6 percent of the requests. In total, Microsoft reported that data was not found for about half the requests made by law enforcement agencies on an international level. Out of the 53 requests, Microsoft provided guidance to Indian law enforcement agencies for 10 requests. In particular, such guidance was provided either in response to a rejected request or general questions about the process for obtaining Skype user data. Yet, the amount of rejected requests for Skype user data was not included in the report and the guidance provided remains vague. The following table summarizes the requests by Indian law enforcement agencies for Skype user data and their outcome:

Total of requests	53 (0.1%)
Accounts/identifiers specified in requests	101 (0.6%)
Requests resulting in disclosure of content	0 (0%)
No data found	47 (88.6%)
Provided guidance to law enforcement	10 (18.8%)

The Centre for Internet and Society (CIS) supports the publication of Microsoft´s 2012 Law Enforcement Requests Report and encourages Microsoft (including Skype) to continue releasing such reports which can provide an insight on how much user data is being shared with law enforcement agencies around the world. In order to ensure that such reports adequately provide transparency, they should be broadened in the future to include more data, such as the amount of non-content data requests disclosed by Skype, the type of guidance provided to law enforcement agencies and the amount of requests rejected by Skype. Nonetheless, this report is a decisive first step in increasing transparency and further, more detailed reports are strongly encouraged.

For more details visit https://cis-india.org/internet-governance/blog/microsoft-releases-first-report-on-data-requests-by-law-enforcement-agencies

CIS Welcomes Standing Committee Report on IT Rules

pranesh — 2013-04-03T10:54:52Z

The Centre for Internet and Society welcomes the report by the Standing Committee on Subordinate Legislation, in which it has lambasted the government and has recommended that the government amend the Rules it passed in April 2011 under section 79 of the Information Technology Act.

Click to read the Parliamentary Standing Committee Report on the IT Rules. A modified version was published in CiOL on March 27, 2013.

These rules have been noted by many, including CIS, Software Freedom Law Centre, and Society for Knowledge Commons, and many eminent lawyers, as being unconstitutional. The Standing Committee, noting this, has asked the government to make changes to the Rules to ensure that the fundamental rights to freedom of speech and privacy are safeguarded, and that the principles of natural justice are respected when a person’s freedom of speech or privacy are curtailed.

Ambiguous and Over-reaching Language

The Standing Committee has noted the inherent ambiguity of words like "blasphemy", "disparaging", etc., which are used in the Intermediary Guidelines Rules, and has pointed out that unclear language can lead to harassment of people as has happened with Section 66A of the IT Act, and can lead to legitimate speech being removed. Importantly, the Standing Committee recognizes that many categories of speech prohibited by the Intermediary Guidelines Rules are not prohibited by any statute, and hence cannot be prohibited by the government through these Rules. Accordingly, the Standing Committee has asked the government to ensure "no new category of crimes or offences is created" by these Rules.

Government Confused Whether Rules Are Mandatory or Advisory

The Standing Committee further notes that there is a discrepancy in the government’s stand that the Intermediary Guidelines Rules are not mandatory, and are only "of advisory nature and self-regulation", and that "it is not mandatory for the Intermediary to disable the information, the rule does not lead to any kind of censorship". The Standing Committee points out the flaw in this, and notes that the language used in the rules is mandatory language (“shall act” within 36 hours). Thus, it rightly notes that there is a "need for clarity on the aforesaid contradiction". Further, it also notes that there is "there should be safeguards to protect against any abuse", since this is a form of private censorship by intermediaries."

Evidence Needed Against Foreign Websites

The government has told the Standing Committee that "foreign websites repeatedly refused to honour our laws", however, it has not provided any proof for this assertion. The government should make public all evidence that foreign web services are refusing to honour Indian laws, and should encourage a public debate on how we should tackle this problem in light of the global nature of the Internet.

