Centre for Internet and Society

The Short-lived Adventure of India’s Encryption Policy

bhairav — 2015-11-29T09:03:42Z

Written for the Berkeley Information Privacy Law Association (BIPLA).

During his recent visit to Silicon Valley, Indian Prime Minister Narendra Modi said his government was “giving the highest importance to data privacy and security, intellectual property rights and cyber security”. But a proposed national encryption policy circulated in September 2015 would have achieved the opposite effect.

The policy was comically short-lived. After its poorly-drafted provisions invited ridicule, it was swiftly withdrawn. But the government has promised to return with a fresh attempt to regulate encryption soon. The incident highlights the worrying assault on communications privacy and free speech in India, a concern compounded by the enormous scale of the telecommunications and Internet market.

Even with only around 26 percent of its population online, India is already the world’s second-largest Internet user, recently overtaking the United States. The number of Internet users in India is set to grow exponentially, spurred by ambitious governmental schemes to build a ‘Digital India’ and a country-wide fiber-optic backbone. There will be a corresponding increase in the use of the Internet for communicating and conducting commerce.

Encryption on the Internet

Encryption protects the security of Internet users from invasions of privacy, theft of data, and other attacks. By applying an algorithmic cipher (key), ordinary data (plaintext) is encoded into an unintelligible form (ciphertext), which is decrypted using the key. The ciphertext can be intercepted but will remain unintelligible without the key. The key is secret.

There are several methods of encryption. SSL/TLS, a family of encryption protocols, is commonly used by major websites. But while some companies encrypt sensitive data, such as passwords and financial information, during its transit through the Internet, most data at rest on servers is largely unencrypted. For instance, email providers regularly store plaintext messages on their servers. As a result, governments simply demand and receive backdoor access to information directly from the companies that provide these services. However, governments have long insisted on blanket backdoor access to all communications data, both encrypted and unencrypted, and whether at rest or in transit.

On the other hand, proper end-to-end encryption – full encryption from the sender to recipient, where the service provider simply passes on the ciphertext without storing it, and deletes the metadata – will defeat backdoors and protect privacy, but may not be profitable. End-to-end encryption alarms the surveillance establishment, which is why British Prime Minister David Cameron wants to ban it, and many in the US government want Silicon Valley companies to stop using it.

Communications privacy

Instead of relying on a company to secure communications, the surest way to achieve end-to-end encryption is for the sender to encrypt the message before it leaves her computer. Since only the sender and intended recipient have the key, even if the data is intercepted in transit or obtained through a backdoor, only the ciphertext will be visible.

For almost all of human history, encryption relied on a single shared key; that is, both the sender and recipient used a pre-determined key. But, like all secrets, the more who know it, the less secure the key becomes. From the 1970s onwards, revolutionary advances in cryptography enabled the generation of a pair of dissimilar keys, one public and one private, which are uniquely and mathematically linked. This is asymmetric or public key cryptography, where the private key remains an exclusive secret. It offers the strongest protection for communications privacy because it returns autonomy to the individual and is immune to backdoors.

For those using public key encryption, Edward Snowden’s revelation that the NSA had cracked several encryption protocols including SSL/TLS was worrying. Brute-force decryption (the use of supercomputers to mathematically attack keys) questions the integrity of public key encryption. But, since the difficulty of code-breaking is directly proportional to key size, notionally, generating longer keys will thwart the NSA, for now.

The crypto-wars in India

Where does India’s withdrawn encryption policy lie in this landscape of encryption and surveillance? It is difficult to say. Because it was so badly drafted, understanding the policy was a challenge. It could have been a ham-handed response to commercial end-to-end encryption, which many major providers such as Apple and WhatsApp are adopting following consumer demand. But curiously, this did not appear to be the case, because the government later exempted WhatsApp and other “mass use encryption products”.

The Indian establishment has a history of battling commercial encryption. From 2008, it fought Blackberry for backdoor access to its encrypted communications, coming close to banning the service, which dissipated only once the company lost its market share. There have been similar attempts to force Voice over Internet Protocol providers to fall in line, including Skype and Google. And there is a new thrust underway to regulate over-the-top content providers, including US companies.

The policy could represent a new phase in India’s crypto-wars. The government, emboldened by the sheer scale of the country’s market, might press an unyielding demand for communications backdoors. The policy made no bones of this desire: it sought to bind communications companies by mandatory contracts, regulate key-size and algorithms, compel surrender of encryption products including “working copies” of software (the key generation mechanism), and more.

The motives of regulation

The policy’s deeply intrusive provisions manifest a long-standing effort of the Indian state to dominate communications technology unimpeded by privacy concerns. From wiretaps to Internet metadata, intrusive surveillance is not judicially warranted, does not require the demonstration of probable cause, suffers no external oversight, and is secret. These shortcomings are enabling the creation of a sophisticated surveillance state that sits ill with India’s constitutional values.

Those values are being steadily besieged. India’s Supreme Court is entertaining a surge of clamorous litigation to check an increasingly intrusive state. Only a few months ago, the Attorney-General – the government’s foremost lawyer – argued in court that Indians did not have a right to privacy, relying on 1950s case law which permitted invasive surveillance. Encryption which can inexpensively lock the state out of private communications alarms the Indian government, which is why it has skirmished with commercially-available encryption in the past.

On the other hand, the conflict over encryption is fueled by irregular laws. Telecoms licensing regulations restrict Internet Service Providers to 40-bit symmetric keys, a primitively low standard; higher encryption requires permission and presumably surrender of the shared key to the government. Securities trading on the Internet requires 128-bit SSL/TLS encryption while the country’s central bank is pushing for end-to-end encryption for mobile banking. Seen in this light, the policy could simply be an attempt to rationalize an uneven field.

Encryption and freedom

Perhaps the government was trying to restrict the use of public key encryption and Internet anonymization services, such as Tor or I2P, by individuals. India’s telecoms minister stated: “The purport of this encryption policy relates only to those who encrypt.” This was not particularly illuminating. If the government wants to pre-empt terrorism – a legitimate duty, this approach is flawed since regardless of the law’s command arguably no terrorist will disclose her key to the government. Besides, since there are very few Internet anonymizers in India who are anyway targeted for special monitoring, it would be more productive for the surveillance establishment to maintain the status quo.

This leaves harmless encrypters – businesses, journalists, whistle blowers, and innocent privacy enthusiasts. For this group, impediments to encryption interferes with their ability to freely communicate. There is a proportionate link between encryption and the freedom of speech and expression, a fact acknowledged by Special Rapporteur David Kaye of the UN Human Rights Council, where India is a participating member. Kaye notes: “Encryption and anonymity are especially useful for the development and sharing of opinions, which often occur through online correspondence such as e-mail, text messaging, and other online interactions.”

This is because encryption affords privacy which promotes free speech, a relationship reiterated by the previous UN Special Rapporteur, Frank La Rue. On the other hand, surveillance has a “chilling effect” on speech. In 1962, Justice Subba Rao’s famous dissent in the Indian Supreme Court presciently connected privacy and free speech:

The act of surveillance is certainly a restriction on the [freedom of speech]. It cannot be suggested that the said freedom…will sustain only the mechanics of speech and expression. An illustration will make our point clear. A visitor, whether a wife, son or friend, is allowed to be received by a prisoner in the presence of a guard. The prisoner can speak with the visitor; but, can it be suggested that he is fully enjoying the said freedom? It is impossible for him to express his real and intimate thoughts to the visitor as fully as he would like. To extend the analogy to the present case is to treat the man under surveillance as a prisoner within the confines of our country and the authorities enforcing surveillance as guards. So understood, it must be held that the petitioner’s freedom under [the right to free speech under the Indian] Constitution is also infringed.

Kharak Singh v. State of Uttar Pradesh (1964) 1 SCR 332, pr. 30.

Perhaps the policy expressed the government’s discomfort at individual encrypters escaping surveillance, like free agents evading the state’s control. How should the law respond to this problem? Daniel Solove says the security of the state need not compromise individual privacy. On the other hand, as Ronald Dworkin influentially maintained, the freedoms of the individual precede the interests of the state.

Security and trade interests

However, even when assessed from the perspective of India’s security imperatives, the policy would have had harmful consequences. It required users of encryption, including businesses and consumers, to store plaintext versions of their communications for ninety days to surrender to the government upon demand. This outrageously ill-conceived provision would have created real ‘honeypots’ (originally, honeypots are decoy servers to lure hackers) of unencrypted data, ripe for theft. Note that India does not have a data breach law.

The policy’s demand for encryption companies to register their products and give working copies of their software and encryption mechanisms to the Indian government would have flown in the face of trade secrecy and intellectual property protection. The policy’s hurried withdrawal was a public relations exercise on the eve of Prime Minister Modi’s visit to Silicon Valley. It was successful. Modi encountered no criticism of his government’s visceral opposition to privacy, even though the policy would have severely disrupted the business practices of US communications providers operating in India.

Encryption invites a convergence of state interests between India and US as well: both countries want to control it. Last month’s joint statement from the US-India Strategic and Commercial Dialogue pledges “further cooperation on internet and cyber issues”. This innocuous statement masks a robust information-gathering and -sharing regime. There is no guarantee against the sharing of any encryption mechanisms or intercepted communications by India.

The government has promised to return with a reworked proposal. It would be in India’s interest for this to be preceded by a broad-based national discussion on encryption and its links to free speech, privacy, security, and commerce.

Click to read the post published on Free Speech / Privacy / Technology website.

For more details visit https://cis-india.org/internet-governance/blog/the-short-lived-adventure-of-india2019s-encryption-policy

The National Privacy Roundtable Meetings

bhairav — 2014-03-21T10:03:44Z

The Centre for Internet & Society ("CIS"), the Federation of Indian Chambers of Commerce and Industry ("FICCI"), the Data Security Council of India ("DSCI") and Privacy International are, in partnership, conducting a series of national privacy roundtable meetings across India from April to October 2013. The roundtable meetings are designed to discuss possible frameworks to privacy in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Background: The Roundtable Meetings and Organisers

CIS is a Bangalore-based non-profit think-tank and research organisation with interests in, amongst other fields, the law, policy and practice of free speech and privacy in India. FICCI is a non-governmental, non-profit association of approximately 250,000 Indian bodies corporate. It is the oldest and largest organisation of businesses in India and represents a national corporate consensus on policy issues. DSCI is an initiative of the National Association of Software and Service Companies, a non-profit trade association of Indian information technology ("IT") and business process outsourcing ("BPO") concerns, which promotes data protection in India. Privacy International is a London-based non-profit organisation that defends and promotes the right to privacy across the world.

Privacy in the Common Law and in India

Because privacy is a multi-faceted concept, it has rarely been singly regulated. A taxonomy of privacy yields many types of individual and social activity to be differently regulated based on the degree of harm that may be caused by intrusions into these activities.[1]

The nature of the activity is significant; activities that are implicated by the state are attended by public law concerns and those conducted by private persons inter se demand market-based regulation. Hence, because the principles underlying warranted police surveillance differ from those prompting consensual collections of personal data for commercial purposes, legal governance of these different fields must proceed differently. For this and other reasons, the legal conception of privacy — as opposed to its cultural construction – has historically been diverse and disparate.

Traditionally, specific legislations have dealt separately with individual aspects of privacy in tort law, constitutional law, criminal procedure and commercial data protection, amongst other fields. The common law does not admit an enforceable right to privacy.[2] In the absence of a specific tort of privacy, various equitable remedies, administrative laws and lesser torts have been relied upon to protect the privacy of claimants.[3]

The question of whether privacy is a constitutional right has been the subject of limited judicial debate in India. The early cases of Kharak Singh (1964)[4] and Gobind (1975)[5] considered privacy in terms of physical surveillance by the police in and around the homes of suspects and, in the latter case, the Supreme Court of India found that some of the Fundamental Rights “could be described as contributing to the right to privacy” which was nevertheless subject to a compelling public interest. This inference held the field until 1994 when, in the Rajagopal case (1994),[6] the Supreme Court, for the first time, directly located privacy within the ambit of the right to personal liberty guaranteed by Article 21 of the Constitution of India. However, Rajagopal dealt specifically with a book, it did not consider the privacy of communications. In 1997, the Supreme Court considered the question of wiretaps in the PUCL case (1996)[7] and, while finding that wiretaps invaded the privacy of communications, it continued to permit them subject to some procedural safeguards.[8] A more robust statement of the right to privacy was made recently by the Delhi High Court in the Naz Foundation case (2011)[9] that de-criminalised consensual homosexual acts; however, this judgment is now in appeal.

Attempts to Create a Statutory Regime

The silence of the common law leaves the field of privacy in India open to occupation by statute. With the recent and rapid growth of the Indian IT and BPO industry, concerns regarding the protection of personal data to secure privacy have arisen. In May 2010, the European Union ("EU") commissioned an assessment of the adequacy of Indian data protection laws to evaluate the continued flow of personal data of European data subjects into India for processing. That assessment made adverse findings on the adequacy and preparedness of Indian data protection laws to safeguard personal data.[10]

Conducted amidst negotiations for a free trade agreement between India and the EU, the failed assessment potentially impeded the growth of India’s outsourcing industry that is heavily reliant on European and North American business.

Consequently, the Department of Electronics and Information Technology of the Ministry of Communications and Information Technology, Government of India, issued subordinate legislation under the rule-making power of the Information Technology Act, 2000 ("IT Act"), to give effect to section 43A of that statute. These rules – the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("Personal Data Rules")[11] — were subsequently reviewed by the Committee on Subordinate Legislation of the 15^th Lok Sabha.[12] The Committee found that the Personal Data Rules contained clauses that were ambiguous, invasive of privacy and potentially illegal.[13]

In 2011, a draft privacy legislation called the ‘Right to Privacy Bill, 2011’, which was drafted within the Department of Personnel and Training ("DoPT") of the Ministry of Personnel, Public Grievances and Pensions, Government of India, was made available on the internet along with several file notings ("First DoPT Bill"). The First DoPT Bill contained provisions for the regulation of personal data, interception of communications, visual surveillance and direct marketing. The First DoPT Bill was referred to a Committee of Secretaries chaired by the Cabinet Secretary which, on 27 May 2011, recommended several changes including re-drafts of the chapters relating to interception of communications and surveillance.

Aware of the need for personal data protection laws to enable economic growth, the Planning Commission constituted a Group of Experts under the chairmanship of Justice Ajit P. Shah, a retired Chief Justice of the Delhi High Court who delivered the judgment in the Naz Foundation case, to study foreign privacy laws, analyse existing Indian legal provisions and make specific proposals for incorporation into future Indian law. The Justice Shah Group of Experts submitted its Report to the Planning Commission on 16 October 2012 wherein it proposed the adoption of nine National Privacy Principles.[14] These are the principles of notice, choice and consent, collection limitation, purpose limitation, disclosure of information, security, openness, and accountability. The Report recommended the application of these principles in laws relating to interception of communications, video and audio recordings, use of personal identifiers, bodily and genetic material, and personal data.

Criminal Procedure and Special Laws Relating to Privacy

While the Kharak Singh and Gobind cases first brought the questions of permissibility and limits of police surveillance to the Supreme Court, the power to collect information and personal data of a person is firmly embedded in Indian criminal law and procedure. Surveillance is an essential condition of the nation-state; the inherent logic of its foundation requires the nation-state to perpetuate itself by interdicting threats to its peaceful existence. Surveillance is a method by which the nation-state’s agencies interdict those threats. The challenge for democratic countries such as India is to find the optimal balance between police powers of surveillance and the essential freedoms of its citizens, including the right to privacy.

The regime governing the interception of communications is contained in section 5(2) of the Indian Telegraph Act, 1885 ("Telegraph Act") read with rule 419A of the Indian Telegraph Rules, 1951 ("Telegraph Rules"). The Telegraph Rules were amended in 2007[15] to give effect to, amongst other things, the procedural safeguards laid down by the Supreme Court in the PUCL case. However, India’s federal scheme permits States to also legislate in this regard. Hence, in addition to the general law on interceptions contained in the Telegraph Act and Telegraph Rules, some States have also empowered their police forces with interception functions in certain cases.[16] Ironically, even though some of these State laws invoke heightened public order concerns to justify their invasions of privacy, they establish procedural safeguards based on the principle of probable cause that surpasses the Telegraph Rules.

