Centre for Internet and Society

DCOS Agreement on Procurement

pranesh — 2011-08-23T02:58:35Z

On December 6, 2008, at the closing of the third Internet Governance Forum in Hyderabad, India, the Dynamic Coalition on Open Standards (DCOS), of which the Centre for Internet and Society is a member, released an agreement entitled the "Dynamic Coalition on Open Standards (DCOS) Agreement on Procurement in Support of Interoperability and Open Standards".

For more details visit https://cis-india.org/openness/blog-old/dcos-agreement-on-procurement

Data-Driven Journalism, Data Literacy & Open Government — Talk at CIS

pranesh — 2012-07-31T06:08:55Z

The Open Knowledge Foundation and the Centre for Internet and Society invite you to an informal talk by Lucy Chambers and Laura Newman on 'Data-Driven Journalism, Data Literacy, and Open Government'.

The Government of India recently passed a policy that requires all departments to start opening up data to the public, and NIC is working towards consolidating this on a single website. This workshop would focus on exchanging information on how such data are used by journalists elsewhere, and what can be done in India to drive journalism using data.

Details

The Open Knowledge Foundation is an international not-for-profit with a mission to open up the world's data, build data-literacy and promote evidence-based policy making. Working in 3 broad fields open-government, open research and open cultural heritage the activities of the foundation are focused around projects, working groups and local meetups.

The talk will be very informal, and focus on Data Journalism (datajournalismhandbook.org), but will also touch on data management for governments (ckan.org), the teaching of data literacy (schoolofdata.org) and explaining the meaning of the numbers behind government expenditure (openspending.org).

More Details

The Data Journalism Handbook was born at a 48-hour workshop at MozFest 2011 in London. It subsequently spilled over into an international, collaborative effort involving dozens of data journalism's leading advocates and best practitioners including from the Australian Broadcasting Corporation, the BBC, the Chicago Tribune, Deutsche Welle, the Guardian, the Financial Times, Helsingin Sanomat, La Nacion, the New York Times, ProPublica, the Washington Post, the Texas Tribune, Verdens Gang, Wales Online, Zeit Online and many others. Ms. Chambers was one of the
editors of the book.

Additional Links

Data Journalism Handbook - Online Version:http://bit.ly/Istv8c

Examples of data-driven journalism:http://bit.ly/8KwHR

Data-Driven Journalism mailing list: http://bit.ly/hUOQX3

For more details visit https://cis-india.org/openness/data-driven-journalism-data-literacy-and-open-govt

Counter-proposal by the Centre for Internet and Society: Draft Information Technology (Intermediary Due Diligence and Information Removal) Rules, 2012

pranesh — 2016-04-24T11:48:49Z

Any restriction on freedom of speech should embody and be guided by the following principles, as identified by the UN Special Rapporteur on Freedom of Opinion and Expression

For more details visit https://cis-india.org/internet-governance/counter-proposal-by-cis-draft-it-intermediary-due-diligence-and-information-removal-rules-2012.pdf

Counter-proposal by the Centre for Internet and Society: Draft Information Technology (Intermediary Due Diligence and Information Removal) Rules, 2012

pranesh — 2016-04-24T11:56:49Z

Any restriction on freedom of speech should embody and be guided by the following principles, as identified by the UN Special Rapporteur on Freedom of Opinion and Expression.

For more details visit https://cis-india.org/internet-governance/counter-proposal-by-cis-draft-it-intermediary-due-diligence-and-information-removal-rules-2012.odt

Copyrights and Copywrongs Why the Government Should Embrace the Public Domain

pranesh — 2013-09-06T04:56:42Z

Each of you reading this article is a criminal and should be jailed for up to three years. Yes, you. "Why?," you may ask.

This article by Pranesh Prakash was published in Yojana, Issue: August 2013.

Have you ever whistled a tune or sung a film song aloud? Have you ever retold a joke? Have you replied to an e-mail without deleting the copy of that e-mail that automatically added to the reply? Or photocopied pages from a book? Have you ever used an image from the Internet in presentation? Have you ever surfed the Internet at work, used the the 'share' button on a website, or retweeted anything on Twitter? And before 2012, did you ever use a search engine?

If you have done any of the above without the permission of the copyright holder, you might well have been in violation of the Indian Copyright Act, since in each of those examples you're creating a copy or are otherwise infringing the rights of the copyright holder. Interestingly, it was only through an amendment in 2012 that search engines (like Google and Yahoo) were legalized.

Traditional Justifications for Copyright

Copyright is one among the many forms of intellectual property rights. Across differing theories of copyright, two broad categories may be made. The first category would be those countries where copyright is intended to benefit society, the other where it is intended to benefit the author. Within the second category, there can again be two subcategories: those that see the need to benefit the author due to notions of natural justice and those that see the need to provide incentives for authors to create. Incentives to create are necessary only when the act of creation itself is valuable (and more so than the creator). The act of creation is valued highly as it directly benefits society. Thus, it is seen that the second sub-category is closer to the societal benefit theory than the natural justice sub-category. In the United States, the wording of the Progress Clause makes things clear that copyright is for the benefit of the public, and the author is only given secondary consideration. It is in light of this that the U.S. Supreme Court said,
"The monopoly privileges that Congress may authorize are neither unlimited nor primarily designed to provide a special private benefit. Rather, the limited grant is a means by which an important public purpose may be achieved. It is intended to motivate the creative activity of authors and inventors by the provision of a special reward, and to allow the public access to the products of their genius after the limited period of exclusive control has expired."

Economic theories of copyright see copyright as an incentive mechanism, designed to encourage creators to produce material because they would be able to recover costs and make a profit due to the exclusionary rights that copyright law grants. Thus, the ideal period of copyright for any material, under the economic theory would be the minimum period required for a person to recoup the costs that go into the production of that material. Allowing for the great-grandchildren of the author to benefit from the author’s work would actually go against the incentive mechanism. Even if the author is motivated enough to put in even more hard work to provide for her great-grandchildren, her children, grandchildren, and great-grandchildren wouldn’t have any incentive to create for themselves (as the incentive is seen purely in terms of economics, and not in terms of creative urge, etc.), as they are already provided for by copyright. Thus, in a sense, the shift towards longer periods of copyright terms that we are seeing today can be seen as a shift from the incentive-based model to a rewards-based model of copyright.

The other standard theory of copyright justification is the natural rights theory, which deems intellectual property the fruit of the author’s labour, thus entitling them to complete control over that fruit. This brings us to the conception of property itself, and the Lockean and Hegelian justifications for personal property is what is most often used to back such an argument up.

There are many problems with the natural rights theory of intellectual property. If that theory were to hold water, copyright law would accord greater precedence to authors than to publishers. Yet, we see that it is publishers primarily, and not authors, who get benefit of copyright. The "work for hire" doctrine, embodied in Section 17 of the Copyright Act, holds that it is the employer who is treated as the owner of copyright, not the author. This plainly contradicts that natural rights theory. And it also raises the question of why we should protect certain kinds of knowledge investments in the first place. Publishing is a business, and all risks inherent with other businesses should come along with publishing. There is no reason that the State should safeguard their investment by vesting in them a right while safeguarding the investments of any other business only occasionally, and that too as an act of munificence. This problem arises because of the free transferability of copyright. This leads us to the larger problem, which is of course that of treating knowledge as a form of property. Property, as we have traditionally understood it, has a few features like excludability. Knowledge, however, does not share that feature with property. Once you know something that I created, I can’t exclude you from that knowledge that (unlike my ability to take back an apple you have stolen from me). This analysis also has the pernicious effect of excluding free speech analysis of copyright laws. An incorrect analogy is often drawn to explain why free speech analysis doesn’t work on property: you may wish to exercise your right to free speech on my front lawn, yet the State may decree that I am in full right to throw you off my property, without being accused of abridging your right to freedom of speech. So, the argument goes, enforcement of property rights is not an affront to freedom of speech. The problems with this analogy are obvious enough: the two forms of “property” cannot be equated. If you take the location of speech away, I can still speak. If, on the other hand, you restrict my ideas/expression, then I can no longer be said to have the freedom of expression.

One Size Doesn't Fit All

It is easy to see that copyright is an ill-fit for all the things that it now covers. Copyright in its present form is a historical accident, which evolved into the state it is in a very haphazard fashion. It is a colonial imposition on developing countries. It does not value that which we often value in Indian culture: tradition. Instead, copyright law values modernity and newness. It can also be seen as a trade issue imposed on us through the Trade-Related Intellectual Property Agreement (TRIPS Agreements) as part of the World Trade Organization.