Cyber Cafes Rules Violate Citizens’ Privacy

The Standing Committee also pointed out that the Cyber Cafe Rules violated citizens’ right to privacy in requiring that "screens of the computers installed other than in partitions and cubicles should face open space of the cyber café". Unfortunately, the Standing Committee did not consider the privacy argument against retention of extensive and intrusive logs. Under the Cyber Cafe Rules, cyber cafes are required to retain (for a minimum of one year) extensive logs, including that of "history of websites accessed using computer resource at cyber café" in such a manner that each website accessed can be linked to a person. The Committee only considered the argument that this would impose financial burdens on small cybercafes, and rejected that argument. CIS wishes the Committee had examined the provision on log maintenance on grounds of privacy as well."

Government’s Half-Truths

In one response, the government notes that "rules under Section 79 in particular have undergone scrutiny by High Courts in the country. Based on the Rules, the courts have given reliefs to a number of individuals and organizations in the country. No provision of the Rules notified under Sections 43A and 79 of the IT Act, 2000 have been held ultra vires."

What the government says is a half-truth. So far, courts have not struck down any of the IT Rules. But that is because none of the High Court cases in which the vires of the Rules have been challenged has concluded. So it is disingenuous of the government to claim that the Rule have "undergone scrutiny by High Courts". And in those cases where relief has been granted under the Intermediary Guidelines, the cases have been ex-parte or have been cases where the vires of the Rules have not been challenged. The government, if it wants to defend the Rules, should point out to any case in which the vires of the Rules have been upheld. Not a single court till date has declared the Rules to be constitutional when that question was before it.

Lack of Representation of Stakeholders in Policy Formulation

Lastly, the Standing Committee noted that it is not clear whether the Cyber Regulatory Advisory Committee (CRAC), which is responsible for policy guidance on the IT Act, has "members representing the interests of principally affected or having special knowledge of the subject matter as expressly stipulated in Section 88(2) of the IT Act". This is a problem that we at CIS also noted in November 2012, when the CRAC was reconstituted after having been defunct for more than a decade.

CIS hopes that the government finally takes note of the view of legal experts, the Standing Committee on Delegated Legislation, the Parliamentary motion against the Rules, and numerous articles and editorials in the press, and withdraws the Intermediary Guidelines Rules and the Cyber Cafe Rules, and instead replaces them with rules that do not infringe our constitutional rights.

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness, and engages in academic research on digital natives and digital humanities. It was among the organizations that submitted evidence to the Standing Committee on Subordinate Legislation on the IT Rules.

For more details visit https://cis-india.org/internet-governance/blog/cis-welcomes-standing-committee-report-on-it-rules

Driving in the Surveillance Society: Cameras, RFID tags and Black Boxes...

maria — 2013-07-12T15:26:33Z

In this post, Maria Xynou looks at red light cameras, RFID tags and black boxes used to monitor vehicles in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

How many times in your life have you heard of people been involved in car accidents and of pedestrians being hit by red-light-running vehicles? What if there could be a solution for all of this? Well, several countries, including the United States, the United Kingdom and Singapore, have already adopted measures to tackle vehicle accidents and fatalities, some of which include traffic enforcement cameras and other security measures. India is currently joining the league by not only installing red light cameras, but by also including radio frequency identification (RFID) tags on vehicles´ number plates, as well as by installing electronic toll collection systems and black boxes in some automobiles. Although such measures could potentially increase our safety, privacy concerns have arisen as it remains unclear how data collected will be used.

Red light cameras

Last week, the Chennai police announced that it plans to install traffic enforcement cameras, otherwise known as red light cameras, at 240 traffic signals over the next months, in order to put an end to car thefts in the city. Red light cameras, which capture images of vehicles entering an intersection against a red traffic light, have been installed in Bangalore since early 2008 and a study indicates that they have reduced the traffic violation rates. A 2003 report by the National Cooperative Highway Research Programme (NCHRP) examined studies from the previous 30 years in the United States, the United Kingdom, Australia and Singapore and concluded that red light cameras ´improve the overall safety of intersections when they are used´.