In addition, further subordinate legislation issued to fulfil the provisions of sections 69(2) and 69B(3) of the IT Act permit the interception and monitoring of electronic communications — including emails — to collect traffic data and to intercept, monitor, and decrypt electronic communications.[17]

The proposed Privacy (Protection) Bill, 2013 and Roundtable Meetings

In this background, the proposed Privacy (Protection) Bill, 2013 seeks to protect privacy by regulating (i) the manner in which personal data is collected, processed, stored, transferred and destroyed — both by private persons for commercial gain and by the state for the purpose of governance; (ii) the conditions upon which, and procedure for, interceptions of communications — both voice and data communications, including both data-in-motion and data-at-rest — may be conducted and the authorities permitted to exercise those powers; and, (iii) the manner in which forms of surveillance not amounting to interceptions of communications — including the collection of intelligence from humans, signals, geospatial sources, measurements and signatures, and financial sources — may be conducted.

Previous roundtable meetings to seek comments and opinion on the proposed Privacy (Protection) Bill, 2013 took place at:

New Delhi: April 13, 2013 (http://bit.ly/17REl0W) with 45 participants;
Bangalore: April 20, 2013 (http://bit.ly/162t8rU) with 45 participants;
Chennai: May 18, 2013 (http://bit.ly/12ICGYD) with 25 participants.
Mumbai, June 15, 2013 (http://bit.ly/12fJSvZ) with 20 participants;
Kolkata: July 13, 2013 (http://bit.ly/11dgINZ) with 25 participants; and
New Delhi: August 24, 2013 (http://bit.ly/195cWIf) with 40 participants.

The roundtable meetings were multi-stakeholder events with participation from industry representatives, lawyers, journalists, civil society organizations and Government representatives. On an average, 75 per cent of the participants represented industry concerns, 15 per cent represented civil society and 10 per cent represented regulatory authorities. The model followed at the roundtable meetings allowed for equal participation from all participants.

[1]. See generally, Dan Solove, “A Taxonomy of Privacy” University of Pennsylvania Law Review (Vol. 154, No. 3, January 2006).

[2]. Wainwright v. Home Office [2003] UKHL 53.

[3]. See A v. B plc [2003] QB 195; Wainwright v. Home Office [2001] EWCA Civ 2081; R (Ellis) v. Chief Constable of Essex Police [2003] EWHC 1321 (Admin).

[4]. Kharak Singh v. State of Uttar Pradesh AIR 1963 SC 1295.

[5]. Gobind v. State of Madhya Pradesh AIR 1975 SC 1378.

[6]. R. Rajagopal v. State of Tamil Nadu AIR 1995 SC 264.

[7]. People’s Union for Civil Liberties v. Union of India (1997) 1 SCC 30.

[8]. A Division Bench of the Supreme Court of India comprising Kuldip Singh and Saghir Ahmad, JJ, found that the procedure set out in section 5(2) of the Indian Telegraph Act, 1885 and rule 419 of the Indian Telegraph Rules, 1951 did not meet the “just, fair and reasonable” test laid down in Maneka Gandhi v. Union of India AIR 1978 SC 597 requisite for the deprivation of the right to personal liberty, from whence the Division Bench found a right to privacy emanated, guaranteed under Article 21 of the Constitution of India. Therefore, Kuldip Singh, J, imposed nine additional procedural safeguards that are listed in paragraph 35 of the judgment.

[9]. Naz Foundation v. Government of NCT Delhi (2009) 160 DLT 277.

[10]. The 2010 data adequacy assessment of Indian data protection laws was conducted by Professor Graham Greenleaf. His account of the process and his summary of Indian law can found at Graham Greenleaf, "Promises and Illusions of Data Protection in Indian Law" International Data Privacy Law (47-69, Vol. 1, No. 1, March 2011).

[11]. The Rules were brought into effect vide Notification GSR 313(E) on 11 April 2011. CIS submitted comments on the Rules that can be found here – http://cis-india.org/internet-governance/blog/comments-on-the-it-reasonable-security-practices-and-procedures-and-sensitive-personal-data-or-information-rules-2011.

[12]. The Committee on Subordinate Legislation, a parliamentary ‘watchdog’ committee, is mandated by rules 317-322 of the Rules of Procedure and Conduct of Business in the Lok Sabha (14^th edn., New Delhi: Lok Sabha Secretariat, 2010) to examine the validity of subordinate legislation.

[13]. See the 31^st Report of the Committee on Subordinate Legislation that was presented on 21 March 2013.

[14]. See paragraphs 7.14-7.17 on pages 69-72 of the Report of the Group of Experts on Privacy, 16 October 2012, Planning Commission, Government of India.

[15]. See, the Indian Telegraph (Amendment) Rules, 2007, which were brought into effect vide Notification GSR 193(E) of the Department of Telecommunications of the Ministry of Communications and Information Technology, Government of India, dated 1 March 2007.

[16]. See, inter alia, section 14 of the Maharashtra Control of Organised Crime Act, 1999; section 14 of the Andhra Pradesh Control of Organised Crime Act, 2001; and, section 14 of the Karnataka Control of Organised Crime Act, 2000.

[17]. See, the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data and Information) Rules, 2009 vide GSR 782 (E) dated 27 October 2009; and, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 vide GSR 780 (E) dated 27 October 2009.

For more details visit https://cis-india.org/internet-governance/blog/national-privacy-roundtable-meetings

India:Privacy in Peril

bhairav — 2013-09-25T09:56:22Z

The danger of mass surveillance in India is for real. The absence of a regulating law is damning for Indians who want to protect their privacy against the juggernaut of state and private surveillance.

The article was originally published in the Frontline on July 12, 2013.

At the concluding scene of his latest movie, Superman disdainfully flings a surveillance drone down to earth in front of a horrified general. “You can’t control me,” he tells his military minder. “You can’t find out where I hang up my cape.” This exchange goes to the crux of surveillance: control. Surveillance is the means by which nation-states exercise control over people. If the logical basis of the nation-state is the establishment and maintenance of homogeneity, it is necessary to detect and interdict dissent before it threatens the boundedness and continuity of the national imagination. This imagination often cannot encompass diversity, so it constructs categories of others that include dissenters and outsiders. Admittedly, this happens less in India because the foundation of the Indian nation-state imagined a diverse society expressing a plurality of ideas in a variety of languages secured by a syncretic and democratic government that protected individual freedoms. Unfortunately, this vision is still to be realised, and the foundational idea of India continues to be challenged by poor governance, poverty, insurgencies and rebellion. Consequently, surveillance is, for the modern nation-state, a condicio sine qua non—an essential element without which it will eventually cease to exist. The challenge for democratic nation-states is to find the optimal balance between surveillance and the duty to protect the freedoms of its citizens.

History of wiretaps

Some countries, such as the United States, have assembled a vast apparatus of surveillance to monitor the activities of their citizens and foreigners. Let us review the recent controversy revealed by the whistle-blower Edward Snowden. In 1967, the U.S. Supreme Court ruled in Katz vs United States that wiretaps had to be warranted, judicially sanctioned and supported by probable cause. This resulted in the passage of the Wiretap Act of 1968 that regulated domestic surveillance. Following revelations that Washington was engaging in unrestricted foreign surveillance in the context of the Vietnam war and anti-war protests, the U.S. Congress enacted the Foreign Intelligence Surveillance Act (FISA) in 1978. FISA gave the U.S. government the power to conduct, without judicial sanction, surveillance for foreign intelligence information; and, with judicial sanction from a secret FISA court, surveillance of anybody if the ultimate target was a foreign power. Paradoxically, even a U.S. citizen could be a foreign power in certain circumstances. Domestically, FISA enabled secret warrants for specific items of information such as library book borrowers and car rentals.

Following the 9/11 World Trade Centre attacks, Congress enacted the Patriot Act of 2001, Section 215 of which dramatically expanded the scope of FISA to allow secret warrants to conduct surveillance in respect of “any tangible thing” that was relevant to a national security investigation. In exercise of this power, a secret FISA court issued secret warrants ordering a number of U.S. companies to share, in real time, voice and data traffic with the National Security Agency (NSA). We may never know the full scope of the NSA’s surveillance, but we know this: (a) Verizon Communications, a telecommunications major, was ordered to provide metadata for all telephone calls within and without the U.S.; (b) the NSA runs a clandestine programme called PRISM that accesses Internet traffic, such as e-mails, web searches, forum comments and blogs, in real time; and (c) the NSA manages a comprehensive data analysis system called Boundless Informant that intercepts and analyses voice and data traffic around the world and subjects them to automated pattern recognition. The documents leaked by Snowden allege that Google, Facebook, Apple, Dropbox, Microsoft and Yahoo! participate in PRISM, but these companies have denied their involvement.

India fifth-most monitored

How does this affect India? The Snowden documents reveal that India is the NSA’s fifth-most monitored country after Iran, Pakistan, Jordan and Egypt. Interestingly, China is monitored less than India. Several billion pieces of data from India, such as e-mails and telephone metadata, were intercepted and monitored by the NSA. For Indians, it is not inconceivable that our e-mails, should they be sent using Gmail, Yahoo! Mail or Hotmail, or our documents, should we be subscribing to Dropbox, or our Facebook posts, are being accessed and read by the NSA. Incredibly, most Indian governmental communication, including that of Ministers and senior civil servants, use private U.S. e-mail services. We no longer enjoy privacy online. The question of suspicious activity, irrespective of the rubric under which suspicion is measured, is moot. Any use of U.S. service providers is potentially compromised since U.S. law permits intrusive dragnet surveillance against foreigners. This clearly reveals a dichotomy in U.S. constitutional law: the Fourth Amendment’s guarantees of privacy, repeatedly upheld by U.S. courts, protect U.S. citizens to a far greater extent than they do foreigners. It is natural for a nation-state to privilege the rights of its citizens over others. As Indians, therefore, we must clearly look out for ourselves.

Privacy and personal liberty

Unfortunately, India does not have a persuasive jurisprudence of privacy protection. In the Kharak Singh (1964) and Gobind (1975) cases, the Supreme Court of India considered the question of privacy from physical surveillance by the police in and around homes of suspects. In the latter case, the court found that some of the Fundamental Rights “could be described as contributing to the right to privacy”, which was subject to a compelling public interest. This insipid inference held the field until 1994 when, in the Rajagopal (“Auto Shankar”, 1994) case, the Supreme Court, for the first time, directly located privacy within the ambit of the right to personal liberty recognised by Article 21 of the Constitution. However, Rajagopal dealt specifically with the publication of an autobiography, it did not consider the privacy of communications. In 1997, the Supreme Court considered the question of wiretaps in the People’s Union for Civil Liberties (PUCL) case. While finding that wiretaps invaded the privacy of communications, it continued to permit them subject to some procedural safeguards which continue to be routinely ignored. A more robust statement of the right to privacy was made by the Delhi High Court in the Naz Foundation case (2011) that decriminalised consensual homosexual acts; however, there is an appeal against the judgment in the Supreme Court.

Legislative silence

Judicial vagueness has been compounded by legislative silence. India does not have a law to operationalise a right to privacy. Consequently, a multitude of laws permit daily infractions of privacy. These infractions have survived because they are diverse, dissipated and quite disorganised. However, the technocratic impulse to centralise and consolidate surveillance and data collection has, in recent years, alarmed many citizens. The state hopes to, through enterprises such as the Central Monitoring System (CMS), the Crime and Criminals Tracking Network and System (CCTNS), the National Intelligence Grid (NATGRID), the Telephone Call Interception System (TCIS) and the Unique Identification Number (UID), replicate the U.S. successes in surveillance and monitoring and profiling all its citizens. However, unlike the U.S., India proposes to achieve this without an enabling law. Let us consider the CMS. No documents have been made available that indicate the scope and size of the CMS.

From a variety of police tenders for private equipment, it appears that the Central government hopes to put in place a system that will intercept, in real time, all voice and data traffic originating or terminating in India or being carried by Indian service providers. This data will be subject to pattern recognition and other automated tests to detect emotional markers, such as hate, compassion or intent. The sheer scale of this enterprise is intimidating; all communications in India’s many languages will be subject to interception and testing designed to detect different forms of dissent. This mammoth exercise in monitoring is taking place—it is understood that some components of the CMS are already operational—without statutory sanction. No credible authorities exist to supervise this exercise, no avenues for redress have been identified and no consequences have been laid down for abuse.

Statutory Surveillance

In a recent interview, Milind Deora, Minister of State for Communications and Information Technology, dismissed public scepticism of the CMS saying that direct state access to private communications was better for privacy since it reduced dependence on the interception abilities of private service providers. This circular argument is both disingenuous and incorrect. No doubt, trusting private persons with the power to intercept and store the private data of citizens is flawed. The leaking of the Niira Radia tapes, which contain the private communications of Niira Radia taped on the orders of the Income Tax Department, testifies to this flaw. However, bypassing private players to enable direct state access to private communications will preclude leaks and, thereby, remove from public knowledge the fact of surveillance. This messy situation may be obviated by a regime of statutory regulation of warranted surveillance by an independent and impartial authority. This system is favoured by liberal democracies around the world but conspicuously resisted by the Indian government.

The question of privacy legislation was recently considered by a committee chaired by Justice Ajit Prakash Shah, a former judge of the Delhi High Court who sat on the Bench that delivered the Naz Foundation judgment. The Shah Committee was constituted by the Planning Commission for a different reason: the need to protect personal data that are outsourced to India for processing. The lack of credible privacy law, it is foreseen, will result in European and other foreign personal data being sent to other attractive processing destinations, such as Vietnam, Israel or the Philippines, resulting in the decline of India’s outsourcing industry. However, the Shah Committee also noted the absence of law sufficient to protect against surveillance abuses. Most importantly, the Shah Committee formulated nine national privacy principles to inform any future privacy legislation (see story on page 26). In 2011, the Department of Personnel and Training (DoPT) of the Ministry of Human Resource Development, the same Ministry entrusted with implementing the Right to Information Act, 2005, leaked a draft privacy Bill, marked ‘Secret’, on the Internet. The DoPT Bill received substantive criticism from the Attorney General and some government Secretaries for the clumsy drafting. A new version of the DoPT Bill is reported to have been drafted and sent to the Ministry of Law for consideration. This revised Bill, which presumably contains chapters to regulate surveillance, including the interception of communications, has not been made public.

The need for privacy legislation cannot be overstated. The Snowden affair reveals the extent of possible state surveillance of private communications. For Indians who must now explore ways to protect their privacy against the juggernaut of state and private surveillance, the absence of regulatory law is damning. Permitting, through public inaction, unwarranted and non-targetted dragnet surveillance by the Indian state without reasonable cause would be an act of surrender of far-reaching implications.

Information, they say, is power. Allowing governments to exercise this power over us without thought for the rule of law constitutes the ultimate submission possible in a democratic nation-state. And, since superheroes are escapist fantasies, without the prospect of good laws we will all be subordinate to a new national imagination of control and monitoring, surveillance and profiling. If allowed to come to pass, this will be a betrayal of the foundational idea of India as a free and democratic republic tolerant of dissent.

Bhairav Acharya is a constitutional lawyer practising in the Supreme Court of India. He advises the Centre for Internet & Society, Bangalore, on privacy law and other constitutional issues.

For more details visit https://cis-india.org/internet-governance/blog/frontline-cover-story-july-12-2013-bhairav-acharya-privacy-in-peril

The Central Monitoring System: Some Questions to be Raised in Parliament

bhairav — 2013-09-25T10:30:10Z

The following are some model questions to be raised in the Parliament regarding the lack of transparency in the central monitoring system.