Importantly, copyright is not a single well-planned scheme. In some cases — for literature, visual art works, lyrics, musical tunes, etc. — it provides rights to the artist, while in other cases — for recordings of those musical tunes, and for films — it provides rights to the producers. What are the legal reasons for this distinction? There aren't any; the distinction is a historical one (with sound recordings and films getting copyright protection after literature, etc.). At one point of time only exact copies were governed by copyright law. Hence, translations of a work were considered not to be infringement of that work (or a "derivative work"), but new independent works, since after all it takes considerable artistic effort to create a good translation of a work. However now even creating an encyclopedia based on Harry Potter (as the Harry Potter Lexicon was), is covered as infringement of the exclusive rights of the author. At one point of time photographs were not provided any copyright, being as they are, 'mere' mechanical reproductions. They were seen as not being 'creative' enough. However, around the turn of the twentieth century, that position changed, and hence every photograph you've taken of your dog is now copyrighted. According to a recent Supreme Court decision, merely adding paragraph numbering to court judgments is considered to be 'creative' enough to merit copyright protection! At one point of time, copyright existed for 14 years. Now, with the international minimum being "fifty years after the death of the author", it lasts for an average of more than a century! Once upon a time, copyright was only granted to those who wanted it and applied for it. That has now changed, and you have copyright over every single original thing that you have ever written, recorded, or otherwise affixed to a medium.

Copyright in the Digital Era

All digital activities violate copyright, since automatically copies are created on the computer's RAM, cache, etc. Because now everything is copyrighted, and copyrighted seemingly forever, each one of us violates copyright on a day-to-day basis. It is a mockery of the law when everyone is a criminal. The US President Barack Obama violated copyright law when he presented UK's Queen Elizabeth II an iPod filled with 40 songs from popular musicals like West Side Story and the King and I. When even presidents, with legal advisers cannot navigate copyright law successfully, what hopes have we ordinary people?

There is no shortage of similar examples to show that copyright law has gone out of control.

Take extradition, for instance. Augusto Pinochet was extradited, Charles Shobraj was sought to be extradited. Added to their ranks is the pimply teenager who runs TVShark, who British courts have cleared for extradition to the USA for potential violation of copyright law. The extreme injustice of copyright is easily observable if one sees the contorted map depicting net royalty inflows available on Worldmapper.org: there are a sum total of less than a dozen countries which are net exporters of IP; all other countries, including India, are net importers of IP. IP law is one area where both those who talk about social justice and those who talk about individual liberties find common ground in the monopolistic or exclusionary rights granted under copyright law. Copyright acts as a barrier to free trade, thus allowing Nelson Mandela's autobiography to be more expensive in South Africa than the United Kingdom because South Africa is prohibited by the UK publisher from importing the book from India. Mark Getty, the heir to the Getty Images fortune, once presciently observed that "IP is the oil of the 21st century".

Government Copyright

In the ivory towers of academia, there has in recent times been a clarion call that's resounding strongly: the call for open access. As the Public Library of Science states, "open access is a stands for unrestricted access and unrestricted reuse". Why is it important? "Most publishers own the rights to the articles in their journals. Anyone who wants to read the articles must pay to access them. Anyone who wants to use the articles in any way must obtain permission from the publisher and is often required to pay an additional fee. Although many researchers can access the journals they need via their institution and think that their access is free, in reality it is not. The institution has often been involved in lengthy negotiations around the price of their site license, and re-use of this content is limited." Importantly, the writers of articles (scholars) do not get paid by the publishers for their articles, and most developing countries are not able to afford the costs imposed by these scholarly publishers. Even India's premier scientific research agency, the Council for Scientific and Industrial Research, recently declared that the costs of scientific journals was beyond its means.

Why is this important? Because apart from establishing the idea of informational equity and justice, it also establishes the idea that taxpayer-funded research (as most scientific and much of academic research is) ought to belong to the public domain, and be available freely. This principle, seemingly uncontroversial, is very unfortunately not embodied in the Indian Copyright Act. Most public servants do not realize that that which they create may not be freely used by the public whom they serve.

Under the Indian Copyright Act, all creations of the government, whether by the executive, judiciary, or legislature, is by default copyrighted. This does not make sense under either of the two theories of copyright that we examined above. The government is not an 'author' who can have any form of 'natural rights' over its labour. Nor is the government incentivised to create more works if it has copyright over them. Most of the copyrighted works, such as various reports, the Gazette of India, etc., that the government creates are required to be created, and the cultural works it creates are for cultural promotion and not for commercial exploitation. Hence it makes absolutely no sense to continue with the colonial regime of 'crown copyright', when countries like the USA have suffered no ill effects by legally placing all government works in the public domain.

While there are a limited set of exceptions to government copyright provided for in the law, those are very minimal. This means that even though you are legally allowed to get a document through the Right to Information Act, publicising that document on the Internet could potentially get you jailed under the Copyright Act. This is obviously not what any government official would want. If instead of the four sub-sections that form the exception, the exception was merely one line and allowed for "the reproduction, communication to the public, or publication of any government work", then that itself would elegantly take care of the problem. This would also remove the ambiguities inherent currently in the Data.gov.in, where the central government is publishing information that it wants civil society, entrepreneurs, and other government departments to use, however there is no clarity on whether they are legally allowed to do so.

Recently, the member states of the World Intellectual Property Organization passed a treaty that would facilitate blind persons' access to books. On that occasion, at Marrakesh, I noted that intellectual property must not be seen as a good in itself, but as an instrumentalist tool which may be selectively deployed to achieve societally desirable objectives. I said: It is historic that today WIPO and its members have collectively recognized in a treaty that copyright isn't just an "engine of free expression" but can pose a significant barrier to access to knowledge. Today we recognize that blind writers are currently curtailed more by copyright law than protected by it. Today we recognize that copyright not only may be curtailed in some circumstances, but that it must be curtailed in some circumstances, even beyond the few that have been listed in the Berne Convention. One of the original framers of the Berne Convention, Swiss jurist and president, Numa Droz, recognized this in 1884 when he emphasized that "limits to absolute protection are rightly set by the public interest". And as Debabrata Saha, India's delegate to WIPO during the adoption of the WIPO Development Agenda noted, "intellectual property rights have to be viewed not as a self contained and distinct domain, but rather as an effective policy instrument for wide ranging socio-economic and technological development. The primary objective of this instrument is to maximize public welfare." When copyright doesn't serve public welfare, states must intervene, and the law must change to promote human rights, the freedom of expression and to receive and impart information, and to protect authors and consumers. Importantly, markets alone cannot be relied upon to achieve a just allocation of informational resources, as we have seen clearly from the book famine that the blind are experiencing. Marrakesh was the city in which, as Debabrata Saha noted, "the damage [of] TRIPS [was] wrought on developing countries". Now it has redeemed itself through this treaty.

The Indian government needs to similarly redeem itself by freeing governmental works, including the scientific research it funds, the archives of All India Radio, the movies that it produces through Prasar Bharati, and all other tax-payer funded works, and by returning them to the public domain, where they belong.

For more details visit https://cis-india.org/a2k/blogs/yojana-august-2013-pranesh-prakash-copyrights-and-copywrongs-why-the-govt-should-embrace-the-public-domain

Copyright Bill Analysis

pranesh — 2010-07-18T10:13:47Z

This analysis of the Copyright (Amendment) Bill, 2010, was submitted to the Rajya Sabha Standing Committee on HRD on May 31 by a collective of 22 civil society organizations.

For more details visit https://cis-india.org/a2k/publications/copyright-bill-submission

Control Shift?

pranesh — 2011-08-02T07:22:12Z

The USA has ceded control of the Internet over to Icann, but only partially. (This post appeared as an article in Down to Earth, in the issue dated November 15, 2009.)

After dominating operations of the Internet for decades Washington has said it will relinquish some control. On September 30, the US department of commerce decided to cede some of its powers to the Internet Corporation for Assigned Names and Numbers (ICANN), the body which manages the net’s phone book—the Internet’s Domain Naming System (dns).