However, how are traffic violation rates even measured? According to Barbara Langland Orban, an associate professor of health policy and management at the University of South Florida:

“Safety is measured in crashes, in particular injury crashes, and violations are not a proxy for injuries. Also, violations can be whatever number an agency chooses to report, which is called an ‘endogenous variable’ in research and not considered meaningful as the number can be manipulated. In contrast, injuries reflect the number of people who seek medical care, which cannot be manipulated by the reporting methods of jurisdictions.”

Last year, the Bombay state government informed the High Court that the 100 CCTV cameras installed at traffic junctions in 2006-2007 were unsuitable for traffic enforcement because they lacked the capacity of automatic processing. Nonetheless, red light cameras, which are capable of monitoring speed and intersections with stop signals, are currently being proliferated in India. Yet, questions remain: Do red light cameras adequately increase public safety? Do they serve financial interests? Do they violate driver´s due-process rights?

RFID tags and Black Boxes

A communication revolution is upon us, as Maharashtra state transport department is currently including radio frequency identification (RFID) tags on each and every number plate of vehicles. This ultimately means that the state will be able to monitor your vehicle´s real-time movement and track your whereabouts. RFID tags are not only supposedly used to increase public safety by tracking down offenders, but to also streamline public transport timetables. Thus, the movement of buses and cars would be precisely monitored and would provide passengers minute-to-minute information at bus stops. Following the 2001 amendment of Rule 50 of the Central Motor Vehicles Rules, 1989, new number plates with RFID tags have been made mandatory for all types of motor vehicles throughout India.

RFID technology has also been launched at Maharashtra´s state border check-posts. Since last year, the state government has been circulating RFID stickers to trucks, trailers and tankers, which would not only result in heavy goods vehicles not having to wait in long queues for clearance at check-posts, but would also supposedly put an end to corruption by RTO officials.

By 31 March 2014, it is estimated that RFID-based electronic toll collection (ETC) systems will be installed on all national highways in India. According to Dr. Joshi, the Union Minister for Road Transport and Highways:

“The RFID technology shall expedite the clearing of traffic at toll plazas and the need of carrying cash shall also be eliminated when toll plazas shall be duly integrated with each other throughout India.”

Although Dr. Joshi´s mission to create a quality highway network across India and to increase the transparency of the system seems rational, the ETC system raises privacy concerns, as it uniquely identifies each vehicle, collects data and provides general vehicle and traffic monitoring. This could potentially lead to a privacy violation, as India currently lacks adequate statutory provisions which could safeguard the use of our data from potential abuse. All we know is that our vehicles are being monitored, but it remains unclear how the data collected will be used, shared and retained, which raises concerns.

The cattle and pedestrians roaming the streets in India appear to have increased the need for the installation of an Event Data Recorder (EDR), otherwise known as a black box, which is a device capable of recording information related to crashes or accidents. The purpose of a black box is to record the speed of the vehicle at the point of impact in the case of an accident and whether the driver had applied the brakes. This would help insurance companies in deciding whether or not to entertain insurance claims, as well as to determine whether a driver is responsible for an accident.

Black boxes for vehicles are already being designed, tested and installed in some vehicles in India at an affordable cost. In fact, manufacturers in India have recommended that the government make it mandatory for cars to be fitted with the device, rather than it being optional. But can we have privacy when our cars are being monitored? This is essentially a case of proactive monitoring which has not been adequately justified yet, as it remains unclear how information would be used, who would be authorised to use and share such information, and whether its use would be accounted for to the individual.

Are monitored cars safer?

The trade-off is clear: the privacy and anonymity of our movement is being monitored in exchange for the provision of safety. But are we even getting any safety in return? According to a 2005 Federal Highway Administration study, although it shows a decrease in front-into-side crashes at intersections with cameras, an increase in rear-end crashes has also been proven. Other studies of red light cameras in the US have shown that more accidents have occurred since the installation of traffic enforcement cameras at intersections. Although no such research has been undertaken in India yet, the effectiveness, necessity and utility of red light cameras remain ambiguous.