Preliminary

The Central Monitoring System (CMS) is a Central Government project to intercept communications, both voice and data, that is transmitted via telephones and the internet to, from and within India. Owing to the vast nature of this enterprise, the CMS cannot be succinctly described and the many issues surrounding this project are diverse. This Issue Brief will outline preliminary constitutional, legal and technical concerns that are presented by the CMS.
At the outset, it must be clearly understood that no public documentation exists to explain the scope, functions and technical architecture of the CMS. This lack of transparency is the single-largest obstacle to understanding the Central Government’s motives in conceptualising and operationalizing the CMS. This lack of public documentation is also the chief reason for the brevity of this Issue Note. Without making public the policy, law and technical abilities of the CMS, there cannot be an informed national debate on the primary concerns posed by the CMS, i.e the extent of envisaged state surveillance upon Indian citizens and the safeguards, if any, to protect the individual right to privacy.

Surveillance and Privacy

Surveillance is necessary to secure political organisation. Modern nation-states, which are theoretically organised on the basis of shared national and societal characteristics, require surveillance to detect threats to these characteristics. In democratic societies, beyond the immediate requirements of national integrity and security, surveillance must be targeted at securing the safety and rights of individual citizens. This Issue Brief does not dispute the fact that democratic countries, such as India, should conduct surveillance to secure legitimate ends. Concerns, however, arise when surveillance is conducted in a manner unrestricted and unregulated by law; these concerns are compounded when a lack of law is accompanied by a lack of transparency.
Technological advancement leads to more intrusive surveillance. The evolution of surveillance in the United States resulted, in 1967, in the first judicial recognition of the right to privacy. In Katz v. United States the US Supreme Court ruled that the privacy of communications had to be balanced with the need to conduct surveillance; and, therefore, wiretaps had to be warranted, judicially sanctioned and supported by probable cause. Katz expanded the scope of the Fourth Amendment of the US Constitution, which protected against unreasonable searches and seizures. Most subsequent US legal developments relating to the privacy of communications from surveillance originate in the Katz judgement. Other common law countries, such as the United Kingdom and Canada, have experienced similar judicial evolution to recognise that the right to privacy must be balanced with governance.

Right to Privacy in India

Unfortunately, India does not have a persuasive jurisprudence of privacy protection. In the Kharak Singh (1964) and Gobind (1975) cases, the Supreme Court of India considered the question of privacy from physical surveillance by the police in and around the homes of suspects. In the latter case, the Supreme Court found that some of the Fundamental Rights “could be described as contributing to the right to privacy” which was nevertheless subject to a compelling public interest. This insipid inference held the field until 1994 when, in the Rajagopal (“Auto Shankar”, 1994) case, the Supreme Court, for the first time, directly located privacy within the ambit of the right to personal liberty recognised by Article 21 of the Constitution. However, Rajagopal dealt specifically with the publication of an autobiography, it did not consider the privacy of communications. In 1997, the Supreme Court considered the question of wiretaps in the PUCL case. While finding that wiretaps invaded the privacy of communications, it continued to permit them subject to some procedural safeguards which continue to be routinely ignored. A more robust statement of the right to privacy was made recently by the Delhi High Court in the Naz Foundation case (2011) that de-criminalised consensual homosexual acts; however, this judgment has been appealed to the Supreme Court.

Issues Pertaining to the CMS

While judicial protection from physical surveillance was cursorily dealt with in the Kharak Singh and Gobind cases, the Supreme Court of India directly considered the issue of wiretaps in the PUCL case. Wiretaps in India primarily occur on the strength of powers granted to certain authorities under section 5(2) of the Indian Telegraph Act, 1885. The Court found that the Telegraph Act, and Rules made thereunder, did not prescribe adequate procedural safeguards to create a “just and fair” mechanism to conduct wiretaps. Therefore, it laid down the following procedure to conduct wiretaps:

(a) the order should be issued by the relevant Home Secretary (this power is delegable to a Joint Secretary),
(b) the interception must be carried out exactly in terms of the order and not in excess of it,
(c) a determination of whether the information could be reasonably secured by other means,
(d) the interception shall cease after sixty (60) days.

Therefore, prima facie, any voice interception conducted through the CMS will be in violation of this Supreme Court judgement. The CMS will enforce blanket surveillance upon the entire country without regard for reasonable cause or necessity. This movement away from targeted surveillance to blanket surveillance without cause, conducted without statutory sanction and without transparency, is worrying.
Accordingly, the following questions may be raised, in Parliament, to learn more about the CMS project:

Which statutes, Government Orders, notifications etc deal with the establishment and maintenance of the CMS?
Which is the nodal agency in charge of implementing the CMS?
What are the powers and functions of the nodal agency?
What guarantees exist to protect ordinary Indian citizens from intrusive surveillance without cause?
What are the technical parameters of the CMS?
What are the consequences for misuse or abuse of powers by any person working in the CMS project?
What recourse is available to Indian citizens against whom there is unnecessary surveillance or against whom there has been a misuse or abuse of power?

For more details visit https://cis-india.org/internet-governance/blog/central-monitoring-system-questions-to-be-asked-in-parliament

An Analysis of the Cases Filed under Section 46 of the Information Technology Act, 2000 for Adjudication in the State of Maharashtra

bhairav — 2013-10-01T15:29:46Z

This is a brief review of some of the cases related to privacy filed under section 46 of the Information Technology Act, 2000 ("the Act") seeking adjudication for alleged contraventions of the Act in the State of Maharashtra.

Background

Section 46 of the Act grants the Central Government the power to appoint an adjudicating officer to hold an enquiry to adjudge, upon complaints being filed before that adjudicating officer, contraventions of the Act. The adjudicating officer may be of the Central Government or of the State Government [see section 46(1) of the Act], must have field experience with information technology and law [see section 46(3) of the Act] and exercises jurisdiction over claims for damages up to `5,00,00,000 [see section 46(1A) of the Act]. For the purpose of adjudication, the officer is vested with certain powers of a civil court [see section 46(5) of the Act] and must follow basic principles of natural justice while conducting adjudications [see section 46(2) of the Act]. Hence, the adjudicating officer appointed under section 46 is a quasi-judicial authority.

In addition, the quasi-judicial adjudicating officer may impose penalties, thereby vesting him with some of the powers of a criminal court [see section 46(2) of the Act], and award compensation, the quantum of which is to be determined after taking into account factors including unfair advantage, loss and repeat offences [see section 47 of the Act]. The adjudicating officer may impose penalties for any of the offences described in section 43, section 44 and section 45 of the Act; and, further, may award compensation for losses suffered as a result of contraventions of section 43 and section 43A. The text of these sections is reproduced in the Schedule below. Further law as to the appointment of the adjudicating officer and the procedure attendant on all adjudications was made by Information Technology (Qualification and Experience of Adjudicating Officers and the Manner of Holding Enquiry) Rules, 2003.[1]

It is clear that the adjudicating officer is vested with significant judicial powers, including the power to enforce certain criminal penalties, and is an important quasi-judicial authority.

Excursus

At the outset, it is important to understand the distinction between compensation and damages. Compensation is a sum of money awarded by a civil court, before or along with the primary decree, to indemnify a person for injury or loss. It is usually awarded to a person who has a suffered a monetary loss as a result of the acts or omissions of another party. Its quantification is usually guided by principles of equity. [See Shantilal Mangaldas AIR 1969 SC 634 and Ranbir Kumar Arora AIR 1983 P&H 431]. On the hand, damages are punitive and, in addition to restoring an indemnitee to wholeness, may be imposed to deter an offender, punish exemplary offences, and recover consequential losses, amongst other objectives. Damages that are punitive, while not judicially popular in India, are usually imposed by a criminal court in common law jurisdictions. They are distinct from civil and equitable actions. [See the seminal case of The Owners of the Steamship Mediana [1900] AC 113 (HL)].

Unfortunately, section 46 of the Act uses the terms “damage”, “injury” and “compensation” interchangeably without regard for the long and rich jurisprudence that finds them to be different concepts.

The Cases related to Privacy

In the State of Maharashtra, there have been a total of 47 cases filed under section 46 of the Act. Of these, 33 cases have been disposed of by the Adjudicating Officer and 14 are currently pending disposal. [2] At least three of these cases before the Adjudicating Officer deal with issues related to privacy of communications and personal data. They are:

Case Title	Forum	Date
Vinod Kaushik v. Madhvika Joshi	Shri Rajesh Aggarwal Adjudicating Officer, ex-officio Secretary, IT Government of Maharashtra	10.10.2011
Amit D. Patwardhan v. Rud India Chains	Shri Rajesh Aggarwal Adjudicating Officer, ex-officio Secretary, IT Government of Maharashtra	15.04.2013
Nirmalkumar Bagherwal v. Minal Bagherwal	Shri Rajesh Aggarwal Adjudicating Officer, ex-officio Secretary, IT Government of Maharashtra	26.08.2013

In all three cases the Adjudicating Officer was called upon to determine and penalise unauthorised access to personal data of the complainants. In the Vinod Kaushik case, the complainants’ emails and chat sessions were accessed, copied and made available to the police for legal proceedings without the permission of the complainants. In the Amit Patwardhan and Nirmalkumar Bagherwal cases, the complainants’ financial information in the form of bank account statements were obtained from their respective banks without their consent and used against them in legal proceedings.

The Vinod Kaushik complaint was filed in 2010 for privacy violations committed between 2008 and 2009. The complaint was made against the complainant’s daughter-in-law – the respondent, who was estranged from her husband, the complainant’s son. The respondent had, independent of the proceedings before the Adjudicating Officer, instituted criminal proceedings alleging cruelty and dowry-related harassment against her estranged husband and the complainant. To support some of the claims made in the criminal proceedings, the respondent accessed the email accounts of her estranged husband and the complainant and printed copies of certain communications, both emails and chat transcripts. The complaint to the Adjudicating Officer was made in relation to these emails and chat transcripts that were obtained without the consent and knowledge of the complainant and his son. On 09.08.2010, the then Adjudicating Officer dismissed the complaint after finding that, owing to the marriage between the respondent and the complainant’s son, there was a relation of mutual trust between them that resulted in the complainant and his son consensually sharing their email account passwords with the respondent. This ruling was appealed to the Cyber Appellate Tribunal ("CyAT") which, in a decision of 29.06.2011, found irregularities in the complainant’s son’s privity to the proceedings and remanded the complaint to the Adjudicating Officer for re-adjudication. The re-adjudication, which was conducted by Shri Rajesh Aggarwal as Adjudicating Officer, resulted in a final order of 10.10.2011 ("the final order") that is the subject of this analysis. The final order found that the respondent had violated the privacy of the complainant and his son by her unauthorised access of their email accounts and sharing of their private communications. However, the Adjudicating Officer found that the intent of the unauthorised access – to obtain evidence to support a criminal proceeding – was mitigatory and hence ordered the respondent to pay only a small token amount in compensation, not to the complainants but instead to the State Treasury. The Delhi High Court, which was moved in appeal because the CyAT was non-functional, upheld the final order in its decision of 27.01.2012.

The Amit Patwardhan complaint was filed against the complainant’s ex-employer – the respondent, for illegally obtaining copies of the complainant’s bank account statement. The complainant had left the employ of the respondent to work with a competing business company but not before colluding with the competing business company and diverting the respondent’s customers to them. For redress, the respondent filed suit for a decree of compensation and lead the complainant’s bank statements in evidence to prove unlawful gratification. Since the bank statements were obtained electronically by the respondent without the complainant’s consent, the jurisdiction of the Adjudicating Officer was invoked. In his order of 15.04.2013, Shri Rajesh Aggarwal, the Adjudicating Officer, found that the respondent had, by unlawfully obtaining the complainant’s bank account statements which constitute sensitive personal data, violated the complainant’s privacy. The Adjudicating Officer astutely applied the equitable doctrine of clean hands to deny compensation to the complainant; however, because the complainant’s bank was not a party to the complaint, the Adjudicating Officer was unable to make a ruling on the lack of action by the bank to protect the sensitive personal data of its depositors.

The Nirmalkumar Bagherwal complaint bears a few similarities to the preceding two cases. Like the Vinod Kaushik matter, the issue concerned the manner in which a wife, estranged but still legally married, accessed electronic records of personal data of the complainants; and, like the Amit Patwardhan matter, the object of the privacy violation was the bank account statements of the complainants that constitute sensitive personal data. The respondent was the estranged wife of one of the complainants who, along with his complainant father, managed the third complainant company. To support her claim for maintenance from the complainant and his family in an independent legal proceeding, the respondent obtained certain bank account statements of the complainants without their consent and, possibly, with the collusion of the respondent bank. After reviewing relevant law from the European Union and the United States, and observant of relevant sectoral regulations applicable in India including the relevant Master Circular of the Reserve Bank of India, and further noting preceding consumer case law on the subject, the Adjudicating Officer issued an order on 26.08.2013. The order found that the complainant’s right to privacy was violated by both the respondents but, while determining the quantum of compensation, distinguished between the respondents in respect of the degree of liability; the respondent wife was ordered to pay a token compensation amount while the respondent bank was ordered to pay higher compensation to each of the three complainants individually.

The high quality of each of the three orders bears specific mention. Despite the superb quality of the judgments of the Indian higher judiciary in the decades after independence, the overall quality of judgment-writing appears to have declined. [3] In the last decade, several Indian judges have called for higher standards of judgment writing from their fellow judges. [4] In this background, it is notable that Shri Rajesh Aggarwal, despite not being a member of the judiciary, has delivered well-reasoned, articulate and clear orders that are cognisant of legal issues and also easily understandable to a non-legal reader.

In each of these cases, the Adjudicating Officer has successfully navigated around the fact that none of the primary parties were interacting and transacting at arm’s length. In the Vinod Kaushik and Nirmalkumar Bagherwal matters, the primary parties were estranged but still legally married partners and in the Amit Patwardhan matter the parties were in an employer-employee relationship. The first Adjudicating Officer in the Vinod Kaushik matter failed, in his order of 09.08.2010, to appreciate that the individual communications of individual persons were privileged by an expectation of privacy, regardless of their relationship. Hence, despite acknowledging that the marital partners in that matter were in conflict with each other, and despite being told by one party that the other party’s access to those private communications was made without consent, the Adjudicating Officer allowed his non-judicial opinion of marriage to influence his order. This mistake was corrected when the matter was remanded for re-adjudication. In the re-adjudication, the new Adjudicating Officer correctly noted that the respondent wife could have chosen to approach the police or a court to follow the proper investigative procedure for accessing emails and other private communications of another person and that her unauthorised use of the complainant’s passwords amounted to a violation of their privacy.

Popular conceptions of different types of relationships may affect the (quasi) judicial imagination of privacy. In comparison to the Vinod Kaushik matter, the Nirmalkumar Bagherwal and Amit Patwardhan matters both dealt with unauthorised access to bank account statements, by a wife and by an ex-employer respectively. In any event, the same Adjudicating Officer presided over all three matters and correctly found that the facts in all three matters admitted to contraventions of the privacy of the complainants. The conjecture as to whether the first Adjudicating Officer in the Vinod Kaushik matter would have applied the same standard of family unity to unauthorised access of bank account statements by an estranged wife who was seeking maintenance remains untested. However, the reliance placed on the decision of the Delhi State Consumer Protection Commission in the matter of Rupa Mahajan Pahwa, [5] where the Commission found that unauthorised access to a bank pass book by an estranged husband violated the privacy of the wife, would suggest that judges clothe financial information with a standard of privacy higher than that given to emails.

Emails are a form of electronic communication. The PUCL case (Supreme Court of India, 1996)[6] while it did not explicitly deal with the standard of protection accorded to emails, held that personal communications were protected by an individual right to privacy that emanated from the protection of personal liberty guaranteed under Article 21 of the Constitution of India. Following the Maneka Gandhi case (Supreme Court of India, 1978)[7]

it is settled that persons may be deprived of their personal liberty only by a just, fair and reasonable procedure established by law. As a result, interceptions of private communications that are protected by Article 21 may only be conducted in pursuance of such a procedure. This procedure exists in the form of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 that came into effect on 27 October 2009 ("the Interception Rules"). The Interception Rules set out a regime for accessing private emails in certain conditions. The powers and procedure of Section 91 of the Code of Criminal Procedure ("CrPC") may also apply to obtain data at rest, such as emails stored in an inbox or sent-mail folder.