The system deals with online addresses: human understandable names (like google.com) are made to work with computer understandable names (81.198.166.2, for example). Managing this is critical because while Madras can be a city in both Tamil Nadu and Oregon, everyone wishing to go to madras.com must be pointed to the same place. For the Internet to work, everyone in the world must use the same telephone directory.

The Internet is not a single network of computers, but an interconnected set of networks. What does it mean, then, to control the Internet? For those wishing to access YouTube in late February 2008, it seemed as though it was controlled by Pakistan Telecom—the agency had accidentally blocked access to YouTube to the entire world for almost a day. For Guangzhou residents, it seems the censor-happy Chinese government controls the Internet. And for a brief while in January 1998, it seemed the net was controlled by one Jon Postel.

Postel was one of the architects of the Internet involved from the times of the net’s predecessor arpanet project, which the US department of defence funded as an attack-resilient computer network. He was heading the Internet Assigned Numbers Authority (iana), an informal body in de facto charge of technical aspects of the Internet, including the domain network system. But iana had no legal sanction. It was contracted by the department to perform its services. The US government retained control of the root servers that directed Internet traffic to the right locations.

On January 28, 1998, Postel got eight of the 12 root servers transferred to iana control. This was when the defence department was ceding its powers to the commerce department. Postal soon received a telephone call from a furious Ira Magaziner, Bill Clinton’s senior science adviser, who instructed him to undo the transfer. Within a week, the commerce department issued a declaration of its control over the dns root servers—it was now in a position to direct Internet traffic all over the world.

Soon after, the US government set up ICANN as a private non-profit corporation to manage the core components of the Internet. A contract from the department of commerce gave the organization in California the authority to conduct its operations. iana and other bodies (such as the regional Internet registries) now function under ICANN.

Right from the outset, ICANN has been criticized as unaccountable, opaque and controlled by vested interests, especially big corporations which manipulated the domain name dispute resolution system to favour trademarks. Its lack of democratic functioning, commercial focus and poor-tolerance of dissent have made ICANN everyone’s target, from those who believe in a libertarian Internet as a place of freedom and self-regulation, to those (the European Union, for instance) who believe the critical components of the Internet should not be in the sole control of the US government.

The department of commerce has from time to time renewed its agreement with ICANN, and the latest such renewal comes in the form of the affirmation of commitments (AoC). Through the AoC, the US government has sought to minimize its role. Instead of being the overseer of ICANN's working, it now holds only one permanent seat in the multi-stakeholder review panel that ICANN will itself have to constitute. But two days after the AoC, ICANN snubbed a coalition of civil society voices calling for representation; the root zone file remains in US control. It is too early to judge the AoC; it will have to be judged by how it is actualized.

For more details visit https://cis-india.org/internet-governance/blog/icann-control-shift

Consumers International IP Watchlist 2012 — India Report

pranesh — 2012-08-16T10:23:36Z

Pranesh Prakash prepared the India Report for Consumers International IP Watchlist 2012. The report was published on the A2K Network website.

Summary

India's Copyright Act is a relatively balanced instrument that recognises the interests of consumers through its broad private use exception, and by facilitating the compulsory licensing of works that would otherwise be unavailable. However, the compulsory licensing provision have not been utilized so far, because of both a lack of knowledge and more importantly because of the stringent conditions attached to them. Currently, the Indian law is also a bit out of sync with general practices as the exceptions and limitations allowed for literary, artistic and musical works are often not available with sound recordings and cinematograph films. There are numerous other such inconsistencies. Positively retrogressive provisions, such as criminalisation of individual non-commercial infringement also exist. India's Copyright Act is a relatively balanced instrument that recognises the interests of consumers through its broad private use exception, and by facilitating the compulsory licensing of works that would otherwise be unavailable. However, the compulsory licensing provision have not been utilized so far, because of both a lack of knowledge and more importantly because of the stringent conditions attached to them. Currently, the Indian law is also a bit out of sync with general practices as the exceptions and limitations allowed for literary, artistic and musical works are often not available with sound recordings and cinematograph films. There are numerous other such inconsistencies. Positively retrogressive provisions, such as criminalisation of individual non-commercial infringement also exist.

It is unfortunate that the larger public interest in copyright-related issues are never foregrounded in India. For instance, the Standing Committee tasked with review of the Copyright Amendment Bill has held hearings without calling a single consumer rights organization, and without seeking any civil society engagement, except for the issue of access for persons with disabilities. This was despite a number of civil society organizations, including consumer rights organizations, sending in a written submission to the Standing Committee.

This lopsidedness in terms of policy influence is resulting in greater imbalance in the law, as evidenced by the government's capitulation to a handful of influential multinational book publishers on the question of allowing parallel importation of copyrighted works. Furthermore, pressure from the United States and the European Union, in the form of the Special 301 report and the India-EU free trade agreement that is being negotiated are leading to numerous negative changes being introduced into Indian law, despite us not having any legal obligation under any treaties. Such influence only works in one direction: to increase the rights granted to rightsholders, and has so far never included any increase in user rights.

It is true that copyright infringement, particularly in the form of physical media, is widespread in India. However this must be taken in the context that India, although fast-growing, remains one of the poorest countries in the world. Although India's knowledge and cultural productivity over the centuries and to the present day has been rich and prodigious, its citizens are economically disadvantaged as consumers of that same knowledge and culture. Indeed, most students, even in the so-called elite institutions, need to employ photocopying and other such means to be able to afford the requisite study materials. Visually impaired persons, for instance, have no option but to disobey the law that does not grant them equal access to copyrighted works. Legitimate operating systems (with the notable exception of most free and open source OSes) add a very high overhead to the purchase of cheap computers, thus driving users to pirated software. Thus, these phenomena need to be addressed not at the level of enforcement, but at the level of supply of affordable works.

Source URL: http://bit.ly/QEJf5l
Click to download the report [PDF, 201 Kb]

For more details visit https://cis-india.org/a2k/consumers-international-ip-watchlist-report-2012

Consumers International IP Watchlist 2011 — India Report

pranesh — 2014-05-29T05:52:28Z

Pranesh Prakash prepared the India Report for the Consumers International IP Watchlist 2011. The report was published on the A2K Network website.

The report says:

While India has not acceded to the WIPO [23] Copyright Treaty or the WIPO Performers and Phonograms Treaty, yet a set of amendments have been proposed which would bring the Indian law in compliance with both the WCT and the WPPT. These amendments would expose India's consumers to the same problems experienced in other jurisdictions which have prohibited the use of circumvention devices to gain access to legally-acquired copyright material. These amendments also propose a substantial increase in the copyright term for photographs (from 50 years to life plus 60 years), and a conditional increase of ten years for cinematograph films to 70 years if a special agreement is entered into by the producer with the director. It is true that copyright infringement, particularly in the form of physical media, is widespread in India. However this must be taken in the context that India, although fast-growing, remains one of the poorest countries in the world. Although India's knowledge and cultural productivity over the centuries and to the present day has been rich and prodigious, its citizens are economically disadvantaged as consumers of that same knowledge and culture. Indeed, most students, even in the so-called elite institutions, need to employ photocopying and other such means to be able to afford the requisite study materials. Physically challenged persons have no option but to disobey the law that does not grant them equal access to copyrighted works.

Legitimate operating systems (with the notable exception of most free and open source OSes) add a very high overhead to the purchase of cheap computers, thus driving users to pirated software. Thus, these phenomena need to be addressed not at the level of enforcement, but at the level of supply of affordable works in a suitable format.

Over the last year, the Standing Committee tasked with review of the Copyright Amendment Bill has held hearings and presented its findings and recommendations to the HRD Ministry. However, not a single consumer rights organization was called by the Standing Committee, and no civil society engagement was sought except for the issue of access for persons with disabilities. This was despite a number of civil society organizations sending in written submissions to the Standing Committee. The government is going to re-table the Bill in this session of Parliament (February-April).

Click to download the full report [PDF, 150 kb]
Read the report published by A2K Network here

For more details visit https://cis-india.org/a2k/blogs/ip-watch-list-2011

Consumers International IP Watch List 2009

pranesh — 2011-08-04T04:42:27Z

In response to the US Special 301 report, Consumers International brought out an IP Watch List. CIS contributed the India Country Report for the Watch List.

