Centre for Internet and Society

Watch: Aadhaar has become a whipping boy: Nandan Nilekani

praskrishna — 2017-05-19T09:54:52Z

India certainly needs a modern data privacy and protection law, Nilekani said in an interview.

The Alnoor Peermohamed and Raghu Krishnan was published in the Business Standard on May 13, 2017.

As debate rages over Aadhaar being a privacy and surveillance liability, its architect Nandan Nilekani says the unique identity programme has become a “whipping ward”. In an interview with Alnoor Peermohamed and Raghu Krishnan, he says we need a data protection and privacy law with adequate judicial and parliamentary oversight. Edited excerpts:

There is concern we are losing our privacy because of Aadhaar...

Privacy is an issue the whole world is facing, thanks to digitisation. The day you went from a feature phone to a smartphone the amount of digital footprint you left behind went up dramatically. The phone records your messages, it knows what you are saying, it has a GPS so it can tell anybody where you are, the towers can tell anybody where you are because they are constantly pinging the phone. There are accelerometers and gyroscopes in the phone that detect movement.

Internet companies essentially make money from data. They use data to sell you things or advertisements. And that data is not even in India, it is in some country in some unaccountable server and accessible to the government of that foreign country, not ours.

Then increasingly there is the Internet of Things. Your car has so many sensors, wearables have sensors and all of them are recording data and beaming it to somebody else. Then there are CCTV cameras everywhere, and today they are all IP-enabled.

So privacy is a global issue, caused by digitisation. Aadhaar is one small part of that. The system is designed not to collect information, because the first risk to privacy is if someone is collecting information. Aadhaar is a passive ID system, it just sits there and when you go somewhere and invoke it, it authenticates your identity. By design itself, it is built for privacy. I believe India needs a modern data privacy and protection law.

Why is Aadhaar being used as a proxy for the privacy and data protection issues?

It is a motivated campaign by people who are trying to find different ways to say something about it. Privacy is a much bigger issue. I have been talking about privacy much before anyone else. In 2010, when it was not such a big issue, I had written to Prime Minister Manmohan Singh saying we needed a data protection law. You could see what was happening, the iPhone came out on June 30, 2007, Android phones came around the time we started Aadhaar, so we could see the trend. I asked Rahul Matthan, a top intellectual property and data lawyer, to help and we worked with the government to come out with a draft law. And then there was the AP Shah Committee. The UIDAI’s DDG Ashok Pal Singh was a part of that committee, so we helped shape that policy.

When a banking application uses Aadhaar, the system does not know what the bank does. It is deliberately designed so that data is kept away from the core system.

I am all for a data protection law but we should look at it in context, look at the big picture. If people want to work together to create a data privacy law then it is a great thing. But if they want to use it to just attack Aadhaar, then there is some other interest at work.

Now that the government is linking Aadhaar to PAN and driver’s licences, will that not lead to Aadhaar being used as a surveillance tool?

Surveillance is conducted through a 24x7 system that knows what you are doing, so from a technology perspective the best surveillance device is your phone. The phone is the device you should worry about.

Aadhaar is not a 24x7 product. I buy one SIM card a year and do an e-KYC, the driver’s licence sits in my pocket and only sometimes someone asks for it. With the PAN card I file my returns only once a year.

But with all that data being linked, can the government not use it?

It is a valid concern and has to be addressed through a legal and oversight process. Aadhaar is just one technology. You do not attack the technology, you look at the overall picture.

The US has the Foreign Intelligence Surveillance Act under which special courts issue warrants to the FBI for surveillance. This is absolutely required and it should be a part of the data protection law (in India) which says under what circumstances the government can authorise surveillance.

Today mobile phones are being tapped by so many agencies. In the US, the FBI is under the oversight of the Senate. In India, Parliament does not have oversight of any intelligence agency. I remember (former Union minister) Manish Tewari had introduced a Bill six or seven years ago saying Intelligence agencies needed to be under the oversight of the Parliament, but nothing happened.