Furthermore, there have been claims that the installation of red light cameras, ETCs, RFID tags, black boxes and other technologies do not primarily serve the purpose of public security, but financial gain. A huge debate has arisen in the United States on whether such monitoring of vehicles actually improves safety, or whether its primary objective is to serve financial interests. Red light cameras have already generated about $1.5 million in fines in the Elmwood village of Ohio, which leads critics to believe that the installation of such cameras has more to do with revenue enhancement than safety. The same type of question applies to India and yet a clear-cut answer has not been reached.

Companies which manufacture vehicle tracking systems are widespread in India, which constitutes the monitoring of our cars a vivid reality. Yet, there is a lack of statutory provisions in India for the privacy of our vehicle´s real-time movement and hence, we are being monitored without any safeguards. Major privacy concerns arise in regards to the monitoring of vehicles in India, as the following questions have not been adequately addressed: What type of data is collected in India through the monitoring of vehicles? Who can legally authorize access to such data? Who can have access to such data and under what conditions? Is data being shared between third parties and if so, under what conditions?How long is such data being retained for?

And more importantly: Why is it important to address the above questions? Does it even matter if the movement of our vehicles is being monitored? How would that affect us personally? Well, the monitoring of our cars implies a huge probability that it´s not our vehicles per se which are under the microscope, but us. And while the tracking of our movement might not end us up arrested, interrogated, tortured or imprisoned tomorrow...it might in the future. As long as we are being monitored, we are all suspects and we may potentially be treated as any other offender who is suspected to have committed a crime. The current statutory omission in India to adequately regulate the use of traffic enforcement cameras, RFID tags, black boxes and other technologies used to track and monitor the movement of our vehicles can potentially violate our due process rights and infringe upon our right to privacy and other human rights. Thus, the collection, access, use, analysis, sharing and retention of data acquired through the monitoring of vehicles in India should be strictly regulated to ensure that we are not exposed to our defenceless control.

Maneuvering our monitoring

Nowadays, surveillance appears to be the quick-fix solution for everything related to public security; but that does not need to be the case.

Instead of installing red light cameras monitoring our cars´ movements and bombarding us with fines, other ´simple´ measures could be enforced in India, such as increasing the duration of the yellow light between the green and the red, re-timing lights so drivers will encounter fewer red ones or increasing the visibility distance of the traffic lights so that it is more likely for a driver to stop. Such measures should be enforced by governments, especially since the monitoring of our vehicles is not adequately justified.

Strict laws regulating the use of all technologies monitoring vehicles in India, whether red light cameras, RFID tags or black boxes, should be enacted now. Such regulations should clearly specify the terms of monitoring vehicles, as well as the conditions under which data can be collected, accessed, shared, used, processed and stored. The enactment of regulations on the monitoring of vehicles in India could minimize the potential for citizens´ due process rights to be breached, as well as to ensure that their right to privacy and other human rights are legally protected. This would just be another step towards preventing ubiquitous surveillance and if governments are interested in protecting their citizens´ human rights as they claim they do, then there is no debate on the necessity of regulating the monitoring of our vehicles. The question though which remains is:

Should we be monitored at all?

For more details visit https://cis-india.org/internet-governance/blog/driving-in-the-surveillance-society-cameras-rfid-black-boxes

The Privacy (Protection) Bill 2013: A Citizen's Draft

bhairav — 2013-07-12T11:50:20Z

The Centre for Internet and Society has been researching privacy in India since 2010 with the objective of raising public awareness around privacy, completing in depth research, and driving a privacy legislation in India. As part of this work, Bhairav Acharya has drafted the Privacy (Protection) Bill 2013.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

The Privacy (Protection) Bill 2013 contains provisions that speak to data protection, interception, and surveillance. The Bill also establishes the powers and functions of the Privacy Commissioner, and lays out offenses and penalties for contravention of the Bill. The Bill represents a citizen's version of a possible privacy legislation for India, and will be shared with key stakeholders including civil society, industry, and government.