Finally, the orders of the Adjudicating Officer reveal a well-reasoned and progressive understanding of the law and principles relating to the quantification of compensation. By choosing to impose larger amounts of compensation on the bank that violated the privacy of the complainant in the Nirmalkumar Bagherwal matter, the Adjudicating Officer has indicated that the institutions that hold sensitive personal data, such as financial information, are subject to a higher duty of care in relation of it. But, most importantly, the act of imposing monetary compensation of privacy violations is a step forward because, for the first time in India, it recognises that privacy violations are civil wrongs or injuries that demand compensation.

[1]. These Rules were issued vide GSR 220(E), dated 17 March 2003 and published in the Gazette of India, Extraordinary, Part II, Section 3(i). These Rules can be accessed here – http://it.maharashtra.gov.in/PDF/Qual_ExpAdjudicatingOfficer_Manner_of_Holding_Enquiry_Rules.PDF (visited on 30 September 2013).

[2]. These cases and statistics may be viewed here – http://it.maharashtra.gov.in/1089/IT-Act-Judgements (visited on 30 September 2013).

[3]. See generally, Upendra Baxi “"The Fair Name of Justice": The Memorable Voyage of Chief Justice Chandrachud” in A Chandrachud Reader (Justice V. S. Deshpande ed., Delhi: Documentation Centre etc., 1985) and, Rajeev Dhavan, "Judging the Judges" in Judges and the Judicial Power: Essays in Honour of Justice V. R. Krishna Iyer (Rajeev Dhavan and Salman Khurshid eds., London: Sweet & Maxwell, 1985).

[4]. See generally, Justice B.G .Harindranath, Art of Writing Judgments (Bangalore: Karnataka Judicial Academy, 2004); Justice T .S. Sivagnanam, The Salient Features of the Art of Writing Orders and Judgments (Chennai: Tamil Nadu State Judicial Academy, 2010); and, Justice Sunil Ambwani, “Writing Judgments: Comparative Models” Presentation at the National Judicial Academy, Bhopal (2006) available here – http://districtcourtallahabad.up.nic.in/articles/writing%20judgment.pdf (visited on 29 Sep 2013).

[5]. Appeal No. FA-2008/659 of the Delhi State Consumer Protection Commission, decided on 16 October 2008.

[6]. (1997) 1 SCC 301.

[7]. (1978) 1 SCC 248.

For more details visit https://cis-india.org/internet-governance/blog/analysis-of-cases-filed-under-sec-48-it-act-for-adjudication-maharashtra

A Public Discussion on Criminal Defamation in India

bhairav — 2015-07-27T14:44:15Z

The Centre for Internet and Society (CIS); the Network of Women in Media, India; and Media Watch, Bengaluru, are hosting a public discussion on criminal defamation in India. The discussion will start at 5.30 pm on Wednesday, 29 July 2015, at the CIS office in Domlur, Bengaluru.


Pictured above: A poster of the event.

Decriminalising Defamation in India: A Brief Statement of Issues

Subramanian Swamy’s petition to decriminalise defamation has been joined in the Supreme Court by concurring petitions from Rahul Gandhi and Arvind Kejriwal. Defamation is criminalised by sections 499 and 500 of the Indian Penal Code, 1860 (IPC). Swamy and his unlikely cohorts want the Supreme Court to declare that these criminal defamation provisions interfere with the right to free speech and strike them down.

Although news coverage of the case has focused on the motivations and arguments of the three politicians, defamation should not be the sole province of celebrities and the powerful. Unfortunately, criminal defamation has emerged as a new system of censorship to silence journalists, writers, and activists. SLAPP suits (Strategic Lawsuits against Public Participation) are being increasingly used by large corporations to frighten and overwhelm critics and opponents. SLAPP suits are not designed to succeed – although they often do, they are intended to intimidate, harass, and outspend journalists and activists into submission.

The law of defamation rests on uncertain foundations. In medieval Europe defamation was dually prosecuted by the Church as a sin equal to sexual immorality, and by secular courts for the threat of violence that accompanied defamatory speech. These distinct concerns yielded a peculiar defence which fused two elements: truth, which shielded the speaker from the sin of lying; and, the public good, which protected the speaker from the charge of disrupting the public peace. This dual formulation – truth and the public good – remains the primary defence to defamation today.

India does not have a strong ‘fair comment’ defence to protect speech that is neither true nor intrinsically socially useful. This bolsters the law’s reflexive censorship of speech that falls outside the bounds of social utility and morality such as parody, caricature, outrageous opinion, sensationalism, and rumour. This failure affects cartoonists and tabloid sensationalism alike.

Defamation law is also open to procedural misuse to maximise its harrassive effect. Since speech that is published on the Internet or mass-printed and distributed can be read almost anywhere, the venue of criminal defamation proceedings can be chosen to inconvenience and exhaust a speaker into surrender. This motivation explains the peculiarly remote location of several defamation proceedings in India against journalists and magazine editors.

The offence of defamation commoditises reputation. While defamation remains a crime, the state must prosecute it as it does other crimes such as murder and rape. This merits the question: should the state expend public resources to defend the individual reputations of its citizens? Such a system notionally guarantees parity because if the state were to retreat from this role leaving private persons to fight for their own reputations, the market would favour the reputations of the rich and powerful at the expense of others.

These and other issues demand an informed and rigorous public discussion about the continued criminalisation of defamation in India.

Download the concept note prepared by Bhairav Acharya

For more details visit https://cis-india.org/internet-governance/events/a-public-discussion-on-criminal-defamation-in-india

Roundtable on Indian Privacy Law and Policy

bhairav — 2014-12-27T14:18:16Z

This event was hosted by the Centre for Law and Development of the National University of Advanced Legal Studies (NUALS) in Kochi. It was attended by members of the faculty of NUALS, some students from the 2nd year, 3rd year, 4th year, and 5th year.

The meeting began with a talk by Bhairav Acharya on the origin of privacy law, its jurisprudential evolution, and the current context in which privacy is being debated in India and around the world.

Bhairav began by talking about the nature of privacy law around the world. Privacy has, until recently, never been a right in English common law. Indeed, the tort of invasion of privacy is also relatively incomplete. Privacy is protected through other torts, including the torts of nuisance, trespass, and others. European treaty requirements have foisted a right to privacy upon the British legal system; the contours of this right remain unclear.

American courts, on the other hand, have been more receptive to claims of the right to privacy. There is much in the American political and legal tradition that has contributed to the easy acceptability of privacy claims. Not least among these are the strong emphasis on the individual as the fundamental unit of governance and sovereignty, and the American libertarian tradition of autonomy.

Bhairav then spoke of the right to privacy in India. Early cases in the Supreme Court of India see privacy as a negotiation between the liberties of citizens and the power of the state. In a legal tradition deeply influenced by colonialism, Indian courts readily accepted claims against physical police surveillance and other related rights in the criminal justice process – public rights against the state that were once denied to Indian subjects of colonial rule, but held short of viewing privacy as a necessary individual protection against society. This has resulted in dichotomous privacy jurisprudence.

Bhairav then talked about the contexts in which privacy claims arise in India today. Specifically, he spoke about increasingly sophisticated surveillance techniques and large-scale personal data collection and processing. There are many complexities in both these fields and a lot of time and questions were spent going over them. Surveillance is older than the nation-state; privacy law does not seek the end of surveillance, but only its optimal use. There are many kinds of surveillance, the contemporary debate deals solely with wiretapping and electronic surveillance. Privacy law cannot be blind to the many other kinds of surveillance, including old-fashioned physical surveillance on the road.

Data collection, too, cannot be ended, nor should it for it forms the basis of modern commerce and is tied to India’s economic growth. There were questions and discussion on ‘big data’, data mining, analytics, business models, and other related areas. In India, however, in the absence of an innovative IT industry, the dominant business model is of receiving foreign personal data, usually of Europeans and Americans, to provide cheap processing services. This model depends entirely on comparatively lower Indian wages. Hence, it is not surprising that the first personal data protection rules issued by the Indian government in 2011 applied solely to foreign data that was outsourced to India.

Bhairav then introduced the 2011 draft Right to Privacy Bill that was proposed by the Department of Personnel and Training of the Indian government, as well as the Personal Data Protection Rules issued under the Information Technology Act, 2000. These measures were studied clause-by-clause.

Similarly, Indian law in respect of communications surveillance was analysed in detail. The Indian Telegraph Act 1885, the Indian Telegraph Rules 1951 (including the amendments of 1961, 1999, 2007, and 2014) were looked at in detail. These laws were compared to the Indian Post Office Act 1898 and the Information Technology Act 2000. The 1968 report of the Law Commission of India that examined the wiretapping power and suggested possible overreach was also examined.

Bhairav reviewed Indian law in respect of wiretapping. All Supreme Court case law, especially the cases of Hukum Chand and Peoples Union for Civil Liberties, were analysed. Finally, the group looked at how the legal principles applicable to wiretapping have been extended to electronic and Internet surveillance. Over here, the group studied the two sets of 2011 Rules under the IT Act that enable Internet and email surveillance of both content and metadata.

After a lunch break, the group spoke about possible models for privacy regulation and protection in India. In respect of surveillance, a lot of time was spent discussing the merits and demerits of judicial warranting of surveillance, as opposed to executive authorisations. The consensus of the group, with a few exceptions, was that judicial warranting would not be a suitable model for Indian surveillance, due to several systemic weaknesses. The group also rejected several of the principles proposed by Justice A. P. Shah in the 2012 Report that was commissioned by the Planning Commission.

After a discussion on legislative models, the group discussed, clause-by-clause, the CIS proposal on privacy that was read through by Bhairav. This discussion lasted several hours, and covered many areas.

For more details visit https://cis-india.org/internet-governance/blog/roundtable-on-indian-privacy-law-and-policy

Comments on the Proposed Rule 138A of the Central Motor Vehicle Rules, 1989 Concerning Radio Frequency Identification Tags

bhairav — 2012-12-04T15:32:55Z

The Centre for Internet & Society gave its comments on the proposed Rule 138A of the Central Motor Vehicle Rules, 1989. The comments were made in response to Notification GSR 738(E) published in the Gazette of India on October 3, 2012.

I Preliminary

1.1 These initial comments are made with regard to Notification GSR 738(E), published in the Gazette of India, Extraordinary, Part II, Section 3, Sub-section (i), on 3 October 2012
(“Impugned Notification”).

1.2 The Impugned Notification proposes to insert a new rule 138A in the Central Motor Vehicle Rules, 1989 (“CMV Rules”) to make mandatory the installation of radio frequency identification (“RFID”) tags on all light and heavy motor vehicles to enable their instant identification and monitoring by electronic toll collection booths, the police and any other authority or person that is able to query and read RFID tags.

II Validity of the Impugned Notification

(a) The Scope and Limits of the Executive Power of the Union

2.1 The competence of the Central Government to govern by executive action (such as the Impugned Notification) is restricted to the extent of the executive power of the Union.[1] Following the Ram Jawaya Kapur case,[2] it is settled that the extent of the Union’s executive power is coterminous with the legislative power of Parliament even in the absence of controlling legislation in that field.[3] This is in addition to the Union’s subordinate executive power to give effect to legislation through statutory delegation[4] and its directory executive power to give directions to the States.[5] Thus, there are three kinds of executive power exercisable by the Union:

(a) the regular power, exercisable in the absence of controlling legislation, if the subject of executive action is a matter upon which Parliament is competent to legislate;
(b) the subordinate power, exercisable under the terms of a controlling statute, if that statute specifically delegates such a power to the Union; and
(c) the directory power, exercisable within judicial limits, to secure the compliance of the States with the laws of the Union.

2.2 The regular executive power of the Union cannot be exercised over a matter that is controlled by parliamentary legislation.[6] This principle is akin to, but does not correspond exactly with, the doctrine of occupied field which is primarily concerned with the legislative entries contained in Schedule VII of the Constitution of India. Nevertheless, it is settled that since the power of the executive to act is subject to the control of the legislature, a statutory regime, where it exists, cannot be circumvented by the free exercise of executive power.[7] In the case of the Impugned Notification, the Motor Vehicles Act, 1988 constitutes a statutory regime that occupies the field to preclude regular executive action by the Central Government with regard to RFID tags in motor vehicles. The Impugned Notification should next be examined only in light of the scope and limits of the Union’s subordinate executive power since, as the Impugned Notification is not a direction to the States, the Union’s directory executive power is not in issue.

(b) Extent of the Central Government’s Rule-Making Power

2.3 The subordinate executive power of the Union emanates from section 110 of the Motor Vehicles Act, 1988 (“MV Act”) that confers the Central Government with the power to make rules to implement the statute. At this point it is important to note that the legislative competence of the MV Act is traceable to Entry 35 of List III, Schedule VII of the Constitution of India. Entry 35 concerns:

Mechanically propelled vehicles including the principles on which taxes on such vehicles are to be levied.

Entry 35 being a concurrent subject, it is open to both the Union and the States to act to regulate motor vehicles.[8] Accordingly, the MV Act also vests the States with subordinate executive power through sections 28, 38, 65, 95, 96, 107, 111, 138 and 176 which confer State Governments with the power to make rules to implement the statute in, and amend its application to, their particular states. As for the Union, so for the States is the regular executive power precluded by the existence of a statutory regime.[9]

2.4 Section 110 of the MV Act states:

110. Power of the Central Government to make rules. – (1) The Central Government may make rules regulating the construction, equipment and maintenance of motor vehicles and trailers with respect to all or any of the following matters, namely:-

(a) the width, height, length and overhand of vehicles and of the loads carried;
(b) the size, nature, maximum retail price and condition of tyres, including embossing thereon of date and year of manufacture, and the maximum load carrying capacity;
(c) brakes and steering gear;
(d) the use of safety glasses including prohibition of the use of tinted safety glasses;
(e) signalling appliances, lamps and reflectors;
(f) speed governors;
(g) the emission of smoke, visible vapour, sparks, ashes, grit or oil;
(h) the reduction of noise emitted by or caused by vehicles;
(i) the embossment of chassis number and engine number and the date of manufacture;
(j) safety belts, handle bars of motor cycles, auto-dippers and other equipments essential for safety of drivers, passengers and other road-user;
(k) standards of the components used in the vehicle as inbuilt safety devices;
(l) provision for transportation of goods of dangerous or hazardous nature to human life;
(m) standards for emission of air pollutants;
(n) installation of catalytic convertors in the class of vehicles to be prescribed;
(o) the placement of audio-visual or radio or tape recorder type of devices in public vehicles;
(p) warranty after sale of vehicle and norms therefor:

Provided that any rules relating to the matters dealing with the protection of environment, so far as may be, shall be made after consultation with the Ministry of the Government of India dealing with environment.

(2) Rules may be made under sub-section (1) governing the matters mentioned therein, including the manner of ensuring the compliance with such matters and the maintenance of motor vehicles in respect of such matters, either generally in respect of motor vehicles or trailers or in respect of motor vehicles or trailers of a particular class or in particular circumstances.

(3) Notwithstanding anything contained in this section,-

(a) the Central Government may exempt any class of motor vehicles from the provisions of this Chapter;
(b) a State Government may exempt any motor vehicle or any class or description of motor vehicles from the rules made under sub-section (1) subject to such conditions as may be prescribed by the Central Government.

2.5 The subordinate executive power of the Union, i.e. the rule-making power, is restricted to the exact extent of the delegation.[10] This is a well settled and undisputed principle of administrative law. Therefore, the Central Government cannot, in exercise of the rule-making power granted under section 110 of the MV Act, frame rules for matters for which it has not been specifically empowered under that section. Section 110 of the MV Act does not grant the Central Government the power to make rules for mandating RFID tags on vehicles. Clauses (a) to (p) of section 110(1) descriptively list the matters relating to the construction, equipment and maintenance of motor vehicles that the Central Government is competent to regulate by exercising its executive power. This list is exactingly drafted; the absence of general words or a miscellaneous empowerment obviates the need for examining any particular word or words in clauses (a) to (p) in light of the principle of ejusdem generis.