Is there any way to stop Aadhaar being used as a surveillance tool?

Today a person can be identified with or without Aadhaar. US systems can identify a person in a few milliseconds using big data. All that is part of what we have to protect. Aadhaar by itself is not going to add anything to that. What is important is that the infrastructure of surveillance comes under judicial oversight as well as parliamentary oversight.

Would the Aadhaar narrative have been different if this were a Congress-led government?

I think most people making this noise are against the government, so it is a political argument and Aadhaar has become a convenient whipping ward. Lots of different agendas are at work here. But my understanding is this - whether it is data protection and privacy, surveillance or security, these are all broad issues that apply to technology in general and if you are serious about solving the issues you should fix it at the highest level and have a data protection and privacy law which includes, mobile phones, CCTV cameras and Aadhaar.

A report by the Centre for Internet and Society says 130 million Aadhaar identities have been leaked...

It is because of the transparency movement in the last 10 years. In 2006, we passed the RTI Act and MNREGA Act. Section 4 of the RTI Act says that data about benefits should be made public. At that time it was all about transparency. Since then, governments have been publishing lists of MNREGA beneficiaries and how much money is being put into their bank accounts. At that time it was applauded. Now the same thing is coming back as privacy being affected.

These are not leaks; governments have been consciously putting out the data in the interest of transparency. The message from this is we have to strike a balance between transparency and privacy. And that is a difficult balance because Section 4 of the RTI Act says if a benefit is provided by the government it is public information, so the names of beneficiaries should be published because it is taxpayers’ money.

There is something called personally identifiable information. You should strike a balance between transparency and not revealing personally identifiable information. That is a delicate balance, and people will have to figure this out. The risk you have now is governments will stop publishing data - look, you guys have made a big fuss about privacy, we will not publish. In fact, the transparency guys are now worried that all the gains are being lost.

If Aadhaar is voluntary, why is the government forcing it on to various schemes?

There are two things, benefits and entitlements and government-issued documents. There the government has passed a law, the Aadhaar Bill of 2016, which is signed by the President. In that, there is a clear protocol that the government can use Aadhaar for benefits and what process they should follow.

The second thing is Aadhaar for government documents. There are three examples - PAN cards, driver’s licences and SIM cards.

The government has modified the Finance Bill and made Aadhaar mandatory for a PAN card. Why has it done that? Because India has a large number of duplicate PAN cards. India has something like over 250 million PAN cards and only 40 million taxpayers. Some of those may be people who have taken PAN cards just as ID but not for tax purposes, but frankly it is also because a lot of people have duplicate PAN cards. Why do people have duplicates? That is a way of tax evasion. The only way you can eliminate duplicate PAN cards is by having Aadhaar as a way of establishing uniqueness.

The second thing is mobile phones. Here the mobile phone requirement came from the Supreme Court, where somebody filed a PIL saying so many mobile phones are being given to terrorists and therefore you need to do an e-KYC when the SIM is cut and the government said they would use Aadhaar and they have been asked to do it by 2018.

The third thing is driver’s licences. As (Union Transport Minister Nitin Gadkari has said, 30 per cent of all driver’s licences are fakes. Now why is this important? Because when you have fake driver’s licences or multiple drivers’ licences, even if you are caught, you can give your fake licence and continue to drive. Today India is the country with the largest number of deaths on highways. Lack of enforcement, fake licences are all a problem. So in the latest Motor Vehicle Bill which was passed the government said Aadhaar was necessary to get a licence. So that you have just one driver’s licence, whether it is issued in Karnataka or Bihar, you have just one.

The government is also talking about using Aadhaar for the mid-day meal scheme...

If you talk to people on the ground, and I have spoken to people on the ground, a big part of the leakage is mid-day meals. It is not reaching children. So it is important that all this has to happen so children get what they need.