Every year the Office of the United States Trade Representative (USTR) publishes a report known as the Special 301 Report, documenting IP regimes in various countries, and publishing a list of those countries which do not afford 'adequate and effective' protection for US intellectual property. This year Consumers International, which set up the A2K Network, published a counter-report, the IP Watch List 2009 for which the India report [pdf here] was prepared by the Centre for Internet and Society. While the Special 301 Report labels India a "Priority Watch List" country (meaning that it has an IP regime least conducive to the trade interests of the United States), the Consumers International report holds India to have the most consumer-friendly and balanced IP regulation amongst the sixteen countries surveyed. The CI report lambasts the USTR's attempts to make countries comply with unreasonable demands which go over and above the countries' international obligations. For instance, the WIPO Internet Treaties, which have been criticised by many, is sought to be imposed on countries like Israel, India, and Canada. Prof. Michael Geist of the University of Ottawa even notes that piracy levels and accession to the WCT and WPPT do not seem to be correlated: "In fact, only five countries that have ratified the WIPO Internet treaties have software piracy rates lower than Canada." Still, the USTR has placed both India, whose IP laws are being praised by Consumers International and Canada, which has low piracy rates even by the accounts of the notoriously propagandist BSA, have both been placed in the Priority Watch List. The reasons for doing so are not all that unclear if we look at who really shapes the USTR's Special 301 report.

The India section of the USTR Special 301 report [pdf] (pp. 18-19) notes:
"India will remain on the Priority Watch List in 2009. India has made progress on improving its IPR infrastructure, including through the modernization of its IP offices and the introduction of an e-filing system for trademark and patent applications. Further, the IP offices have started the process of digitization of intellectual property files. In addition, the Indian ministerial committee on IPR enforcement has supported the creation of specialized IPR police units. Customs enforcement has also improved through the implementation of the 2007 IPR (Imported Goods) Enforcement Rules as well as by seizures of unlicensed copyrighted goods intended for export. However, the United States remains concerned about weak IPR protection and enforcement in India. The United States continues to urge India to improve its IPR regime by providing stronger protection for copyrights and patents, as well as effective protection against unfair commercial use of undisclosed test and other data generated to obtain marketing approval for pharmaceutical and agrochemical products. The United States encourages India to enact legislation in the near term to strengthen its copyright laws and implement the provisions of the WIPO Internet Treaties. The United States also encourages India to improve its IPR enforcement system by enacting effective optical disc legislation to combat optical disc piracy. Piracy and counterfeiting, including of pharmaceuticals, remain a serious problem in India. India’s criminal IPR enforcement regime remains weak. Police action against those engaged in manufacturing, distributing, or selling pirated and counterfeit goods, and expeditious judicial dispositions for IPR infringement and imposition of deterrent-level sentences, is needed. As counterfeit medicines are a serious problem in India, the United States is encouraged by the recent passage of the Drugs and Cosmetics (Amendment) Act 2008 that will increase penalties for spurious and adulterated pharmaceuticals. The United States urges India to strengthen its IPR regime and stands ready to work with India on these issues during the coming year."

Large chunks of it seem to have been 'borrowed' from the IIPA submissions. The IIPA (International Intellectual Property Alliance), which is made up of US-based IP-maximalist lobbyists like the Motion Picture Association of America, Recording Industry Association of America, National Music Publishers Association, Association of American Publishers, and Business Software Alliance, is a body that was created to lobby the USTR to impose trade sanctions on those countries which did not follow the path that IIPA thought best for those countries.
Interestingly, the IIPA submissions talk not of IIPA's concern about weak IPR protection and enforcement in India, but instead states: "the United States remains concerned about weak IPR protection and enforcement in India". This exact line even manages to finds itself in the USTR Special 301 report. Many IIPA complaints find themselves as USTR recommendations, including: a) fast-track judical dispositions of IP cases; b) special laws against optical disc piracy; c) ratification of the WCT and WPPT (the "WIPO Internet Treaties"); d) increased criminal enforcement of intellectual property.

Thus, the Special 301 report emerges as a discredited report that the US's trade partners should not (and by many accounts do not) pay attention to. Measurement of IP balance and consumer-friendliness such as the Consumers International IP Watch List are more important, and should eventually lead to a measurement index for Access to Knowledge.

For more details visit https://cis-india.org/a2k/blogs/consumers-international-ip-watch-list-2009

Computer Related Offences

pranesh — 2013-06-07T10:47:36Z

If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.

Explanation
For the purposes of this section,

the word “dishonestly” shall have the meaning assigned to it in section 24 of the Indian Penal Code;
the word “fraudulently” shall have the meaning assigned to it in section 25 of the Indian Penal Code.

For more details visit https://cis-india.org/internet-governance/resources/section-66-it-act.txt

Comparative Analysis of Comments Submitted on Draft IT Rules

pranesh — 2012-04-23T05:47:43Z

An RTI was filed asking the DIT to provide all the feedback received on its call for comments on the Draft Information Technology Rules. The feedback on the Due Diligence Rules / Intermediary Guidelines Rules have been compiled in this comparative table.

For more details visit https://cis-india.org/internet-governance/resources/comparative-analysis-draft-it-rules-comments

Comments to the Ministry on WIPO Broadcast Treaty (March 2011)

pranesh — 2012-12-14T10:29:20Z

As a follow up to a stakeholder meeting called by the MHRD on the WIPO Broadcast Treaty, CIS provided written comments on the April 2007 Non-Paper of the WIPO Broadcast Treaty, emphasising the need for a signal-based approach to be taken on the Broadcast Treaty, and making it clear that India should continue to oppose the creation of new rights for webcasters.

On February 22, 2011, the Ministry of Human Resource Development held a meeting to decide on the Indian position on the WIPO Broadcast Treaty. The Ministry asked the participants at the meeting to send in written submissions on four matters. We sent in submissions on those four issues, as well as a few others.

Comments on the non-paper for the WIPO Broadcast Treaty by the Centre for Internet and Society

On February 23, 2011, the Ministry of HRD had asked for comments on four matters:

Article 3 of the Non-paper which was circulated earlier
Term of protection for signal
Nature of limitations and exceptions
Protection of signal and retransmission

We have made submissions on those and a few other matters as well. Unless noted otherwise, all comments made in this note pertain to the final non-paper (April 2007) and not the draft non-paper (March 2007).

Article 3

Article 3 of the draft non-paper that was circulated (March 2007) for comments from country delegates stated:

3. Scope of Application

The provisions of this Treaty shall not provide any protection in respect of

(i) mere retransmissions;

(ii) any transmissions where the time of the transmission and the place of its reception may be individually chosen by members of the public (on-demand transmissions); or

(iii) any transmissions over computer networks (transmissions using the Internet

Protocol, “webcasting”, or “netcasting”).

A number of people present at the recent MHRD-organized meeting noted that “mere retransmissions” is a confusing term. In the revised non-paper (April 2007), it has been clarified that protection is not granted to third parties for merely retransmitting another’s signal (Art. 3(4)(i)).

3. Specific Scope and Object of Protection

(4) The provisions of this Treaty shall not provide any protection

(i) to retransmitting third parties in respect of their mere retransmissions by any means of broadcasts by broadcasting organizations;

(ii) to any person for transmissions where the time of the transmission and the place of its reception may be individually chosen by members of the public (on-demand transmissions); or

(iii) to any person for transmissions over computer networks

In addition, Art. 3(4)(iii) is currently ambiguous since it is not clear whether “retransmissions” are subsumed under the word transmission. By allowing for separate rights for retransmission over computer networks, the Treaty allows for the creation of two classes: traditional broadcasters who will have rights over retransmissions over computer networks, and all other persons who will have no rights over transmissions. Thus, if “retransmission” is not subsumed under the word “transmission”, it would be advisable to alter that clause to read “to any person for transmissions or retransmissions over computer networks”.

Lastly, Art. 3(4) should additional prevent protection for persons broadcasting materials for which they have not acquired copyright, or for broadcasting materials in the public domain.

Term of Protection of Signals

No term of protection should be provided. As was noted by the US government in its response to the draft non-paper, it is questionable “whether a 20-year term of protection is consistent with a signal-based approach”. The Brazilian delegation also states: “Article 13 should be deleted. A twenty-year term of protection is unnecessary. The agreed “signal-based” approach to the Treaty implies that the objected of protection is the signal, and therefore duration of protection must be linked with the ephemeral life of the signal itself.” Thus, a term is only needed if we stray away from a signal-based approach. As we do not wish to do so, there should be no term of protection.