2.6 In the absence of a specific empowerment, or even a general empowerment that may be positively construed ejusdem generis, only two clauses of section 110(1) require further examination. These are:

(e) signalling appliances, lamps and reflectors; and,
(o) the placement of audio-visual or radio or tape recorder type of devices in public vehicles;

Clause (e), which deals with signalling appliances, cannot be read to include RFID tags since, in accordance with the principle of noscitur a sociis, the meaning of the words “signalling appliances” is derived from its association with the words “lamps and reflectors.”[11] Therefore, RFID tags, which are totally unrelated to lamps, reflectors and related signalling appliances, are not the subject of clause (e). On the other hand, while clause (o) contains an executive empowerment in respect of radio devices, the empowerment only concerns “public vehicles”; and, hence, the installation of RFID tags in non-public vehicles including light vehicles, such as cars, and heavy vehicles, such trucks and lorries, cannot be carried out under this clause. In any event, the word “radio” must be interpreted noscitur a sociis in light of its association with the words “audio-visual” and “tape recorder” to yield an executive empowerment in respect of in-vehicle entertainment devices only.

2.7 Therefore, in the absence of an empowerment under section 110 of the MV Act in respect of RFID tags, the Impugned Notification of the Central Government is ultra vires the MV Act. Rules that are ultra vires the parent statute for exceeding the limits of subordinate executive power are void.[12] The Impugned Notification is both ultra vires its parent statute and void. In this regard, it is instructive to note that it is settled that void rules neither acquire validity by a subsequent conferment of statutory power nor by their publication in the Official Gazette.[13]

III Constitutional Implications regarding Privacy

3.1 Across the world, RFID technology has been challenged on the basis of its intrusion into personal privacy. RFID tags operate on a pre-determined radio frequency; and, unless the tags are programmed to rapidly, constantly and randomly switch frequencies or are able to jam unauthorised queries – an extremely expensive proposition, RFID signals can be easily intercepted. The interception a vehicle’s RFID signals, whether by public authorities or by private persons, can yield detailed locational information of the driver of the vehicle. This is an unwarranted intrusion into the locational privacy of individuals.

3.2 Locational privacy is an intrinsic part of the right to privacy. An intrusion into this right, such as in the form of mandatory RFID tags on vehicles, will reveal information as to inter alia a person’s whereabouts and daily routine as well as addresses of friends’ houses, visits to the hospital, visits to a place of worship, restaurant preferences, addresses of children’s schools and so on. This will affect ordinary citizens, politicians and civil servants equally. All this information will be at the hands of the police. To place the power of tracking and monitoring ordinary individuals with the police, when such technology is not even available with intelligence agencies, would be an act of recklessness. This is compounded by the total lack of safeguards accompanying the attempted imposition of RFID technology.

3.3 Following the Kharak Singh[14] and Gobind[15] cases, the locational privacy of individuals, specifically in relation to their privacy from the police, is constitutionally protected.[16] It is now accepted that privacy is an essential ingredient of personal liberty forming a part of the right recognised under Article 21 of the Constitution. It is further settled that the personal liberty of an individual cannot be taken away except by a law that establishes a procedure that is fair, just and reasonable that withstands the tests of Article 14 and Article 19 of the Constitution.[17]The Impugned Notification, while constituting a “law” under Article 13 of the Constitution, does not create a fair, just and reasonable procedure to deprive individuals of their personal liberty and therefore fails the tests imposed by Maneka Gandhi. Therefore, the Impugned Notification, even if it were not void for want of competence, would be ultra vires the Constitution for violating Article 21.[18]

IV Summary

4.1 In sum:

(a) Section 110 of the MV Act does not bestow on the Central Government a specific empowerment to make rules in respect of RFID tags;
(b) The Impugned Notification exceeds the delegated limits of the Central Government’s subordinate executive power;
(c) The Impugned Notification is ultra vires the MV Act, its parent statute;
(d) Rules that are ultra vires the parent statute for exceeding the limits of subordinate executive power are void;
(e) The Impugned Notification is void;
(f)   The imposition of mandatory RFID tags on vehicles will yield locational information to seriously invade the right to privacy;
(g) The right to privacy is an essential ingredient of personal liberty and is constitutionally protected;
(h) The Impugned Notification violates the right to privacy without creating a fair, just and reasonable procedure to deprive persons of their personal liberty;
(i)   The Impugned Notification is ultra vires the Constitution for violating Article 21;
(j)   Any rule that mandates RFID tags on vehicles to violate the right to privacy is void ab initio.

[1]. Article 73 of the Constitution of India.
[2]. Ram Jawaya Kapur AIR 1955 SC 549.
[3]. Ibid at prs. 12-14.
[4]. See generally, In re Delhi Laws Act AIR 1951 SC 332, Harishankar Bagla AIR 1954 SC 465, Rajnarain Singh AIR 1954 SC 569 and Edward Mills AIR 1955 SC 25.
[5]. See Articles 256 and 257 of the Constitution and State of Rajasthan (1977) 3 SCC 592.
[6]. Bishamber Dayal (1982) 1 SCC 39 at pr. 20.
[7]. Bharat Coking Coal (1990) 4 SCC 557 at prs. 15-17.
[8].Article 253 of the Constitution.
[9]. Article 162 of the Constitution.
[10]. See In re Delhi Laws Act AIR 1951 SC 332, State of Bihar (2000) 4 SCC 640, Shri Sitaram Sugar (1990) 3 SCC 223 [all Constitution Benches], Ramakrishnan Kulwant Rai 1989 Supp (1) SCC 541, K. M. Charia Abdullah (1965) 1 SCR 601, Charanjit Gill (2000) 5 SCC 742, ADM (Rev.) Delhi Administration (2000) 5 SCC 451 and State of Karnataka (1983) 2 SCC 402.
[11]. For foundational Indian case law on the principle of noscitur a sociis, see generally, M. K. Ranganathan AIR 1955 SC 604, Hospital Mazdoor Sabha AIR 1960 SC 110 and Corporation of the City of Nagpur AIR 1960 SC 675.
[12]. See Supreme Court Welfare Association (1989) 4 SCC 187 and State of Karnataka (1983) 2 SCC 402.
[35]. General Officer Commanding-in-Chief (1988) 2 SCC 351 at prs. 12-14.
[14]. Kharak Singh AIR 1963 SC 1295. The majority, speaking through Ayyangar, J., found that ‘domiciliary visits’ conducted by the police in exercise of powers granted under police regulations violated Article 21 of the Constitution; and, the minority speaking through Subba Rao, J., found that both secret police picketing (as to the location of individuals) and domiciliary visits violated both Article 21 and Article 19(1)(d) of the Constitution.
[15]. Gobind (1975) 2 SCC 148.
[16]. For a jurisprudential development of the right to privacy in India, see generally Kharak Singh AIR 1963 SC 1295, R. M. Malkani (1973) 1 SCC 471, Gobind (1975) 2 SCC 148, R. Rajagopal (1994) 6 SCC 632, People’s Union for Civil Liberties (1997) 1 SCC 301, Mr ‘X’ (1998) 8 SCC 296, Canara Bank (2005) 1 SCC 496, Bharat Shah (2008) 13 SCC 5, Naz Foundation (2009) 160 DLT 277, Selvi (2010) 7 SCC 263 and Ram Jethmalani (2011) 8 SCC 1.
[17]. Maneka Gandhi (1978) 1 SCC 248 at prs. 4-14 (per Bhagwati, Untwalia and Fazal Ali, JJ.), 48-49 (per Chandrachud, J.), 62-78 and 79-91 (per Krishna Iyer, J.) and 192-199, 201, 203 and 211-215 (per Beg, CJI.)
[18]. In this regard, see also Supreme Court Welfare Association (1989) 4 SCC 187 and N. Bakshi 1962 Supp (1) SCR 505 for the proposition that rules violating the Constitution are void ab initio.

For more details visit https://cis-india.org/internet-governance/blog/comments-on-motor-vehicle-rules

The Humpty-Dumpty Censorship of Television in India

bhairav — 2015-11-29T08:37:53Z

The Modi government’s attack on Sathiyam TV is another manifestation of the Indian state’s paranoia of the medium of film and television, and consequently, the irrational controlling impulse of the law.

The article originally published in the Wire on September 8, 2015 was also mirrored on the website Free Speech/Privacy/Technology.

It is tempting to think of the Ministry of Information and Broadcasting’s (MIB) attack on Sathiyam TV solely as another authoritarian exhibition of Prime Minister Narendra Modi’s government’s intolerance of criticism and dissent. It certainly is. But it is also another manifestation of the Indian state’s paranoia of the medium of film and television, and consequently, the irrational controlling impulse of the law.

Sathiyam TV’s transgressions

Sathiyam’s transgressions began more than a year ago, on May 9, 2014, when it broadcast a preacher saying of an unnamed person: “Oh Lord! Remove this satanic person from the world!” The preacher also allegedly claimed this “dreadful person” was threatening Christianity. This, the MIB reticently claims, “appeared to be targeting a political leader”, referring presumably to Prime Minister Modi, to “potentially give rise to a communally sensitive situation and incite the public to violent tendencies.”

The MIB was also offended by a “senior journalist” who, on the same day, participated in a non-religious news discussion to allegedly claim Modi “engineered crowds at his rallies” and used “his oratorical skills to make people believe his false statements”. According to the MIB, this was defamatory and “appeared to malign and slander the Prime Minister which was repugnant to (his) esteemed office”.

For these two incidents, Sathiyam was served a show-cause notice on 16 December 2014 which it responded to the next day, denying the MIB’s claims. Sathiyam was heard in-person by a committee of bureaucrats on 6 February 2015. On 12 May 2015, the MIB handed Sathiyam an official an official “Warning” which appears to be unsupported by law. Sathiyam moved the Delhi High Court to challenge this.

As Sathiyam sought judicial protection, the MIB issued the channel a second warning August 26, 2016 citing three more objectionable news broadcasts of: a child being subjected to cruelty by a traditional healer in Assam; a gun murder inside a government hospital in Madhya Pradesh; and, a self-immolating man rushing the dais at a BJP rally in Telangana. All three news items were carried by other news channels and websites.

Governing communications

Most news providers use multiple media to transmit their content and suffer from complex and confusing regulation. Cable television is one such medium, so is the Internet; both media swiftly evolve to follow technological change. As the law struggles to keep up, governmental anxiety at the inability to perfectly control this vast field of speech and expression frequently expresses itself through acts of overreach and censorship.

In the newly-liberalised media landscape of the early 1990s, cable television sprang up in a legal vacuum. Doordarshan, the sole broadcaster, flourished in the Centre’s constitutionally-sanctioned monopoly of broadcasting which was only broken by the Supreme Court in 1995. The same year, Parliament enacted the Cable Television Networks (Regulation) Act, 1995 (“Cable TV Act”) to create a licence regime to control cable television channels. The Cable TV Act is supplemented by the Cable Television Network Rules, 1994 (“Cable Rules”).

The state’s disquiet with communications technology is a recurring motif in modern Indian history. When the first telegraph line was laid in India, the colonial state was quick to recognize its potential for transmitting subversive speech and responded with strict controls. The fourth iteration of the telegraph law represents the colonial government’s perfection of the architecture of control. This law is the Indian Telegraph Act, 1885, which continues to dominate communications governance in India today including, following a directive in 2004, broadcasting.

Vague and arbitrary law

The Cable TV Act requires cable news channels such as Sathiyam to obey a list of restrictions on content that is contained in the Cable Rules (“Programme Code“). Failure to conform to the Programme Code can result in seizure of equipment and imprisonment; but, more importantly, creates the momentum necessary to invoke the broad powers of censorship to ban a programme, channel, or even the cable operator. But the Programme Code is littered with vague phrases and undefined terms that can mean anything the government wants them to mean.

By its first warning of May 12, 2015, the MIB claimed Sathiyam violated four rules in the Programme Code. These include rule 6(1)(c) which bans visuals or words “which promote communal attitudes”; rule 6(1)(d) which bans “deliberate, false and suggestive innuendos and half-truths”; rule 6(1)(e) which bans anything “which promotes anti-national attitudes”; and, rule 6(1)(i) which bans anything that “criticises, maligns or slanders any…person or…groups, segments of social, public and moral life of the country” (sic).

The rest of the Programme Code is no less imprecise. It proscribes content that “offends against good taste” and “reflects a slandering, ironical and snobbish attitude” against communities. On the face of it, several provisions of the Programme Code travel beyond the permissible restrictions on free speech listed in Article 19(2) of the Constitution to question their validity. The fiasco of implementing the vague provisions of the erstwhile section 66A of the Information Technology Act, 2000 is a recent reminder of the dangers presented by poorly-drafted censorship law – which is why it was struck down by the Supreme Court for infringing the right to free speech. The Programme Code is an older creation, it has simply evaded scrutiny for two decades.

The arbitrariness of the Programme Code is amplified manifold by the authorities responsible for interpreting and implementing it. An Inter-Ministerial Committee (IMC) of bureaucrats, supposedly a recommendatory body, interprets the Programme Code before the MIB takes action against channels. This is an executive power of censorship that must survive legal and constitutional scrutiny, but has never been subjected to it. Curiously, the courts have shied away from a proper analysis of the Programme Code and the IMC.

Judicial challenges

In 2011, a single judge of the Delhi High Court in the Star India case (2011) was asked to examine the legitimacy of the IMC as well as four separate clauses of the Programme Code including rule 6(1)(i), which has been invoked against Sathiyam. But the judge neatly sidestepped the issues. This feat of judicial adroitness was made possible by the crass indecency of the content in question, which could be reasonably restricted. Since the show clearly attracted at least one ground of legitimate censorship, the judge saw no cause to examine the other provisions of the Programme Code or even the composition of the IMC.

This judicial restraint has proved detrimental. In May 2013, another single judge of the Delhi High Court, who was asked by Comedy Central to adjudge the validity of the IMC’s decision-making process, relied on Star India (2011) to uphold the MIB’s action against the channel. The channel’s appeal to the Supreme Court is currently pending. If the Supreme Court decides to examine the validity of the IMC, the Delhi High Court may put aside Sathiyam’s petition to wait for legal clarity.

As it happens, in the Shreya Singhal case (2015) that struck down section 66A of the IT Act, the Supreme Court has an excellent precedent to follow to demand clarity and precision from the Programme Code, perhaps even strike it down, as well as due process from the MIB. On the accusation of defaming the Prime Minister, probably the only clearly stated objection by the MIB, the Supreme Court’s past law is clear: public servants cannot, for non-personal acts, claim defamation.

Censorship by blunt force

Beyond the IMC’s advisories and warnings, the Cable TV Act contains two broad powers of censorship. The first empowerment in section 19 enables a government official to ban any programme or channel if it fails to comply with the Programme Code or, “if it is likely to promote, on grounds of religion, race, language, caste or community or any other ground whatsoever, disharmony or feelings of enmity, hatred or ill-will between different religious, racial, linguistic or regional groups or castes or communities or which is likely to disturb the public tranquility.”

The second empowerment is much wider. Section 20 of the Cable TV Act permits the Central Government to ban an entire cable television operator, as opposed to a single channel or programmes within channels, if it “thinks it necessary or expedient so to do in public interest”. No reasons need be given and no grounds need be considered. Such a blunt use of force creates an overwhelming power of censorship. It is not a coincidence that section 20 resembles some provisions of nineteenth-century telegraph laws, which were designed to enable the colonial state to control the flow of information to its native subjects.

A manual for television bans

Film and television have always attracted political attention and state censorship. In 1970, Justice Hidayatullah of the Supreme Court explained why: “It has been almost universally recognised that the treatment of motion pictures must be different from that of other forms of art and expression. This arises from the instant appeal of the motion picture… The motion picture is able to stir up emotions more deeply than any other product of art.”

Within this historical narrative of censorship, television regulation is relatively new. Past governments have also been quick to threaten censorship for attacking an incumbent Prime Minister. There seems to be a pan-governmental consensus that senior political leaders ought to be beyond reproach, irrespective of their words and deeds.