You engaged with governments and civil servants when you initiated the Aadhaar process. In hindsight, would you say you should have also engaged with civil society?

I do not think there is any other programme in history which reached out to every stakeholder in the country. When we started Aadhaar we met governments, regulators and even parliamentarians. I gave a talk in Parliament and we engaged deeply with civil society. In fact, we had one volunteer only to engage with civil society.

You said you were engaged with the previous government about the data protection law. Are you engaging with the current one too?

I am not really engaging. I know that people are working on it and recently the attorney-general has made a statement in the Supreme Court that the government will bring in a data protection law by Diwali.

We have heard of several instances of people not being able to get their biometric authentication done. Is there a problem with Aadhaar?

The seeding of data in the Aadhaar database has to be done properly and that is a process. Authentication has been proven at scale in Andhra Pradesh. Millions of people receive food with Aadhaar authentication in 29,000 PDS outlets. In fact, now they have portability -- a person from Guntur can go to Vijayawada and get his rations. It is empowering. We keep forgetting about the empowering value.

What has the Andhra Pradesh government done? They have used fingerprints, but they also have used iris scans, OTP on phone, and they have a village revenue officer if none of the above works. When you design the system, you have to design it in a way that 100 per cent of the beneficiaries genuinely get the benefit. Andhra Pradesh has shown it can be done.

The government needs to package the learning and best practices of Andhra Pradesh and take it to every other state. It is an execution issue.

Activists have raised concerns over the centralised Aadhaar database...

How else would you establish uniqueness? If you are going to give a billion people a number, how else would you do it? Is there any other way of doing it? Every cloud is centralised, then we should not have cloud systems.

How do you ensure security standards and software are updated?

There are very good people there. The CEO is very good. There is a three-member executive board with chairman Satyanarayana and two members, Anand Deshpande and Rajesh Jain. I have no doubt that they will continue to improve things.

On security, you keep improving. It is a constant race everywhere in the world. They are now coming out with registered devices that will make it more difficult to spoof.

But without a centralised database, how do you establish that an identity is not two people? If you look at the team that designed this, cumulatively they have a few hundred years of experience of designing large systems around the world. Every design decision has been taken consciously looking at the pros and cons. Why did we have both fingerprints and iris scans? There are two reasons. One is to ensure uniqueness. The second is inclusion. We knew that fingerprints in India do not work all the time because of age and manual labour. So we included iris scans. I can give you a document from 2009 that says all of this. All of these things were thought through.

If you are given a chance to design Aadhaar today what would you do differently?

I would do exactly the same thing. Go back and look at the design document. Every design has been articulated, the pros and cons are written down, published on our website, and it is a highly transparent exercise. It is the appropriate design for the problem we are trying to solve. We are forgetting about the huge benefits people are getting. Crores of people are getting direct benefit transfer without hassle. They can go to a village business correspondent and withdraw money using Aadhaar. They can get their SIM card and open a bank account using e-KYC.

You are also forgetting that people are getting empowered. That portability has ensured the bargaining power has shifted from the PDS shop owner to the individual. If a PDS guy treats him badly, the individual can choose another shop, earlier he could not do that. The empowerment of millions of people to buy rations at the shop of their choice is extraordinary.

For more details visit https://cis-india.org/internet-governance/news/business-standard-may-13-2017-alnoor-peermohamed-and-raghu-krishnan-aadhaar-has-become-a-whipping-boy-nandan-nilekani

WannaCry: ATMs not to shut down, clarifies RBI, but how safe are our machines?

praskrishna — 2017-05-19T06:30:49Z

SBI has denied there was any compromise in its ATMs.

The blog post by Soumya Chatterjee was published by Newsminute on May 16, 2017. Udbhav Tiwari was quoted.

In the wake of the onslaught by ransomware WannaCry across the globe, the Reserve Bank of India has denied that it has asked banks in the country to shut down ATMs despite multiple conflicting reports on the same.