Limitations and Exceptions

The limitations and exceptions (L&E) currently provided for allow for mirroring of copyright L&E limited by a Berne-like three-step test.

However, reasons for providing protection over broadcasting are not the same as those for copyright. For instance, a country may wish to make exceptions to signal protection for cases such as broadcast of a national sport, as India has done with the Sports Broadcasting Signals (Mandatory Sharing with Prasar Bharati) Act.

This might well afoul of the three-step test proposed in Article 10(2). Furthermore, a country may wish to limit the application of broadcasters rights for national broadcasters (whose programming is paid for by taxpayers, and thus should be available to them), but may not be able to do so under the provisions of Article 10(2). Thus, Article 10(2) should be deleted, and Article 10(1) should be expanded to include issues of national interest and for free-to-air broadcast signals.

Protection of Signal and Retransmission

It should be a sine qua non condition of India’s that that this be a purely signal-based treaty with no fixation or post-fixation rights. Thus, it should restrict itself to protection of signals, and simultaneous retransmission.

As a result, no separate right to prevent unauthorized “decryption” should be granted, since signal-theft is already a crime. For instance, this provision would also cover decrypting an unauthorized retransmission without authorization from the retransmitter. This provides the unauthorized retransmitter rights, even though s/he has no right to retransmit. This leads to an absurd situation.

As stated by the Brazilian government:

“[Article 10 of the draft non-paper and Article 9 of the non-paper] is inconsistent with a “signal-based approach”. It creates unwarranted obstacles to technological development, to access to legitimate uses, flexibilities and exceptions and to access to the public domain. It does not focus on securing effective protection against an illicit act, but rather creates new exclusive rights so that they cover areas unrelated with the objective of the treaty, such as control by holder of industrial production of goods, the development and use of encryption technologies, and private uses. The prohibition of mere decryption of encrypted signals, without there having been unauthorized broadcasting activity, is abusive.”

Other comments

Article 7

Article 7 of the non-paper provides broadcasters rights post-fixation (“Broadcasting organizations shall enjoy the exclusive right of authorizing … the deferred transmission by any means to the public of their fixed broadcasts. ”). This is contrary to a signal-based approach. A signal-based approach would necessarily mean that it is only signal theft (which happens only via unauthorized simultaneous retransmission) that should be protected. Deferred transmission should implicate the rights of the owner of copyright, but not of the broadcasting organization.

Article 4

As suggested by the Brazilian government, Article 4(1) which proposes a non-prejudice clause should be amended to add the words “and access to the public domain” at its end. This is consistent with the WIPO Development Agenda.

Article 5

India should re-iterate its suggestion to add the following to the definition of “broadcast” under Art. 5(a): “‘broadcast’ shall not be understood as including transmission of such a set of signals over computer networks. ”

Further, the phrase “general public ” should be retained in Art.5 (as was present in the draft non-paper), and should not be made into “public”. The danger is that a limited public (say family members) could possibly be covered by the term “public”, while they will be excluded from “general public”, which in any case is the target audience of all broadcast.

For more details visit https://cis-india.org/a2k/blogs/wipo-broadcast-treaty-comments-march-2011

Comments to the MHRD on WIPO Broadcast Treaty (March 2013)

pranesh — 2013-04-23T06:39:36Z

The Centre for Internet and Society would like to make the following comments on the draft legal text of SCCR/24/10 (Working Document for a Treaty on the Protection of Broadcasting Organizations) at the stakeholders meeting to be held on March 21, 2013.

Article 1 – Preamble: The draft legal text of SCCR/24/10 (“Treaty”) in the Preamble should in clear terms capture the intent of the WIPO General Assembly as to the object of the Treaty. The SCCR reiterated the General Assembly’s mandate for a signal based approach treaty for the protection of broadcasting and cablecasting organizations. In this regard, the SCCR in its report to the 50th Session of the WIPO General Assembly (Oct. 1-9, 2012) noted:

“The Committee reaffirmed its commitment to continue work on a signal based approach, consistent with the 2007 General Assembly mandate, towards developing an international treaty to update the protection of broadcasting and cablecasting organizations in the traditional sense. The Committee also agreed to recommend to the WIPO General Assembly that the Committee continue its work toward a text that will enable a decision on whether to convene a diplomatic conference in 2014.” [emphasis added]

Therefore it is submitted that the Preamble should at the very outset establish that the Treaty aims at
- protection of a related right and a signal based approach is adopted to protect such a related right
- protection of the broadcasting and cablecasting organizations in the traditional sense.
Article 2 – General Principles: It is submitted that the Development Agenda under TRIPS should be declared as general principle under the Treaty where as a balance must be struck between the rights of the broadcasting organizations and the larger public interest.
Article 5 – Definitions: The Treaty in its current form proposes alternatives to the definitions. On a general observation, it is submitted that the alternatives are unsatisfactory and waivers from the WIPO General Assembly mandate to adopt a signal based approach.

In precise terms, the definition section attributes a broad definition to the “broadcast” and fails to define the means of broadcast. The alternative to 5(b) does reintroduce the phrase, “general public” instead of “public”, as anything lesser would not constitute a broadcast as it was in the Article 5 of the March, 2007 draft non-paper, but fails to adopt a signal based approach by adding the words, “and specific program”.

Similarly definition of “retransmission” under the Alternative A for Article 5 clause (d) uses the words, “transmission by any means” which is again in conflict with the signal based approach.

Apart from the instances mentions above there are many other inconsistencies in the definition section and therefore it is submitted that none of the alternatives to the definition section can be implements within the mandate of the General Assembly.
Article 6 – Scope of Application: We agree with the Alternative A of Article 6, insofar as the alternative to clause 1 is adopted.
Article 9 – Protection for Broadcasting Organizations: In reference to Alternative A for Article 9 it is submitted that the public performance of broadcast signals should not be covered. In many countries, especially lower-income countries, shared viewing of televisions and shared listening to radio are culturally established and it should not be equated with signal theft, which should be the primary focus of this Treaty. Further, free-to-air TV and radio channels and state-sponsored TV and radio channels depend on advertisements and other forms of income, not subscriber payments. Given this, there is no reason why public performance, the wrongfulness of which is very business-model dependent, should be included in this treaty.

We strongly suggest that Alternative B to Article 9 should struck down as it is in contravention of the mandate of the WIPO General Assembly to adopt a signal based approach for the development of the text of the Treaty. There cannot be any fixation or post fixation rights be given to the broadcasting organization if a signal based approach is adopted for the Treaty.
Article 10 – Limitations and Exception: The limitations and exceptions should be mandatory as well, as not balancing limitations and exceptions with the rights granted to the broadcasters would be violating the spirit of the WIPO Development Agenda.

Further, it will also in contravention of Article 3 of the Treaty in its current form. The UNESCO Convention on the Protection and Promotion of the Diversity of Cultural Expression recognizes the principles of equitable access and openness and balance. It also mandates implementation of “measures aimed at enhancing diversity of the media, including through public service broadcasting.

It is also reiterated that, reasons for providing exceptions for over broadcast rights are not the same as those for copyright. For instance, a country may wish to make exceptions to signal protection for cases such as broadcast of a national sport, as India has done with the Sports Broadcasting Signals (Mandatory Sharing with Prasar Bharati) Act. This might well afoul of the three-step test proposed in Article 7(2), especially as it says “provide for the same or further limitations or exceptions...”.

Furthermore, a country may wish to limit the application of broadcasters rights for national broadcasters (whose programming is paid for by taxpayers, and thus should be available to them), but may not be able to do so under the provisions of Article 7(2). Thus, Article 10(2) should be deleted, and Article 10(1) should be expanded to include issues of national interest and for free-to-air broadcast signals.
Article 11 – Term of Protection: As submitted earlier by CIS, it is reiterated that no term of protection should be provided. As was noted by the US government in its response to the draft non-paper, it is questionable “whether a 20-year term of protection is consistent with a signal-based approach”. The Brazilian delegation also states: “Article 13 [of the previous draft treaty] should be deleted. A twenty-year term of protection is unnecessary. The agreed “signal-based” approach to the Treaty implies that the objected of protection is the signal, and therefore duration of protection must be linked with the ephemeral life of the signal itself.” Thus, a term is only needed if we stray away from a signal-based approach. As we do not wish to do so, there should be no term of protection.
Article 12 – Protection of Encryption and Rights Management Information: From our previous submission on this issue we reiterate that, No separate right to prevent unauthorized “decryption” should be granted, since signal-theft is already a crime. For instance, this provision would also cover decrypting an unauthorized retransmission without authorization from the retransmitter. This provides the unauthorized retransmitter rights, even though s/he has no right to retransmit. This leads to an absurd situation.