But on what grounds could the state justify these bans? Lord Atkins’ celebrated war-time dissent in Liversidge (1941) offers an unlikely answer:

“When I use a word,’ Humpty Dumpty said in rather a scornful tone, ‘it means just what I choose it to mean – neither more nor less.’”

For more details visit https://cis-india.org/internet-governance/blog/the-wire-bhairav-acharya-humpty-dumpty-censorship-of-tv-in-india

Free Speech Policy in India: Community, Custom, Censorship, and the Future of Internet Regulation

bhairav — 2015-08-23T10:12:16Z

This note summarises my panel contribution to the conference on Freedom of Expression in a Digital Age at New Delhi on 21 April 2015, which was organised by the Observer Research Foundation (ORF) and the Centre for Internet and Society (CIS) in collaboration with the Internet Policy Observatory of the Center for Global Communication Studies (CGCS) at the Annenberg School for Communication, University of Pennsylvania

Download the Note here (PDF, 103 Kb)

Preliminary

There has been legitimate happiness among many in India at the Supreme Court’s recent decision in the Shreya Singhal case to strike down section 66A of the Information Technology Act, 2000 ("IT Act") for unconstitutionally fettering the right to free speech on the Internet. The judgment is indeed welcome, and reaffirms the Supreme Court’s proud record of defending the freedom of speech, although it declined to interfere with the government’s stringent powers of website blocking. As the dust settles there are reports the government is re-grouping to introduce fresh law, allegedly stronger to secure easier convictions, to compensate the government’s defeat.

Case Law and Government Policy

India’s constitutional courts have a varied history of negotiating the freedom of speech that justifiably demands study. But, in my opinion, inadequate attention is directed to the government’s history of free speech policy. It is possible to discern from the government’s actions over the last two centuries a relatively consistent narrative of governance that seeks to bend the individual’s right to speech to its will. The defining characteristics of this narrative – the government’s free speech policy – emerge from a study of executive and legislative decisions chiefly in relation to the press, that continue to shape policy regarding the freedom of expression on the Internet.

India’s corpus of free speech case law is not uniform nor can it be since, for instance, the foundational issues that attend hate speech are quite different from those that inform contempt of court. So too, Indian free speech policy has been varied, captive to political compulsions and disparate views regarding the interests of the community, governance and nation-building. There has been consistent tension between the individual and the community, as well as the role of the government in enforcing the expectations of the community when thwarted by law.

Dichotomy between Modern and Native Law

To understand free speech policy, it is useful to go back to the early colonial period in India, when Governor-General Warren Hastings established a system of courts in Bengal’s hinterland to begin the long process of displacing traditional law to create a modern legal system. By most accounts, pre-modern Indian law was not prescriptive, Austinian, and uniform. Instead, there were several legal systems and a variety of competing and complementary legal sources that supported different interpretations of law within most legal systems. J. Duncan M. Derrett notes that the colonial expropriation of Indian law was marked by a significant tension caused by the repeatedly-stated objective of preserving some fields of native law to create a dichotomous legal structure. These efforts were assisted by orientalist jurists such as Henry Thomas Colebrook whose interpretation of the dharmasastras heralded a new stage in the evolution of Hindu law.

In this background, it is not surprising that Elijah Impey, a close associate of Hastings, simultaneously served as the first Chief Justice of the Supreme Court at Fort William while overseeing the Sadr Diwani Adalat, a civil court applying Anglo-Hindu law for Hindus, and the Sadr Faujdari Adalat, a criminal court applying Anglo-Islamic law to all natives. By the mid-nineteenth century, this dual system came under strain in the face of increasing colonial pressure to rationalise the legal system to ensure more effective governance, and native protest at the perceived insensitivity of the colonial government to local customs.

Criminal Law and Free Speech in the Colony

In 1837, Thomas Macaulay wrote the first draft of a new comprehensive criminal law to replace indigenous law and custom with statutory modern law. When it was enacted as the Indian Penal Code in 1860 ("IPC"), it represented the apogee of the new colonial effort to recreate the common law in India. The IPC’s enactment coincided with the growth and spread of both the press and popular protest in India. The statute contained the entire gamut of public-order and community-interest crimes to punish unlawful assembly, rioting, affray, wanton provocation, public nuisance, obscenity, defiling a place of worship, disturbing a religious assembly, wounding religious feelings, and so on. It also criminalised private offences such as causing insult, annoyance, and intimidation. These crimes continue to be invoked in India today to silence individual opinion and free speech, including on the Internet. Section 66A of the IT Act utilised a very similar vocabulary of censorship.

Interestingly, Macaulay’s IPC did not feature the common law offences of sedition and blasphemy or the peculiar Indian crime of promoting inter-community enmity; these were added later. Sedition was criminalised by section 124A at the insistence of Barnes Peacock and applied successfully against Indian nationalist leaders including Bal Gangadhar Tilak in 1897 and 1909, and Mohandas Gandhi in 1922. In 1898, the IPC was amended again to incorporate section 153A to criminalise the promotion of enmity between different communities by words or deeds. And, in 1927, a more controversial amendment inserted section 295A into the IPC to criminalise blasphemy. All three offences have been recently used in India against writers, bloggers, professors, and ordinary citizens.

Loss of the Right to Offend

The two amendments of 1898 and 1927, which together proscribed the promotion of inter-community enmity and blasphemy, represent the dismantling of the right to offend in India. But, oddly, they were defended by the colonial government in the interests of native sensibilities. The proceedings of the Imperial Legislative Council reveal several members, including Indians, were enthusiastic about the amendments. For some, the amendments were a necessary corrective action to protect community honour from subversive speech. The 1920s were a period of foment in India as the freedom movement intensified and communal tension mounted. In this environment, it was easy to fuse the colonial interest in strong administration with a nationalist narrative that demanded the retrieval of Indian custom to protect native sensibilities from being offended by individual free speech, a right derived from modern European law. No authoritative jurist could be summoned to prove or refute the claim that native custom privileged community honour.

Sadly the specific incident which galvanised the amendment of 1927, which established the crime of blasphemy in India, would not appear unfamiliar to a contemporary observer. Mahashay Rajpal, an Arya Samaj activist, published an offensive pamphlet of the Prophet Muhammad titled Rangeela Rasool, for which he was arrested and tried but acquitted in the absence of specific blasphemy provisions. With his speech being found legal, Rajpal was released and given police protection but Ilam Din, a Muslim youth, stabbed him to death. Instead of supporting its criminal law and strengthening its police forces to implement the decisions of its courts, the colonial administration surrendered to the threat of public disorder and enacted section 295A of the IPC.

Protest and Community Honour

The amendment of 1927 marks an important point of rupture in the history of Indian free speech. It demonstrated the government’s policy intention of overturning the courts to restrict the individual’s right to speech when faced with public protest. In this way, the combination of public disorder and the newly-created crimes of promoting inter-community enmity and blasphemy opened the way for the criminal justice system to be used as a tool by natives to settle their socio-cultural disputes. Both these crimes address group offence; they do not redress individual grievances. In so far as they are designed to endorse group honour, these crimes signify the community’s attempt to suborn modern law and individual rights.

Almost a century later, the Rangeela Rasool affair has become the depressing template for illegal censorship in India: fringe groups take offence at permissible speech, crowds are marshalled to articulate an imagined grievance, and the government capitulates to the threat of violence. This formula has become so entrenched that governance has grown reflexively suppressive, quick to silence speech even before the perpetrators of lumpen violence can receive affront. This is especially true of online speech, where censorship is driven by the additional anxiety brought by the difficulty of Internet regulation. In this race to be offended the government plays the parochial referee, acting to protect indigenous sensibilities from subversive but legal speech.

The Censorious Post-colony

Independence marked an opportunity to remake Indian governance in a freer image. The Constituent Assembly had resolved not to curb the freedom of speech in Article 19(1)(a) of the Constitution on account of public order. In two cases from opposite ends of the country where right-wing and left-wing speech were punished by local governments on public order grounds, the Supreme Court acted on the Constituent Assembly’s vision and struck down the laws in question. Free speech, it appeared, would survive administrative concerns, thanks to the guarantee of a new constitution and an independent judiciary. Instead Prime Minister Jawaharlal Nehru and his cabinet responded with the First Amendment in 1951, merely a year after the Constitution was enacted, to create three new grounds of censorship, including public order. In 1963, a year before he demitted office, the Sixteenth Amendment added an additional restriction.

Nehru did not stop at amending the Constitution, he followed shortly after with a concerted attempt to stage-manage the press by de-legitimising certain kinds of permissible speech.

Under Justice G. S. Rajadhyaksha, the government constituted the First Press Commission which attacked yellow journalism, seemingly a sincere concern, but included permissible albeit condemnable speech that was directed at communities, indecent or vulgar, and biased. Significantly, the Commission expected the press to only publish speech that conformed to the developmental and social objectives of the government. In other words, Nehru wanted the press to support his vision of India and used the imperative of nation-building to achieve this goal. So, the individual right to offend communities was taken away by law and policy, and speech that dissented from the government’s socio-economic and political agenda was discouraged by policy. Coupled with the new constitutional ground of censorship on account of public order, the career of free speech in independent India began uncertainly.

How to regulate permissible speech?

Despite the many restrictions imposed by law on free speech, Indian free speech policy has long been engaged with the question of how to regulate the permissible speech that survives constitutional scrutiny. This was significantly easier in colonial India. In 1799, Governor-General Richard Wellesley, the brother of the famous Duke of Wellington who defeated Napoleon at Waterloo, instituted a pre-censorship system to create what Rajeev Dhavan calls a “press by permission” marked by licensed publications, prior restraint, subsequent censorship, and harsh penalties. A new colonial regime for strict control over the publication of free speech was enacted in the form of the Press and Registration of Books Act, 1867, the preamble of which recognises that “the literature of a country is…an index of…the condition of [its] people”. The 1867 Act was diluted after independence but still remains alive in the form of the Registrar of Newspapers.

After surviving Indira Gandhi’s demand for a committed press and the depredations of her regime during the Emergency, India’s press underwent the examination of the Second Press Commission. This was appointed in 1978 under the chairmanship of Justice P. K. Goswami, a year after the Janata government released the famous White Paper on Misuse of Mass Media. When Gandhi returned to power, Justice Goswami resigned and the Commission was reconstituted under Justice K. K. Mathew. In 1982, the Commission’s report endorsed the earlier First Press Commission’s call for conformist speech, but went further by proposing the appointment of a press regulator invested with inspection powers; criminalising attacks on the government; re-interpreting defamation law to encompass democratic criticism of public servants; retaining stringent official secrecy law; and more. It was quickly acted upon by Rajiv Gandhi through his infamous Defamation Bill.

The contours of future Internet regulation

The juggernaut of Indian free speech policy has received temporary setbacks, mostly inflicted by the Supreme Court. Past experience shows us that governments with strong majorities – whether Jawaharlal Nehru’s following independence or Indira Gandhi’s in the 1970s – act on their administrative impulses to impede free speech by government policy. The Internet is a recent and uncontrollable medium of speech that attracts disproportionately heavy regulatory attention. Section 66A of the IT Act may be dead but several other provisions remain to harass and punish online free speech. Far from relaxing its grip on divergent opinions, the government appears poised for more incisive invasions of personal freedoms.

I do not believe the contours of future speech regulation on the Internet need to be guessed at, they can be derived from the last two centuries of India’s free speech policy. When section 66A is replaced – and it will be, whether overtly by fresh statutory provisions or stealthily by policy and non-justiciable committees and commissions – it will be through a regime that obeys the mandate of the First Press Commission to discourage dissenting and divergent speech while adopting the regulatory structures of the Second Press Commission to permit a limited inspector raj and forbid attacks on personalities. The interests of the community, howsoever improperly articulated, will seek precedence over individual freedoms and the accompanying threat of violence will give new meaning to Bhimrao Ambedkar’s warning of the “grammar of anarchy”.

For more details visit https://cis-india.org/internet-governance/blog/policy-in-india-community-custom-censorship-and-future-of-internet-regulation

Free Speech Policy in India: Community, Custom, Censorship, and the Future of Internet Regulation

bhairav — 2015-08-23T10:09:06Z

For more details visit https://cis-india.org/internet-governance/blog/free-speech-policy-in-india.pdf

Net Neutrality and the Law of Common Carriage

bhairav — 2015-08-23T11:09:04Z

Net neutrality makes strange bedfellows. It links the truck operators that dominate India’s highways, such as those that carry vegetables from rural markets to cities, and Internet service providers which perform a more technologically advanced task.

Download PDF

Over the last decade, the truckers have opposed the government’s attempts to impose the obligations of common carriage on them, this has resulted in strikes and temporary price rises; and, in the years ahead, there is likely to be a similar – yet, technologically very different – debate as net neutrality advocates call for an adapted version of common carriage to bind Internet services.

Net neutrality demands a rigorous examination that is not attempted by this short note which, constrained by space, will only briefly trace the law and policy of net neutrality in the US and attempt a brief comparison with the principles of common carriage in India. Net neutrality defies definition. Very simply, the principle demands that Internet users have equal access to all content and applications on the Internet. This can only be achieved if Internet service providers: (i) do not block lawful content; (ii) do not throttle – deliberately slow down or speed up access to selected content; (iii) do not prioritise certain content over others for monetary gain; and, (iv) are transparent in their management of the networks by which data flows.

Almost exactly a year ago, the District of Columbia Circuit Court of Appeals – a senior court below the US Supreme Court – struck down portions of the ‘Open Internet Order’ that was issued by the Federal Communications Commission (FCC) in 2010. Although sound in law, the Court’s verdict impeded net neutrality to raise crucial questions regarding common carriage, free speech, competition, and others. More recently, Airtel’s announcement of its decision to charge certain end-users for VoIP services – subsequently suspended pending a policy decision from the Telecom Regulatory Authority of India (TRAI) – has fuelled the net neutrality debate in India.

Because of its innovative technological history in relation to the Internet, the US has pioneered many legal attempts to regulate the Internet in respect of net neutrality. In 1980, when Internet data flowed through telephone lines, the FCC issued the ‘Computer II’ regime which distinguished basic services from enhanced services. The difference between the two turned on the nature of the transmission. Regular telephone calls involved a pure transmission of data and were hence classified as basic services. On the other hand, access to the Internet required the processing of user data through computers; these were classified as enhanced services. Importantly, because of their essential nature, the Computer II rules bound basic services providers to the obligations of common carriage whereas enhanced services providers were not.

What is common carriage? Common law countries share a unique heritage in respect of their law governing the transport of goods and people. Those that perform such transport are called carriers. The law makes a distinction between common carriers and other carriers. A carrier becomes a common carrier when it “holds itself out” to the public as willing to transport people or goods for compensation. The act of holding out is simply a public communication of an offer to transport, it may be fulfilled even by an advertisement. The four defining elements of a common carrier are (i) a holding out of a willingness (a public undertaking) (ii) to transport persons or property (iii) from place to place (iv) for compensation.

Common carriers discharge a public trust. By virtue of their unique position and essential function, they are required to serve their customers equally and without discrimination. The law of carriage of goods and people places four broad duties upon common carriers. Firstly, common carriers are bound to carry everyone’s goods or all people and cannot refuse such carriage unless certain strict conditions are met. Secondly, common carriers must perform their carriage safely without deviating from accepted routes unless in exceptional circumstances. Thirdly, common carriers must obey the timeliness of their schedules, they must be on time. And, lastly, common carriers must assume liabilities for the loss or damages of goods, or death or injuries to people, during carriage.

The Computer II regime was issued under a telecommunications law of 1934 which retained the classical markers and duties of common carriers. The law extended the principles of common carriage to telephone services providers. In 1980, when the regime was introduced, the FCC did not invest Internet services with the same degree of essence and public trust; hence, enhanced services escaped strict regulation. However, the FCC did require that basic services and enhanced services be offered through separate entities, and that basic services providers that operated the ‘last-mile’ wired transmission infrastructure to users offer these facilities to enhanced services providers on a common carrier basis.