Click to download a full draft of the Privacy (Protection) Bill, 2013.

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-citizens-draft

Future of Privacy in India

praskrishna — 2013-03-26T05:14:45Z

DSCI and ICOMP are organizing a meet on Privacy at the Oberoi Hotel in New Delhi on April 5, 2013. Sunil Abraham will be participating in this event as a speaker.

In recent years, there has been an increasing deployment of ICT in the collection of personal information by both private sector and state agencies. Data is a reason for empowerment for both commercial and public purposes. The prolific use of the Internet for search, social networking cloud computing and e-commerce transactions places increasing amounts of personal information and Internet history in hands of dominant private sector players. Data is undeniably the capital of the Internet. While technology has evolved to be able to collect, store and mine increasing amounts of data for improved public services or for commercial purposes, there are understandable concerns over the lack of accountability for the purposes and limits of the use of personal data. These concerns demand an appropriate regulatory framework for Privacy.

As an important step toward formulating the privacy bill, an Expert Group headed by Justice A P Shah provides inputs based on a study of the international landscape of privacy laws, along with the predominant privacy concerns ensuing from technological advancements. The Committee’s report, submitted in Oct 2012 has recommended Nine Principles as the cornerstone for privacy legislation. While the Privacy Act is under development, DSCI and iCOMP are organizing a meet focusing on the following areas:

Outline an appropriate Indian context for privacy: the nine principles
Presentation of the state of play on privacy in key markets (practices, Issues, regulatory interventions)
Analyse the scope and implications of data collection by public agencies in India.
Analyse privacy challenges and risks related to commercial use of data collected on the Internet by private players
Consider how India can address these challenges and enshrine privacy principles in legislation

Key Speakers

Dr. Gulshan Rai, DG, CERT-In*

Mr. Simon Davis, London School of Economics

Mr. Manoj Joshi, JS, DOPT*

Mr. Kanta Roy, CEO, NeGD*

Dr. Kamlesh Bajaj, CEO, DSCI

Mr. Sunil Abraham, ED, CIS

* To be confirmed

Event Flow

Opening Remark by Mr. S V Divvaakar, Executive Director, ICOMP
Framework for Privacy Regulation in India, By Dr. Kamlesh Bajaj, CEO, DSCI
Keynote Address
‘Privacy :The International state of play’, by Mr. Simon Davis, London School of Economics
Panel Discussion 1: Context of Privacy in India
Panel Discussion 2: Business responsibility in the age of ‘data driven’ transformations

Date: April 5, 2013
Time: 9.00 a.m. to 1.00 p.m.
Venue: Oberoi Hotel, Nilgiri Room, New Delhi

For more details visit https://cis-india.org/news/future-of-privacy-in-india-on-april-5-2013-at-oberoi-hotel-new-delhi

Press controls ‘send wrong message to rest of world’

praskrishna — 2013-03-26T04:51:54Z

Britain could trigger an international media crackdown if the Government goes ahead with plans for a Royal Charter to introduce a new Press regulator, free speech campaigners warned yesterday.

Read the article written by Jerome Starkey from Johannesburg, Francis Elliott from Delhi and David Brown. It was published in the Times on March 21, 2013. Sunil Abraham is quoted.

Oppressive regimes will use the example of the planned regulation in Britain to justify tighter controls on their own media, it was claimed. Campaigners from across the Commonwealth are preparing to urge the Queen not to approve the Royal Charter when it is presented by the Privy Council on May 8. Senior journalists and campaigners in Africa and Asia accused Britain of “chilling media freedom” by legitimising state interference in the media.