As stated by the Brazilian government with respect to the April 2007 non-paper:
“[Article 10 of the draft non-paper and Article 9 of the non-paper] is inconsistent with a “signal-based approach”. It creates unwarranted obstacles to technological development, to access to legitimate uses, flexibilities and exceptions and to access to the public domain. It does not focus on securing effective protection against an illicit act, but rather creates new exclusive rights so that they cover areas unrelated with the objective of the treaty, such as control by holder of industrial production of goods, the development and use of encryption technologies, and private uses. The prohibition of mere decryption of encrypted signals, without there having been unauthorized broadcasting activity, is abusive.”

If even the provision is to be retained, it should not grant the broadcasters any rights over and above that which is otherwise granted by the law, thus the following line is over-broad: “that are not authorized by the broadcasting organizations concerned or are not permitted by law.”

For more details visit https://cis-india.org/a2k/blogs/comments-on-wipo-broadcast-treaty

Comments on the Draft Rules under the Information Technology Act

pranesh — 2011-09-21T06:13:42Z

The Centre for Internet and Society commissioned an advocate, Ananth Padmanabhan, to produce a comment on the Draft Rules that have been published by the government under the Information Technology Act. In his comments, Mr. Padmanabhan highlights the problems with each of the rules and presents specific recommendations on how they can be improved. These comments were sent to the Department of Information and Technology.

Comments on the Draft Rules under the Information Technology Act as Amended by the Information Technology (Amendment) Act, 2008

Submitted by the Centre for Internet and Society, Bangalore

Prepared by Ananth Padmanabhan, Advocate in the Madras High Court

Interception, Monitoring and Decryption

Section 69

The section says:

Where the Central Government or a State Government or any of its officer specially authorised by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource.
The procedure and safeguards subject to which such interception or monitoring or decryption may be carried out, shall be such as may be prescribed.
The subscriber or intermediary or any person in-charge of the computer resource shall, when called upon by any agency referred to in sub-section (1), extend all facilities and technical assistance to-

(a) provide access to or secure access to the computer resource generating transmitting, receiving or storing such information; or

(b) intercept, monitor, or decrypt the information, as the case may be; or

The subscriber or intermediary or any person who fails to assist the agency referred to in sub-section (3) shall be punished with imprisonment for a term which may extend to seven years and shall also be liable to fine.

Recommendation #1
Section 69(3) should be amended and the following proviso be inserted:

Provided that only those intermediaries with respect to any information or computer resource that is sought to be monitored, intercepted or decrypted, shall be subject to the obligations contained in this sub-section, who are, in the opinion of the appropriate authority, prima facie in control of such transmission of the information or computer resource. The nexus between the intermediary and the information or the computer resource that is sought to be intercepted, monitored or decrypted should be clearly indicated in the direction referred to in sub-section (1) of this section.

Reasons for the Recommendation
In the case of any information or computer resource, there may be more than one intermediary who is associated with such information. This is because “intermediary” is defined in section 2(w) of the amended Act as,

“with respect to any electronic record means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record, including telecom service providers, network service providers, internet service providers, webhosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes”.

The State or Central Government should not be given wide-ranging powers to enforce cooperation on the part of any such intermediary without there being a clear nexus between the information that is sought to be decrypted or monitored by the competent authority, and the control that any particular intermediary may have over such information.

To give an illustration, merely because some information may have been posted on an online portal, the computer resources in the office of the portal should not be monitored unless the portal has some concrete control over the nature of information posted in it. This has to be stipulated in the order of the Central or State Government which authorizes interception of the intermediary.

Recommendation #2
Section 69(4) should be repealed.

Reasons for the Recommendation
The closest parallels to Section 69 of the Act are the provisions in the Telegraph Rules which were brought in after the decision in PUCL v. Union of India, (1997) 1 SCC 301, famously known as the telephone tapping case.

Section 69(4) fixes tremendous liability on the intermediary for non-cooperation. This is violative of Article 14. Similar provisions in the Indian Penal Code and Code of Criminal Procedure, which demand cooperation from members of the public as regards production of documents, letters etc., and impose punishment for non-cooperation on their part, impose a maximum punishment of one month. It is bewildering why the punishment is 7 years imprisonment for an intermediary, when the only point of distinction between an intermediary under the IT Act and a member of the public under the IPC and CrPC is the difference in the media which contains the information.

Section 69(3) is akin to the duty cast upon members of the public to extend cooperation under Section 39 of the Code of Criminal Procedure by way of providing information as to commission of any offence, or the duty, when a summons is issued by the Court or the police, to produce documents under Sections 91 and 92 of the Code of Criminal Procedure. The maximum punishment for non-cooperation prescribed by the Indian Penal Code for omission to cooperate or wilful breach of summons is only a month under Sections 175 and 176 of the Indian Penal Code. Even the maximum punishment for furnishing false information to the police is only six months under Section 177 of the IPC. When this is the case with production of documents required for the purpose of trial or inquiry, it is wholly arbitrary to impose a punishment of six years in the case of intermediaries who do not extend cooperation for providing access to a computer resource which is merely apprehended as being a threat to national security etc. A mere apprehension, however reasonable it may be, should not be used to pin down a liability of such extreme nature on the intermediary.

This would also amount to a violation of Articles 19(1)(a) as well as 19(1)(g) of the Constitution, not to mention Article 20(3). To give an example, much of the information received from confidential sources by members of the press would be stored in computer resources. By coercing them, through the 7 year imprisonment threat, to allow access to this computer resource and thereby part with this information, the State is directly infringing on their right under Article 19(1)(a). Furthermore, if the “subscriber” is the accused, then section 69(4) goes against Article 20(3) by forcing the accused to bear witness against himself.

Draft Rules under Section 69

Rule 3
Directions for interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under sub- section (2) of section 69 of the Information Technology (Amendment) Act, 2008 (hereinafter referred to as the said Act) shall not be issued except by an order made by the concerned competent authority who is Union Home Secretary in case of Government of India; the Secretary in-charge of Home Department in a State Government or Union Territory as the case may be. In unavoidable circumstances, such order may be made by an officer, not below the rank of a Joint Secretary to the Government of India, who has been duly authorised by the Union Home Secretary or by an officer equivalent to rank of Joint Secretary to Government of India duly authorised by the Secretary in-charge of Home Department in the State Government or Union Territory, as the case may be:

Provided that in emergency cases –
(i) in remote areas, where obtaining of prior directions for interception or monitoring or decryption of information is not feasible; or
(ii) for operational reasons, where obtaining of prior directions for interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource is not feasible;

the required interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource shall be carried out with the prior approval of the Head or the second senior most officer of the Security and Law Enforcement Agencies (hereinafter referred to as the said Security Agencies) at the Central Level and the officers authorised in this behalf, not below the rank of Inspector General of Police or an officer of equivalent rank, at the State and Union Territory level. The concerned competent authority, however, shall be informed of such interceptions or monitoring or decryption by the approving authority within three working days and that such interceptions or monitoring or decryption shall be got confirmed by the concerned competent authority within a period of seven working days. If the confirmation from the concerned competent authority is not received within the stipulated seven working days, such interception or monitoring or decryption shall cease and the same information shall not be intercepted or monitored or decrypted thereafter without the prior approval of the concerned competent authority, as the case may be.

Recommendation #3
In Rule 3, the following proviso may be inserted:

“Provided that in the event of cooperation by any intermediary being required for the purpose of interception, monitoring or decryption of such information as is referred to in this Rule, prior permission from a Supervisory Committee headed by a retired Judge of the Supreme Court or the High Courts shall be obtained before seeking to enforce the Order mentioned in this Rule against such intermediary.”

Reasons for the Recommendation
Section 69 and the draft rules suffer from absence of essential procedural safeguards. This has come in due to the blanket emulation of the Telegraph Rules. Additional safeguards should have been prescribed to ensure that the intermediary is put to minimum hardship when carrying on the monitoring or being granted access to a computer resource. Those are akin to a raid, in the sense that it can stop an online e-commerce portal from carrying out operations for a day or even more, thus affecting their revenue. It is therefore recommended that in any situation where cooperation from the intermediary is sought, prior judicial approval has to be taken. The Central or State Government cannot be the sole authority in such cases.