In 1996, the new Telecommunications Act revisited US law after more than sixty years. The new dispensation maintained the broad structure of the Computer II regime: it recognised telecommunications carriers in place of basic services providers, and information-services providers in place of enhanced services. Carriers in the industry had already converged telephone and Internet communications as a single service. Hence, when a user engaged a carrier that provided telephone and broadband Internet services, the classification of the carrier would depend on the service being accessed. When a carrier provided broadband Internet access, it was an information-services provider (not a telecommunications carrier) and vice versa. Again, telecommunications carriers were subjected to stricter regulations and liability resembling common carriage.

In 1998, the provision of broadband Internet over wired telephone lines through DSL technologies was determined to be a pure transmission and hence a telecommunications service warranting common carriage regulation. However, in 2002, the FCC issued the ‘Cable Broadband Order’ that treated the provision of cable broadband through last-mile wired telephone transmission networks as a single and integrated information service. This exempted most cable broadband from the duties of common carriage. This policy was challenged in the US Supreme Court in 2005 in the Brand X case and upheld.

Significantly, the decision in the Brand X case was not made on technological merits. The case arose when a small ISP that had hitherto used regular telephone lines to transmit data wanted equal access to the coaxial cables of the broadcasting majors on the basis of common carriage. Instead of making a finding on the status of cable broadband providers based on the four elements of common carriage, the Court employed an administrative law principle of deferring to the decisions of an expert technical regulator – known as the Chevron deference principle – to rule against the small ISP. Thereafter wireless and mobile broadband were also declared to be information services and saved from the application of common carriage law.

Taking advantage of this exemption from common carriage which released broadband providers from the duty of equal access and anti-discrimination, Comcast began from 2007 to degrade P2P data flows to its users. This throttling was reported to the FCC which responded with the 2008 ‘Comcast Order’ to demand equal and transparent transmission from Comcast. Instead, Comcast took the FCC to court. In 2010, the Comcast Order was struck down by the DC Circuit Court of Appeals. And, again, the decision in the Comcast case was made on an administrative law principle, not on technological merits.

In the Comcast case, the Court said that as long as the FCC treated broadband Internet access as an information service it could not enforce an anti-discrimination order against Comcast. This is because the duty of anti-discrimination attached only to common carriers which the FCC applied to telecommunications carriers. Following the Comcast case, the FCC began to consider reclassifying broadband Internet providers as telecommunications carriers.

However, in the 2010 ‘Open Internet Order’, the FCC attempted a different regulatory approach. Instead of a classification based on common carriage, the new rules recognised two types of Internet service providers: (i) fixed providers, which transmitted to homes, and, (ii) mobile providers, which were accessed by smartphones. The rules required both types of providers to ensure transparency in network management, disallowed blocking of lawful content, and re-imposed the anti-discrimination requirement to forbid prioritised access or throttling of certain content.

Before they were even brought into effect, Verizon challenged the Open Internet Order in the same court that delivered the Comcast judgement. The decision of the Court is pending. Meanwhile, in India, Airtel’s rollback of its announcement to charge its pre-paid mobile phone users more for VoIP services raises very similar questions. Like the common law world, India already extends the principles of common carriage to telecommunications. Indian jurisprudence also sustains the distinction between common carriage and private carriage, and applies an anti-discrimination requirement to telecommunications providers through a licensing regime.

TRAI must decide if it wants to continue this distinction. No doubt, the provision of communications services through telephone and the Internet serves an eminent public good. It was on this basis that President Obama called on the FCC to reclassify broadband Internet providers as common carriers. Telecommunications carriers, such as Airtel, might argue that they have expended large sums of money on network infrastructure that is undermined by the use of high-bandwidth free VoIP applications, and that the law of common carriage must recognise this fact. And still others call for a new approach to net neutrality outside the dichotomy of common and private carriage. Whatever the solution, it must be reached by widespread engagement and participation, for Internet access – as the government’s Digital India project is aware – serves public interest.

For more details visit https://cis-india.org/internet-governance/blog/net-neutrality-and-law-of-common-carriage

Privacy, Autonomy, and Sexual Choice: The Common Law Recognition of Homosexuality

bhairav — 2015-08-23T12:20:52Z

In the last few decades, all major common law jurisdictions have decriminalised non-procreative sex – oral and anal sex (sodomy) – to allow private, consensual, and non-commercial homosexual intercourse.

Download PDF

Anti-sodomy statutes across the world, often drafted in the same anachronistic vein as section 377 of the Indian Penal Code, 1860 (“IPC”), have either been repealed or struck down on the grounds that they invade individual privacy and are detrimentally discriminative against homosexual people.

This is not an examination of India’s laws against homosexuality, it does not review the Supreme Court of India’s judgment in Suresh Koushal v. Naz Foundation (2014) 1 SCC 1 nor the Delhi High Court’s judgment in Naz Foundation v. Government of NCT Delhi 2009 (160) DLT 277, which the former overturned – in my view, wrongly. This note simply provides a legal history of the decriminalisation of non-procreative sexual activity in the United Kingdom and the United States. Same-sex marriage is also not examined.

In the United Kingdom

The Wolfenden Report

In England, following a campaign of arrests of non-heterosexual persons and subsequent protests in the 1950s, the government responded to public dissatisfaction by appointing the Departmental Committee on Homosexual Offences and Prostitution chaired by John Frederick Wolfenden. The report of this committee (“Wolfenden Report”) was published in 1957 and recommended that:

“…homosexual behaviour between consenting adults in private should no longer be a criminal offence.”

The Report further observed that it was not the function of a State to punitively scrutinise the private lives of its citizens:

“(T)he law’s function is to preserve public order and decency, to protect the citizen from what is offensive or injurious, and to provide sufficient safeguards against exploitation and corruption of others… It is not, in our view, the function of the law to intervene in the private life of citizens, or to seek to enforce any particular pattern of behaviour.”

The Sexual Offences Act, 1967

The Wolfenden Report was accepted and, in its pursuance, the Sexual Offences Act, 1967 was enacted to, for the first time in common law jurisdictions, partially decriminalise homosexual activity – described in English law as ‘buggery’ or anal sex between males.
Section 1(1) of the original Sexual Offences Act, as notified on 27 July 1967 stated –
"Notwithstanding any statutory or common law provision, but subject to the provisions of the next following section, a homosexual act in private shall not be an offence provided that the parties consent thereto and have attained the age of twenty one years."
A ‘homosexual act’ was defined in section 1(7) as –
“For the purposes of this section a man shall be treated as doing a homosexual act if, and only if, he commits buggery with another man or commits an act of gross indecency with another man or is a party to the commission by a man of such an act.”
The meaning of ‘private’ was also set forth rather strictly in section 1(2) –
“An act which would otherwise be treated for the purposes of this Act as being done in private shall not be so treated if done –
(a) when more than two persons take part or are present; or
(b) in a lavatory to which the public have or are permitted to have access, whether on
payment or otherwise.”
Hence, by 1967, English law permitted:

as between two men,
both twenty-one years or older,
anal sex (buggery),
and other sexual activity (“gross indecency”)
if, and only if, a strict prescription of privacy was maintained,
that excluded even a non-participating third party from being present,
and restricted the traditional conception of public space to exclude even lavatories.

However, the benefit of Section 1 of the Sexual Offences Act, 1967 did not extend beyond England and Wales; to mentally unsound persons; members of the armed forces; merchant ships; and, members of merchant ships whether on land or otherwise.

Developments in Scotland and Northern Ireland

Over the years, the restrictions in the original Sexual Offences Act, 1967 were lifted. In 1980, the Criminal Justice (Scotland) Act, 1980 partially decriminalised homosexual activity in Scotland on the same lines that the Act of 1967 did for England and Wales. One year later, in 1981, an Irishman Jeffrey Dudgeon successfully challenged the continued criminalisation of homosexuality in Northern Ireland before the European Court of Human Rights (“ECHR”) in the case of Dudgeon v. United Kingdom (1981) 4 EHRR 149. Interestingly, Dudgeon was not decided on the basis of detrimental discrimination or inequality, but on the ground that the continued illegality of homosexuality violated the petitioner’s right to privacy guaranteed by Article 8 of the 1950 European Convention on Human Rights (“European Convention”). In a 15-4 majority judgement, the ECHR found that “…moral attitudes towards male homosexuality…cannot…warrant interfering with the applicant’s private life…” Following Dudgeon, the Homosexual Offences (Northern Ireland) Order, 1982 came into effect; and with it, brought some semblance of uniformity in the sodomy laws of the United Kingdom.

Equalising the age of consent

However, protests continued against the unequal age of consent required for consensual homosexual sex (21 years) as opposed to that for heterosexual sex (16 years). In 1979, a government policy advisory recommended that the age of consent for homosexual sex be reduced to 18 years – two years older than that for heterosexual sex, but was never acted upon. In 1994, an attempt to statutorily equalise the age of consent at 16 years was defeated in the largely conservative House of Commons although a separate legislative proposal to reduce it to 18 years was carried and enacted under the Criminal Justice and Public Order Act, 1994. Following this, the unequal ages of consent forced a challenge against UK law in the ECHR in 1994; four years later, in Sutherland v. United Kingdom [1998] EHRLR 117, the ECHR found that the unequal age of consent violated Articles 8 and 14 of the European Convention – relating to privacy and discrimination. Sutherland was significant in two ways – it forced the British government to once again introduce legislation to equalise the ages of consent; and, significantly, it affirmed a homosexual human right on the ground of anti-discrimination (as opposed to privacy).

To meet its European Convention commitments, the House of Commons passed, in June 1998, a bill for an equal age of sexual consent but it was rejected by the more conservative House of Lords. In December 1998, the government reintroduced the equal age of consent legislation which again passed the House of Commons and was defeated in the House of Lords. Finally, in 1999, the government invoked the statutory superiority of the House of Commons, reintroduced for the third time the legislation, passed it unilaterally to result in the enactment of the Sexual Offences (Amendment) Act, 2000 that equalised the age of sexual consent for both heterosexuals and homosexuals at 16 years of age.

Uniformity of equality

However, by this time, different UK jurisdictions observed separate legislations regarding homosexual activity. The privacy conditions stipulated in the original Sexual Offences Act, 1967 remained, although they had been subject to varied interpretation by English courts. To resolve this, the UK Parliament enacted the Sexual Offences Act, 2003 which repealed all earlier conflicting legislation, removed the strict privacy conditions attached to homosexual activity and re-drafted sexual offences in a gender neutral manner. A year later, the Civil Partnership Act, 2004 gave same-sex couples the same rights and responsibilities as a civil marriage. And, in 2007, the Equality Act (Sexual Orientation) Regulations came into force to prohibit general discrimination against homosexual persons in the same manner as such prohibition exists in respect of grounds of race, religion, disability, sex and so on.

In the United States

Diversity of state laws

Sodomy laws in the United States of America have followed a different trajectory. A different political and legal system leaves individual US States with wide powers to draft and follow their own constitutions and laws. Accordingly, by 1961 all US States had their own individual anti-sodomy laws, with different definitions of sodomy and homosexuality. In 1962, Illinois became the first US State to repeal its anti-sodomy law. Many States followed suit over the next decades including Connecticut (1971); Colorado and Oregon (1972); Delaware, Hawaii and North Dakota (1973); Ohio (1974); New Hampshire and New Mexico (1975); California, Maine, Washington and West Virginia (1976); Indiana, South Dakota, Wyoming and Vermont (1977); Iowa and Nebraska (1978); New Jersey (1979); Alaska (1980); and, Wisconsin (1983).

Bowers v. Hardwick

However, not all States repealed their anti-sodomy laws. Georgia was one such State that retained a statutory bar to any oral or anal sex between any persons of any sex contained in Georgia Code Annotated §16-6-2 (1984) (“Georgia statute”) which provided, in pertinent part, as follows:

“(a) A person commits the offense of sodomy when he performs or submits to any sexual act involving the sex organs of one person and the mouth or anus of another… (b) A person convicted of the offense of sodomy shall be punished by imprisonment for not less than one nor more than 20 years”

In 1982, a police officer arrested Michael Hardwick in his bedroom for sodomy, an offence which carried a prison sentence of up to twenty years. His case went all the way up to the US Supreme Court which, in 1986, pronounced its judgement in Bowers v. Hardwick 478 US 186 (1986). Although the Georgia statute was framed broadly to include even heterosexual sodomy (anal or oral sex between a man and a woman or two women) within its ambit of prohibited activity, the Court chose to frame the issue at hand rather narrowly. Justice Byron White, speaking for the majority, observed at the outset –

“This case does not require a judgment on whether laws against sodomy between consenting adults in general, or between homosexuals in particular, are wise or
desirable. It raises no question about the right or propriety of state legislative decisions to repeal their laws that criminalize homosexual sodomy, or of state-court decisions invalidating those laws on state constitutional grounds. The issue presented is whether the Federal Constitution confers a fundamental right upon homosexuals to engage in sodomy…”

Privacy and autonomy

Interestingly, Hardwick’s case against the Georgia statute was not grounded on an equality-discrimination argument (since the Georgia statute prohibited even heterosexual sodomy but was only enforced against homosexuals) but on a privacy argument that sought to privilege and immunise private consensual non-commercial sexual conduct from intrusive State intervention. To support this privacy claim, a long line of cases was relied upon that restricted the State’s ability to intervene in, and so upheld the sanctity of, the home, marriage, procreation, contraception, child rearing and so on [See, Carey v. Population Services 431 US 678 (1977), Pierce v. Society of Sisters 268 US 510 (1925) and Meyer v. Nebraska 262 US 390 (1923) on child rearing and education; Prince v. Massachusetts 321 US 158 (1944) on family relationships; Skinner v. Oklahoma ex rel. Williamson 316 US 535 (1942) on procreation; Loving v. Virginia 388 US 1 (1967) on marriage; Griswold v. Connecticut 381 US 479 (1965) and Eisenstadt v. Baird 405 US 438 (1972) on contraception; and Roe v. Wade 410 US 113 (1973) on abortion]. Further, the Court was pressed to declare a fundamental right to consensual homosexual sodomy by reading it into the Due Process clause of the Fourteenth Amendment to the US Constitution.

The 9-judges Court split 5-4 down the middle to rule against all of Hardwick’s propositions and uphold the constitutionality of the Georgia statute. The Court’s majority agreed that cases cited by Hardwick had indeed evolved a right to privacy, but disagreed that this privacy extended to homosexual persons since “(n)o connection between family, marriage, or procreation on the one hand and homosexual activity on the other has been demonstrated…”. In essence, the Court’s majority held that homosexuality was distinct from procreative human sexual behaviour; that homosexual sex could, by virtue of this distinction, be separately categorised and discriminated against; and, hence, homosexual sex did not qualify for the benefit of intimate privacy protection that was available to heterosexuals. What reason did the Court give to support this discrimination? Justice White speaking for the majority gives us a clue: “Proscriptions against that (homosexual) conduct have ancient roots.” Justice White was joined in his majority judgement by Chief Justice Burger, Justice Powell, Justice Rehnquist and Justice O’Connor. His rationale was underscored by Chief Justice Burger who also wrote a short concurring opinion wherein he claimed:

“Decisions of individuals relating to homosexual conduct have been subject to state intervention throughout the history of Western civilization. Condemnation of those practices is firmly rooted in Judeo-Christian moral and ethical standards. Blackstone described “the infamous crime against nature” as an offense of “deeper malignity” than rape, a heinous act “the very mention of which is a disgrace to human nature,” and “a crime not fit to be named.” … To hold that the act of homosexual sodomy is somehow protected as a fundamental right would be to cast aside millennia of moral teaching.”