Phenyo Butale, the director of South Africa’s Freedom of Expression Institute, said: “African governments have shown they are uncomfortable with free press acting as a watchdog, holding them to account. A move to statutory regulation in the UK would really be a gift for them.”

In Somalia, one of the most dangerous countries in the world to be a journalist, reporters said that they were alarmed by the British plans. “It’s alarming that the British Government is regulating the freedom of its press,” said Mohammed Ibrahim, secretary-general of the Somali Union of Journalists.

Sunil Abraham, director of the Centre for Internet and Society, a Bangalore-based organisation that campaigns against the Indian Government’s often heavy-handed attempts to regulate online content, said that the UK had surrendered the moral high ground in an important international debate.

“The UK has traditionally made free speech an important component of their foreign policy and when their own internal actions contradict their external position . . . they no longer have any influence on the Indian situation,” he said.

The Editorial Board of The New York Times wrote that the proposed regulation would “do more harm than good”, adding: “It is worth keeping in mind that journalists at newspapers like The Guardianand The [New York] Times, not the police, first brought to light the scope and extent of hacking by British tabloids. It would be perverse if regulations . . . ended up stifling the kind of hard-hitting investigative journalism that brought it to light in the first place.”

Mumsnet, one of the most popular blogging sites, has sought a guarantee from the Government that it would not be caught by the regulations. The Department for Culture, Media and Sport told the website that it “will ultimately be for the court to decide on the definition of a ‘relevant publisher’ ” covered by the new regulations “but our view is that Mumsnet would not be covered by the new regime”.

Justine Roberts, the website’s founder, has asked to be specifically included in the list of exempted websites.

The House of Lords will vote on Monday on the definition of “relevant publisher” when peers consider new amendments to the Crime and Courts Bill. Some of Britain’s major newspaper and magazine publishers have indicated that they will not join the new regulator.

For more details visit https://cis-india.org/news/the-times-uk-jerome-starkey-francis-elliott-david-brown-march-21-2013-press-controls-send-wrong-message-to-rest-of-world

India’s Civil Liberties Crisis: Of Bans, Blocks, Bullying and Biometrics

praskrishna — 2013-03-25T10:39:43Z

Malavika Jayaram will be a speaker at this event which is organized by the Center for Global Communication Studies and will be held at Annenberg School of Communication, University of Pennslyvania, Philadelphia, on March 28, 2013, from 12 p.m. to 1.30 p.m.

Read about the event on the website of the Center for Global Communication Studies.

Unlike the US First Amendment, the first amendment to the Constitution of India actually strengthened state regulation over freedom of speech. Irony aside, the amendment that is considered by many scholars as the first media crisis in post-colonial India has increasing relevance today. Its prioritization of sovereignty and national security over democratic rights and institutions has resulted in a zone of contestation between nation building and free speech. This is playing out through a series of battles involving website blocking, book banning, biometric databases and bullying of all kinds.

In the last few months, an all-girl rock band in Kashmir was silenced, a village in Bihar banned women and girls from using mobile phones, and we had yet another Salman Rushdie controversy. Movies were blocked. Facebook and Google were taken to court for hosting objectionable content. Paintings were removed from an art gallery at the “suggestion” of the police because they depicted Hindu deities as semi-nude. At the same time, there was a drive to digitize governance and to build biometric databases to enumerate and record every individual. The impacts on free speech, anonymity, and privacy were considered fair game in the drive towards progress, inclusion, and maintenance of public order.

The relationship between the citizen and the state is undergoing a radical transformation mediated by the marriage of welfare schemes and commercial interests. The privacy of one’s body and identity is challenged by initiatives to capture fingerprints, irises, faces, and transactions. The heckler’s vote is increasingly powerful in silencing free expression. Civil society is under siege for resisting the onslaught of draconian legislation, arbitrary restrictions, and the banning of various forms of cultural output. Narratives are being constructed that attribute all civic engagement with “western values” and with being mouthpieces of foreign interests.