Furthermore, since access to the computer resource is required, an executive order should not suffice, and a search warrant or an equivalent which results from a judicial application of the mind (by the Supervisory Committee, for instance) should be required.

Recommendation #4
The following should be inserted after the last line in Rule 22:

The Review Committee shall also have the power to award compensation to the intermediary in cases where the intermediary has suffered loss or damage due to the actions of the competent authority while implementing the order issued under Rule 3.

Reasons for the Recommendation
The Review Committee should be given the power to award compensation to the loss suffered by the intermediary in cases where the police use equipment or software for monitoring/decryption that causes damage to the intermediary’s computer resources / networks. The Review Committee should also be given the power to award compensation in the case of monitoring directions which are later found to be frivolous or even worse, borne out of mala fide considerations. These provisions will act as a disincentive against the abuse of power contained in Section 69.

Blocking of Access to Information

Section 69A

The section provides for blocking of websites if the government is satisfied that it is in the interests of the purposes enlisted in the section. It also provides for penalty of up to seven years for intermediaries who fail to comply with the directions under this section.
The rules under this section describe the procedure which have to be followed barring which the review committee may, after due examination of the procedural defects, order an unblocking of the website.

Section 69A(3)
The intermediary who fails to comply with the direction issued under sub-section (1) shall be punished with an imprisonment for a term which may extend to seven years and also be liable to fine.

Recommendation #5
The penalty for intermediaries must be lessened.

Reasons for Recommendations
The penal provision in this section which prescribes up to seven years imprisonment and a fine on an intermediary who fails to comply with the directions so issued is also excessively harsh. Considering the fact that various mechanisms are available to escape the blocking of websites, the intermediaries must be given enough time and space to administer the block effectively and strict application of the penal provisions must be avoided in bona fide cases.

The criticism about Section 69 and the draft rules in so far as intermediary liability is concerned, will also apply mutatis mutandis to these rules as well as Section 69A.

Draft Rules under Section 69A

Rule 22: Review Committee
The Review Committee shall meet at least once in two months and record its findings whether the directions issued under Rule (16) are in accordance with the provisions of sub-section (2) of section 69A of the Act. When the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and order for unblocking of said information generated, transmitted, received, stored or hosted in a computer resource for public access.

Recommendation #6
A permanent Review Committee should be specially for the purposes of examining procedural lapses.

Reasons for Recommendation
Rule 22 provides for a review committee which shall meet a minimum of once in every two months and order for the unblocking of a site of due procedures have not been followed. This would mean that if a site is blocked, there could take up to two months for a procedural lapse to be corrected and it to be unblocked. Even a writ filed against the policing agencies for unfair blocking would probably take around the same time. Also, it could well be the case that the review committee will be overborne by cases and may fall short of time to inquire into each. Therefore, it is recommended that a permanent Review Committee be set up which will monitor procedural lapses and ensure that there is no blocking in the first place before all the due procedural requirements are met.

Monitoring and Collection of Traffic Data

Draft Rules under Section 69B

The section provides for monitoring of computer networks or resources if the Central Government is satisfied that conditions so mentioned are satisfied.

The rules provide for the manner in which the monitoring will be done, the process by which the directions for the same will be issued and the liabilities of the intermediaries and monitoring officers with respect to confidentiality of the information so monitored.

Grounds for Monitoring
Rule 4
The competent authority may issue directions for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource for any or all of the following purposes related to cyber security:
(a) forecasting of imminent cyber incidents;
(b) monitoring network application with traffic data or information on computer resource;
(c) identification and determination of viruses/computer contaminant;
(d) tracking cyber security breaches or cyber security incidents;
(e) tracking computer resource breaching cyber security or spreading virus/computer contaminants;
(f) identifying or tracking of any person who has contravened, or is suspected of having contravened or being likely to contravene cyber security;
(g) undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resource;
(h) accessing a stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force;
(i) any other matter relating to cyber security.

Rule 6
No direction for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource shall be given for purposes other than those specified in Rule (4).

Recommendation #7
Clauses (a), (b), (c), and (i) of Rule 4 must be repealed.

Reasons for Recommendations
The term “cyber incident” has not been defined, and “cyber security” has been provided a circular definition. Rule 6 clearly states that no direction for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource shall be given for purposes other than those specified in Rule 4. Therefore, it may prima facie appear that the government is trying to lay down clear and strict safeguards when it comes to monitoring at the expense of a citizens' privacy. However, Rule 4(i) allows the government to monitor if it is satisfied that it is “any matter related to cyber security”. This may well play as a ‘catch all’ clause to legalise any kind of monitoring and collection and therefore defeats the purported intention of Rule 6 of safeguarding citizen’s interests against arbitrary and groundless intrusion of privacy. Also, the question of degree of liability of the intermediaries or persons in charge of the computer resources for leak of secret and confidential information remains unanswered.

Rule 24: Disclosure of monitored data
Any monitoring or collection of traffic data or information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, undertaken in course of his duty relating to the services provided by that intermediary, shall not be unlawful, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with :
(vi) Accessing or analysing information from a computer resource for the purpose of tracing a computer resource or any person who has contravened, or is suspected of having contravened or being likely to contravene, any provision of the Act that is likely to have an adverse impact on the services provided by the intermediary.

Recommendation #8
Safeguards must be introduced with respect to exercise of powers conferred by Rule 24(vi).

Reasons for Recommendations
Rule 24(vi) provides for access, collection and monitoring of information from a computer resource for the purposes of tracing another computer resource which has or is likely to contravened provisions of the Act and this is likely to have an adverse impact on the services provided by the intermediary. Analysis of a computer resource may reveal extremely confidential and important data, the compromise of which may cause losses worth millions. Therefore, the burden of proof for such an intrusion of privacy of the computer resource, which is first used to track another computer resource which is likely to contravene the Act, should be heavy. Also, this violation of privacy should be weighed against the benefits accruing to the intermediary. The framing of sub rules under this clearly specifying the same is recommended.

The disclosure of sensitive information by a monitoring agency for purposes of ‘general trends’ and ‘general analysis of cyber information’ is uncalled for as it dissipates information among lesser bodies that are not governed by sufficient safeguards and this could result in outright violation of citizen’s privacy.

Manner of Functioning of CERT-In

Draft Rules under Section 70B(5)

Section 70B provides for an Indian Computer Emergency Response Team (CERT-In) which shall serve as a national agency for performing duties as prescribed by clause 4 of this section in accordance to the rules as prescribed.
The rules provide for CERT-In’s authority, composition of advisory committee, constituency, functions and responsibilities, services, stakeholders, policies and procedures, modus operandi, disclosure of information and measures to deal with non compliance of orders so issued. However, there are a few issues which need to be addressed as under:

Definitions
In these Rules, unless the context otherwise requires, “Cyber security incident” means any real or suspected adverse event in relation to cyber security that violates an explicit or implied security policy resulting in unauthorized access, denial of service/ disruption, unauthorized use of a computer resource for processing or storage of information or changes to data, information without authorization.

Recommendation #9
The words ‘or implied’’ must be excluded from rule 2(g) which defines ‘cyber security incident’, and the term ‘security policy’ must be qualified to state what security policy is being referred to.

Reasons for Recommendation
“Cyber security incident” means any real or suspected adverse event in relation to cyber security that violates an explicit or implied security policy resulting in unauthorized access, denial of service/disruption, unauthorized use of a computer resource for processing or storage of information or changes to data, information without authorization.

Thus, the section defines any circumstance where an explicit or implied security policy is contravened as a ‘cyber security incident’. Without clearly stating what the security policy is, an inquiry into its contravention is against an individual’s civil rights. If an individual’s actions are to be restricted for reasons of security, then the restrictions must be expressly defined and such restrictions cannot be said to be implied.

Rule 13(4): Disclosure of Information
Save as provided in sub-rules (1), (2), (3) of rule 13, it may be necessary or expedient to so to do, for CERT-In to disclose all relevant information to the stakeholders, in the interest of sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence relating to cognizable offence or enhancing cyber security in the country.

Recommendation #10
Burden of necessity for disclosure of information should be made heavier.