The majority’s “wilful blindness”: Blackmun’s dissent

The Court’s dissenting opinion was delivered by Justice Blackmun, in which Justice Brennan, Justice Marshall and Justice Stevens joined. At the outset, the Justice Blackmun disagreed with the issue that was framed by the majority led by Justice White: “This case is (not) about “a fundamental right to engage in homosexual sodomy,” as the Court purports to declare…” and further pointed out that the Georgia statute proscribed not just homosexual sodomy, but oral or anal sex committed by any two persons: “…the Court’s almost obsessive focus on homosexual activity is particularly hard to justify in light of the broad language Georgia has used.”. When considering the issue of privacy for intimate sexual conduct, Justice Blackmun criticised the findings of the majority: “Only the most wilful blindness could obscure the fact that sexual intimacy is a sensitive, key relationship of human existence, central to family life, community welfare, and the development of human personality…” And when dealing with the ‘historical morality’ argument that was advanced by Chief Justice Burger, the minority observed:

“The assertion that “traditional Judeo-Christian values proscribe” the conduct involved cannot provide an adequate justification for (§)16-6-2 (of the Georgia Statute). That certain, but by no means all, religious groups condemn the behavior at issue gives the State no license to impose their judgments on the entire citizenry. The legitimacy of secular legislation depends instead on whether the State can advance some justification for its law beyond its conformity to religious doctrine.”

The states respond, privacy is upheld

Bowers was argued and decided over five years in the 1980s. At the time, the USA was witnessing a neo-conservative wave in its society and government, which was headed by a republican conservative. The HIV/AIDS issue had achieved neither the domestic nor international proportions it now occupies and the linkages between HIV/AIDS, homosexuality and the right to health were still unclear. In the years after Bowers, several more US States repealed their sodomy laws.

In some US States, sodomy laws that were not legislatively repealed were judicially struck down. In 1998, the Georgia State Supreme Court, in Powell v. State of Georgia S98A0755, 270 Ga. 327, 510 S.E. 2d 18 (1998), heard a challenge to the same sodomy provision of the Georgia statute that was upheld in by the US Supreme Court in Bowers. In a complete departure from the US Supreme Court’s findings, the Georgia Supreme Court first considered whether the Georgia statute violated individual privacy: “It is clear from the right of privacy appellate jurisprudence…that the “right to be let alone” guaranteed by the Georgia Constitution is far more extensive that the right of privacy protected by the U.S. Constitution…”

Having established that an individual right to privacy existed to protect private consensual sodomy, the Georgia Court then considered whether there was a ‘legitimate State interest’ that justified the State’s restriction of this right. The justifications that were offered by the State included the possibility of child sexual abuse, prostitution and moral degradation of society. The Court found that there already were a number of legal provisions to deter and punish rape, child abuse, trafficking, prostitution and public indecency. Hence: “In light of the existence of these statutes, the sodomy statute’s raison d’ etre can only be to regulate the private sexual conduct of consenting adults, something which Georgians’ right of privacy puts beyond the bounds of government regulation.” By a 2-1 decision, Chief Justice Benham leading the majority, the Georgia Supreme Court struck down the Georgia statute for arbitrarily violating the privacy of individuals. Interestingly, the subjects of the dispute were not homosexual, but two heterosexual adults – a man and a woman. Similar cases where a US State’s sodomy laws were judicially struck down include:

Campbell v. Sundquist 926 S.W.2d 250 (1996) – [Tennessee – by the Tennessee Court of Appeals on privacy violation; appeal to the State Supreme Court expressly denied].
Commonwealth v. Bonadio 415 A.2d 47 (1980) – [Pennsylvania – by the Pennsylvania Supreme Court on both equality and privacy violations];
Doe v. Ventura MC 01-489, 2001 WL 543734 (2001) – [Minnesota – by the Hennepin County District Judge on privacy violation; no appellate challenge];
Gryczan v. Montana 942 P.2d 112 (1997) – [Montana – by the Montana Supreme Court on privacy violation];
Jegley v. Picado 80 S.W.3d 332 (2001) – [Arkansas – by the Arkansas Supreme Court, on privacy violation];
Kentucky v. Wasson 842 S.W.2d 487 (1992) [Kentucky – by the Kentucky Supreme Court on both equality and privacy violations];
Massachusetts v. Balthazar 366 Mass. 298, 318 NE2d 478 (1974) and GLAD v. Attorney General 436 Mass. 132, 763 NE2d 38 (2002) – [Massachusetts – by the Superior Judicial Court on privacy violation];
People v. Onofre 51 NY 2d 476 (1980) [New York – by the New York Court of Appeals on privacy violation]; and,
Williams v. Glendenning No. 98036031/CL-1059 (1999) – [Maryland – by the Baltimore City Circuit Court on both privacy and equality violations; no appellate challenge].

Lawrence v. Texas

These developments made for an uneven field in the matter of legality of homosexual sex with the sodomy laws of most States being repealed by their State legislatures or subject to State judicial invalidation, while the sodomy laws of the remaining States were retained under the shade of constitutional protection afforded by Bowers. Texas was one such State which maintained an anti-sodomy law contained in Texas Penal Code Annotated § 21.06(a) (2003) (“Texas statute”) which criminalised sexual intercourse between two people of the same sex. In 1998, the Texas statute was invoked to arrest two men engaged in private, consensual, non-commercial sodomy. They subsequently challenged the constitutionality of the Texas statute, their case reaching the US Supreme Court. In 2003, the US Supreme Court, in Lawrence v. Texas 539 US 558 (2003) pronounced on the validity of the Texas statute. Interestingly, while the issue under consideration was identical to that decided in Bowers, the Court this time around was presented with detailed arguments on the equality-discrimination aspect of same-sex sodomy laws – which the Bowers Court majority did not consider. The Court split 6-3; the majority struck down the Texas statute. Justice Kennedy, speaking for himself and 4 other judges of the majority, found instant fault with the Bowers Court for framing the issue in question before it as simply whether homosexuals had a fundamental right to engage in sodomy.

Privacy, intimacy, home

This mistake, Justice Kennedy claimed, “…discloses the Court’s own failure… To say that the issue in Bowers was simply the right to engage in certain sexual conduct demeans…the individual…just as it would demean a married couple were it to be said marriage is simply about the right to have sexual intercourse. Their penalties and purposes (of the laws involved)…have more far-reaching consequences, touching upon the most private human conduct, sexual behavior, and in the most private of places, the home.” Justice Kennedy, joined by Justice Stevens, Justice Souter, Justice Ginsburg and Justice Breyer, found that the Texas statute violated the right to privacy granted by the Due Process clause of the US Constitution:

“The petitioners are entitled to respect for their private lives. The State cannot demean their existence or control their destiny by making their private sexual conduct a crime. “It is a promise of the Constitution that there is a realm of personal liberty which the government may not enter.”” [The quote is c.f. Planned Parenthood of Southeastern Pa. v. Casey 505 US 833 (1992)]

Imposed morality is defeated

With the privacy argument established as controlling, Justice Kennedy went to some length to refute the ‘historical morality’ argument that was put forward in Bowers by then Chief Justice Burger: “At the outset it should be noted that there is no longstanding history in this country of laws directed at homosexual conduct as a distinct matter… The sweeping references by Chief Justice Burger to the history of Western civilization and to Judeo-Christian moral and ethical standards did not take account of other authorities pointing in an opposite direction.” To illustrate these other authorities, Justice Kennedy references the ECHR’s decision in Dudgeon supra which was reached five years before Bowers: “Authoritative in all countries that are members of the Council of Europe (21 nations then, 45 nations now), the decision (Dudgeon) is at odds with the premise in Bowers that the claim put forward was insubstantial in our Western civilization.”.

The Court then affirmed that morality could not be a compelling ground to infringe upon a fundamental right: “Our obligation is to define the liberty of all, not to mandate our own moral code”. The lone remaining judge of the majority, Justice O’Connor, based her decision not on the right to privacy but on equality-discrimination considerations. Interestingly, Justice O’Connor sat on the Bowers Court and ruled with the majority in that case. Basing her decision on equal protection grounds allowed her to concur with the majority in Lawrence but not overturn her earlier position in Bowers which had rejected a right to privacy claim. It also enabled her to strike down the Texas statute while not conceding homosexuality as a constitutionally guaranteed private liberty. There were three dissenters: The chief dissent was delivered by Justice Scalia, in which he was joined by Chief Justice Rehnquist and Justice Thomas. Bowers was not merely distinguished by the majority, it was overruled:

“Bowers was not correct when it was decided, and it is not correct today. It ought not to remain binding precedent. Bowers v. Hardwick should be and now is overruled.”

For more details visit https://cis-india.org/internet-governance/blog/privacy-autonomy-sexual-choice-common-law-recognition-of-homosexuality

Privacy, Autonomy, and Sexual Choice: The Common Law Recognition of Homosexuality

bhairav — 2015-08-23T11:56:53Z

For more details visit https://cis-india.org/internet-governance/blog/privacy-autonomy-sexual-choice-common-law-recognition-of-homosexuality.pdf

Mastering the Art of Keeping Indians Under Surveillance

bhairav — 2015-08-23T12:26:48Z

In its first year in office, the National Democratic Alliance government has been notably silent on the large-scale surveillance projects it has inherited. This ended last week amidst reports the government is hastening to complete the Central Monitoring System (CMS) within the year.

The article was published in the Wire on May 30, 2015.

In a statement to the Rajya Sabha in 2009, Gurudas Kamat, the erstwhile United Progressive Alliance’s junior communications minister, said the CMS was a project to enable direct state access to all communications on mobile phones, landlines, and the Internet in India. He meant the government was building ‘backdoors’, or capitalising on existing ones, to enable state authorities to intercept any communication at will, besides collecting large amounts of metadata, without having to rely on private communications carriers.

This is not new. Legally sanctioned backdoors have existed in Europe and the USA since the early 1990s to enable direct state interception of private communications. But the laws of those countries also subject state surveillance to a strong regime of state accountability, individual freedoms, and privacy. This regime may not be completely robust, as Edward Snowden’s revelations have shown, but at least it exists on paper. The CMS is not illegal by itself, but it is coloured by the compromised foundation of Indian surveillance law upon which it is built.

Surveillance and social control

The CMS is a technological project. But technology does not exist in isolation; it is contextualised by law, society, politics, and history. Surveillance and the CMS must be seen in the same contexts.

The great sociologist Max Weber claimed the modern state could not exist without monopolising violence. It seems clear the state also entertains the equal desire to monopolise communications technologies. The state has historically shaped the way in which information is transmitted, received, and intercepted. From the telegraph and radio to telephones and the Internet, the state has constantly endeavoured to control communications technologies.

Law is the vehicle of this control. When the first telegraph line was laid down in India, its implications for social control were instantly realised; so the law swiftly responded by creating a state monopoly over the telegraph. The telegraph played a significant role in thwarting the Revolt of 1857, even as Indians attempted to destroy the line; so the state consolidated its control over the technology to obviate future contests.

This controlling impulse was exercised over radio and telephones, which are also government monopolies, and is expressed through the state’s surveillance prerogative. On the other hand, because of its open and decentralised architecture, the Internet presents the single greatest threat to the state’s communications monopoly and dilutes its ability to control society.

Interception in India

The power to intercept communications arises with the regulation of telegraphy. The first two laws governing telegraphs, in 1854 and 1860, granted the government powers to take possession of telegraphs “on the occurrence of any public emergency”. In 1876, the third telegraph law expanded this threshold to include “the interest of public safety”. These are vague phrases and their interpretation was deliberately left to the government’s discretion.

This unclear formulation was replicated in the Indian Telegraph Act of 1885, the fourth law on the subject, which is currently in force today. The 1885 law included a specific power to wiretap. Incredibly, this colonial surveillance provision survived untouched for 87 years even as countries across the world balanced their surveillance powers with democratic safeguards.

The Indian Constitution requires all deprivations of free speech to conform to any of nine grounds listed in Article 19(2). Public emergencies and public safety are not listed. So Indira Gandhi amended the wiretapping provision in 1972 to insert five grounds copied from Article 19(2). However, the original unclear language on public emergencies and public safety remained.

Indira Gandhi’s amendment was ironic because one year earlier she had overseen the enactment of the Defence and Internal Security of India Act, 1971 (DISA), which gave the government fresh powers to wiretap. These powers were not subject to even the minimal protections of the Telegraph Act. When the Emergency was imposed in 1975, Gandhi’s government bypassed her earlier amendment and, through the DISA Rules, instituted the most intensive period of surveillance in Indian history.

Although DISA was repealed, the tradition of having parallel surveillance powers for fictitious emergencies continues to flourish. Wiretapping powers are also found in the Maharashtra Control of Organised Crime Act, 1999 which has been copied by Karnataka, Andhra Pradesh, Arunachal Pradesh, and Gujarat.

Procedural weaknesses

Meanwhile, the Telegraph Act with its 1972 amendment continued to weather criticism through the 1980s. The wiretapping power was largely exercised free of procedural safeguards such as the requirements to exhaust other less intrusive means of investigation, minimise information collection, limit the sharing of information, ensure accountability, and others.

This changed in 1996 when the Supreme Court, on a challenge brought by PUCL, ordered the government to create a minimally fair procedure. The government fell in line in 1999, and a new rule, 419A, was put into the Indian Telegraph Rules, 1951.

Unlike the United States, where a wiretap can only be ordered by a judge when she decides the state has legally made its case for the requested interception, an Indian wiretap is sanctioned by a bureaucrat or police officer. Unlike the United Kingdom, which also grants wiretapping powers to bureaucrats but subjects them to two additional safeguards including an independent auditor and a judicial tribunal, an Indian wiretap is only reviewed by a committee of the original bureaucrat’s colleagues. Unlike most of the world which restricts this power to grave crime or serious security needs, an Indian wiretap can even be obtained by the income tax department.

Rule 419A certainly creates procedure, but it lacks crucial safeguards that impugn its credibility. Worse, the contours of rule 419A were copied in 2009 to create flawed procedures to intercept the content of Internet communications and collect metadata. Unlike rule 419A, these new rules issued under sections 69(2) and 69B(3) of the Information Technology Act 2000 have not been constitutionally scrutinised.

Three steps to tap

Despite its monopoly, the state does not own the infrastructure of telephones. It is dependent on telecommunications carriers to physically perform the wiretap. Indian wiretaps take place in three steps: a bureaucrat authorises the wiretap; a law enforcement officer serves the authorisation on a carrier; and, the carrier performs the tap and returns the information to the law enforcement officer.

There are many moving parts in this process, and so there are leaks. Some leaks are cynically motivated such as Amar Singh’s lewd conversations in 2011. But others serve a public purpose: Niira Radia’s conversations were allegedly leaked by a whistleblower to reveal serious governmental culpability. Ironically, leaks have created accountability where the law has failed.

The CMS will prevent leaks by installing servers on the transmission infrastructure of carriers to divert communications to regional monitoring centres. Regional centres, in turn, will relay communications to a centralised monitoring centre where they will be analysed, mined, and stored. Carriers will no longer perform wiretaps; and, since this obviates their costs of compliance, they are willing participants.

In its annual report of 2012, the Centre for the Development of Telematics (C-DOT), a state-owned R&D centre tasked with designing and creating the CMS, claimed the system would intercept 3G video, ILD, SMS, and ISDN PRI communications made through landlines or mobile phones – both GSM and CDMA.

There are unclear reports of an expansion to intercept Internet data, such as emails and browsing details, as well as instant messaging services; but these remain unconfirmed. There is also a potential overlap with another secretive Internet surveillance programme being developed by the Defence R&D Organisation called NETRA, no details of which are public.

Culmination of surveillance

In its present state, Indian surveillance law is unable to bear the weight of the CMS project, and must be vastly strengthened to protect privacy and accountability before the state is given direct access to communications.

But there is a larger way to understand the CMS in the context of Indian surveillance. Christopher Bayly, the noted colonial historian, writes that when the British set about establishing a surveillance apparatus in colonised India, they came up against an established system of indigenous intelligence gathering. Colonial rule was at its most vulnerable at this point of intersection between foreign surveillance and indigenous knowledge, and the meeting of the two was riven by suspicion. So the colonial state simply co-opted the interface by creating institutions to acquire local knowledge.

The CMS is also an attempt to co-opt the interface between government and the purveyors of communications; because if the state cannot control communications, it cannot control society. Seen in this light, the CMS represents the natural culmination of the progression of Indian surveillance. No challenge against it that does not question the construction of the modern Indian state will be successful.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-may-30-2015-bhairav-acharya-mastering-the-art-of-keeping-indians-under-surveillance