In this talk, I will give an overview of the strands of discord that are forming the fabric of India’s latest crisis of democracy. I will unpack some of the rhetoric behind the government’s drive to grasp the individual, and make the citizen visible to the state in an unprecedented manner. I will also discuss my experiences working with civil society in India, and the tools and techniques used to engage with policy formation and to adapt to the future of advocacy.

A dual-qualified lawyer, Malavika Jayaram spent eight years in London - with global law firm Allen & Overy in the Communications, Media & Technology group, and then with Citigroup. She relocated to India in 2006, and wears 3 hats as a practising lawyer, a Fellow at the Centre for Internet and Society (CIS) and a PhD scholar. As a partner at Jayaram & Jayaram, Bangalore, she focuses on corporate/tech transactions and has a special interest in new media and the arts. At CIS, Malavika collaborates on projects that study legislative and policy changes in the internet governance and privacy domains. As a PhD scholar, she is looking at data protection and privacy in India, with a special focus on e-governance schemes and the new biometric ID project.

A graduate of the National Law School of India, she has an LL.M. from Northwestern University, Chicago. She is on the advisory board of the Indian Journal of Law & Technology and is the author of the India chapter for the Data Protection & Privacy volume in the Getting the Deal Through series, launched this year. She is one of 10 Indian lawyers featured in “The International Who's Who of Internet e- Commerce & Data Protection Lawyers 2012” directory.

She is currently running a research project for Internews, studying internet policy in India. This will produce a landscape overview and interviews with various stakeholders in this domain.

For more details visit https://cis-india.org/news/global-asc-upenn-events-indias-civil-liberties-crisis

Internet Censorship, Surveillance, and Corporate Transparency

praskrishna — 2013-03-25T10:29:50Z

Google’s Dorothy Chou will be in conversation with international experts Annenberg School of Communication, St., Philadelphia, on April 3, 2013, from 4.30 p.m. to 6.00 p.m. Malavika Jayaram is participating in the event as a panelist. The event is organised by Center for Global Communication Studies and Annenberg School for Communication, University of Pennsylvania.

Read full details of the event was published on the website of Center for Global Communication Studies.

Since mid 2010 Google has been publishing data about the requests it receives from governments to remove content or hand over user data. This regularly updated Transparency Report reveals alarming trends: Government surveillance is on the rise, everywhere. Even worse, a large number of government censorship and surveillance requests are of dubious legality even according to the host countries’ own laws. In a world where citizens increasingly rely on digital products and services owned and operated by private corporations for their civic and political lives, the implications for human rights and democracy around the world are troubling.

Dorothy Chou, Senior Policy Analyst who leads Google's efforts to increase transparency about how it responds to government censorship and surveillance demands, will discuss Google's Transparency Report with Rebecca MacKinnon, Senior Fellow at the New America Foundation and an international panel of experts:

Ronald Lemos, the Director of the Center for Technology and Society at the Fundação Getúlio Vargas (FGV) School of Law in Rio de Janeiro, Brazil

Hu Yong, Associate Professor, Peking University School of Journalism and Communication

Malavika Jayaram, Fellow, Center for Internet and Society, Bangalore and Annenberg CGCS;

Gregory Asmolov, PhD Candidate, London School of Economics; Global Voices "RuNet Echo" contributor and Russian social media expert.

This event is part of the cross-disciplinary, university-wide “New Technologies, Human Rights, and Transparency” project funded by the university’s Global Engagement Fund and hosted by Annenberg’s Center for Global Communications Studies in partnership with Wharton, PennLaw, Engineering, and the School of Arts and Sciences. The project aims to examine the relationship between government and corporate power in today’s digitally networked world, bringing together research partners from across the university and around the world to develop a methodology to evaluate and compare the policies and practices of Information and Communication Technology (ICT) companies as they affect Internet users’ freedom expression and privacy in a human rights context.

For more details visit https://cis-india.org/news/global-asc-upenn-events-internet-censorship-surveillance-and-corporate-transparency