Reasons for the Recommendation
Rule 13(4) allows the disclosure of information by CERT-In in the interests of ‘enhancing cyber security’. This enhancement however needs to be weighed against the detriment caused to the individual and the burden of proof must be on the CERT-In to show that this was the only way of achieving the required.

Rule 19: Protection for actions taken in Good Faith
All actions of CERT-In and its staff acting on behalf of CERT-In are taken in good faith in fulfillment of its mandated roles and functions, in pursuance of the provisions of the Act or any rule, regulations or orders made thereunder. CERT-In and its staff acting on behalf of CERT-In shall not be held responsible for any unintended fallout of their actions.

Recommendation #11
CERT-In should be made liable for their negligent action and no presumption of good faith should be as such provided for.

Reasons for the Recommendation
Rule 19 provides for the protection of CERT-In members for the actions taken in ‘good faith’. It defines such actions as ‘unintended fallouts’. Clearly, if information has been called for and the same is highly confidential, then this rule bars the remedy for any leak of the same due to the negligence of the CERT-In members. This is clearly not permissible as an agency that calls for delicate information should also be held responsible for mishandling the same, intentionally or negligently. Good faith can be established if the need arises, and no presumption as to good faith needs to be provided.

Draft Rules under Section 52

These rules, entitled the “Cyber Appellate Tribunal (Salary, Allowances and Other Terms and Conditions of Service of Chairperson and Members) Rules, 2009” are meant to prescribe the framework for the independent and smooth functioning of the Cyber Appellate Tribunal. This is so because of the specific functions entrusted to this Appellate Tribunal. Under the IT Act, 2000 as amended by the IT (Amendment) Act, 2008, this Tribunal has the power to entertain appeals against orders passed by the adjudicating officer under Section 47.

Recommendation #12
Amend qualifications Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003, to require judicial training and experience.

Reasons for the Recommendation
It is submitted that an examination of these rules governing the Appellate Tribunal cannot be made independent of the powers and qualifications of Adjudicating Officers who are the original authority to decide on contravention of provisions in the IT Act dealing with damage to computer system and failure to furnish information. Even as per the Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003, persons who did not possess judicial experience and training, such as those holding the post of Director in the Central Government, were qualified to perform functions under Section 46 and decide whether there has been unauthorized access to a computer system. This involves appreciation of evidence and is not a merely administrative function that could be carried on by any person who has basic knowledge of information technology.

Viewed from this angle, the qualifications of the Cyber Appellate Tribunal members should have been made much tighter as per the new draft rules. The above rules when read with Section 50 of the IT Act, as amended in 2008, do not say anything about the qualification of the technical members apart from the fact that such person shall not be appointed as a Member, unless he is, or has been, in the service of the Central Government or a State Government, and has held the post of Additional Secretary or Joint Secretary or any equivalent post. Though special knowledge of, and professional experience in, information technology, telecommunication, industry, management or consumer affairs, has been prescribed in the Act as a requirement for any technical member.

Draft Rules under Section 54

These Rules do not suffer any defect and provide for a fair and reasonable enquiry in so far as allegations made against the Chairperson or the members of the Cyber Appellate Tribunal are concerned.

Penal Provisions

Section 66A

Any person who sends, by means of a computer resource or a communication device,
    (a) any information that is grossly offensive or has menacing character; or
    (b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device,
    (c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages,
shall be punishable with imprisonment for a term which may extend to three years and with fine.
Sec. 32 of the 2008 Act inserts Sec. 66A which provides for penal measures for mala fide use of electronic resources to send information detrimental to the receiver. For the section to be attracted the ‘information’ needs to be grossly offensive, menacing, etc. and the sender needs to have known it to be false.

While the intention of the section – to prevent activities such as spam-sending – might be sound and even desirable, there is still a strong argument to be made that words is submitted that the use of words such as ‘annoyance’ and ‘inconvenience’ (in s.66A(c)) are highly problematic. Further, something can be grossly offensive without touching upon any of the conditions laid down in Article 19(2). Without satisfying the conditions of Article 19(2), this provision would be ultra vires the Constitution.

Recommendation #13
The section should be amended and words which lead to ambiguity must be excluded.

Reasons for the Recommendation
A clearer phrasing as to what exactly could convey ‘ill will’ or cause annoyance in the electronic forms needs to be clarified. It is possible in some electronic forms for the receiver to know the content of the information. In such circumstances, if such a possibility is ignored and annoyance does occur, is the sender still liable? Keeping in mind the complexity of use of electronic modes of transmitting information, it can be said that several such conditions arise which the section has vaguely covered. Therefore, a stricter and more clinical approach is necessary.

Recommendation #14
A proviso should be inserted to this section providing for specific exceptions to the offence contained in this section for reasons such as fair comment, truth, criticism of actions of public officials etc.

Reasons for the Recommendation
The major problem with Section 66A lies in clause (c) as per which any electronic mail or electronic mail message sent with the purpose of causing annoyance or inconvenience is covered within the ambit of offensive messages. This does not pay heed to the fact that even a valid and true criticism of the actions of an individual, when brought to his notice, can amount to annoyance. Indeed, it may be brought to his attention with the sole purpose of causing annoyance to him. When interpreting the Information Technology Act, it is to be kept in mind that the offences created under this Act should not go beyond those prescribed in the Indian Penal Code except where there is a wholly new activity or conduct, such as hacking for instance, which is sought to be criminalized.

Offensive messages have been criminalized in the Indian Penal Code subject to the conditions specified in Chapter XXII being present. It is not an offence to verbally insult or annoy someone without anything more being done such as a threat to commit an offence, etc. When this is the case with verbal communications, there is no reason to make an exception for those made through the electronic medium and bring any electronic mail or message sent with the purpose of causing annoyance or inconvenience within the purview of an offensive message.

Section 66F

The definition of cyber-terrorism under this provision is too wide and can cover several activities which are not actually of a “terrorist” character.
Section 66F(1)(B) is particularly harsh and goes much beyond acts of “terrorism” to include various other activities within its purview. As per this provision,
“[w]hoever knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons for the security of the State or foreign relations, or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or is likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.”

This provision suffers from several defects and hence ought to be repealed.

Recommendation #15
Section 66F(1)(B) has to be repealed or suitably amended to water down the excessively harsh operation of this provision. The restrictive nature of the information that is unauthorisedly accessed must be confined to those that are restricted on grounds of security of the State or foreign relations. The use to which such information may be put should again be confined to injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order. A mere advantage to a foreign nation cannot render the act of unauthorized access one of cyber-terrorism as long as such advantage is not injurious or harmful in any manner to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order. A mens rea requirement should also be introduced whereby mere knowledge that the information which is unauthorisedly accessed can be put to such uses as given in this provision should not suffice for the unauthorised access to amount to cyber-terrorism. The unauthorised access should be with the intention to put such information to this use. The amended provision would read as follows:

“[w]hoever knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons for the security of the State or foreign relations, with the intention that such information, data or computer database so obtained may be used to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order, commits the offence of cyber terrorism.”

Reasons for the Recommendation
The ambit of this provision goes much beyond information, data or computer database which is restricted only on grounds of security of the State or foreign relations and extends to “any restricted information, data or computer database”. This expression covers any government file which is marked as confidential or saved in a computer used exclusively by the government. It also covers any file saved in a computer exclusively used by a private corporation or enterprise. Even the use to which such information can be put need not be confined to those that cause or are likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, or friendly relations with foreign States. Information or data which is defamatory, amounting to contempt of court, or against decency / morality, are all covered within the scope of this provision. This goes way beyond the idea of a terrorist activity and poses serious questions. While there is no one globally accepted definition of cyberterrorism, it is tough to conceive of slander as a terrorist activity.

To give an illustration, if a journalist managed to unauthorisedly break into a restricted database, even one owned by a private corporation, and stumbled upon information that is defamatory in character, he would have committed an act of “cyber-terrorism.” Various kinds of information pertaining to corruption in the judiciary may be precluded from being unauthorisedly accessed on the ground that such information may be put to use for committing contempt of court. Any person who gains such access would again qualify as a cyber-terrorist. The factual situations are numerous where this provision can be put to gross misuse with the ulterior motive of muzzling dissent or freezing access to information that may be restricted in nature but nonetheless have a bearing on probity in public life etc. It is therefore imperative that this provision may be toned down as recommended above.

For more details visit https://cis-india.org/internet-governance/blog/comments-draft-rules