Speaking to The News Minute, the central bank’s spokesperson clarified, “The RBI has not passed any circulars to banks on the issue. All circulars sent to banks by the RBI is on the official website if it’s not on the website that means there is no such circular.”

The State Bank of India, the largest consumer bank of India also denied any compromise in its ATMs.

“All our systems are updated as required. Some of those, we do it daily. There are two types of updates, one is at the server level and one at the machine level. Generally, server level updates are done on a daily basis because patches are released and these are managed centrally in addition to local firewalls. The ATM machines are updated typically once in 15 days that is when the maintenance engineers visit the sites, they carry the latest software patch with them. So, everything is updated, there is no problem regarding this. We have additional surveillance but none of the ATM networks in the world has been impacted," Mrityunjoy Mahapatra, CIO of SBI told TNM.

However, a cyber security expert working with the Centre for Internet and Society, Udbhav Tiwari working on vulnerabilities such as these, said as most ATMs in the country especially of the public-sector banks run on outdated operating systems, or are not updated regularly, they can be easily compromised.

“This particular vulnerability was exposed by the WikiLeaks in March saying that the US' NSA was using this vulnerability in Windows operating systems to target individuals. Following this, Microsoft had sent patches in its update in March itself to counter this particular form of threats,” Udhav told TNM.

Udhav said WannaCry is one of the viruses which exploits this vulnerability adding,"No operating system is completely secure be it Windows, Mac or Linux or others, but there are certain OSs that are more susceptible to such attacks due to their popular usage and subsequent research carried on them. Once such attacks come out in the public domain and they usually get patched by the maintainers of the OS."

“In my personal experience, I have come across that most of the ATMs run on customised versions/ embeds of Windows XP or better Windows 7 which came out in 2001 and 2009 respectively. The support period for XP has already lapsed which means that it is more susceptible to malicious attacks than patched versions of other OSs,” Udhav said.

"However, Microsoft made an exception for this current threat and issued patches just for this,” added Udhav, noting if the patches were not installed they remain open to the WannaCry threat.

He also says that as there is no central repository to know what operating system many ATMs run, it would be hard to get the number of machines which are prone to this particular attack.

The cyber security expert draws parallels with the data security breaches last September and October, where a malware attack forced Indian banks to replace or request users to change the security codes of 3.2 million debit cards.

Udhav explained, “The malware had propagated in a very similar manner, they propagated via the internal networks of the bank because of a vulnerability of the ATM machines and then started recording details stored in the magnetic strips of the card."

Apart from invading some systems in departments of some state government in India, WannaCry has penetrated high profile systems across the globe including UK’s health services, Germany’s railway.

For more details visit https://cis-india.org/internet-governance/news/newsminute-may-16-2017-soumya-chatterjee-wannacry-atms-not-to-shut-down-clarifies-rbi

Vodafone Report Explains Government Access to Customer Data

joe — 2014-06-19T10:38:01Z

Vodafone Group PLC, the world’s second largest mobile carrier, released a report on Friday, June 6 2014 disclosing to what extent governments can request their customers’ data.

The Law Enforcement Disclosure Report, a section of a larger annual Sustainability Report began by asserting that Vodafone "customers have a right to privacy which is enshrined in international human rights law and standards and enacted through national laws."

However, the report continues, Vodafone is incapable of fully protecting its customers right to privacy, because it is bound by the laws in the various countries in which it operates. "If we do not comply with a lawful demand for assistance, governments can remove our license to operate, preventing us from providing services to our customers," The report goes into detail about the laws in each of the 29 nations where the company operates.

Vodafone’s report is one of the first published by a multinational service provider. Compiling such a report was especially difficult, according to the report, for a few reasons. Because no comparable report had been published before, Vodafone had to figure out for themselves, the “complex task” of what information they could legally publish in each country. This difficulty was compounded by the fact that Vodafone operates physical infrastructure and thus sets up a business in each of the countries where it provides services. This means that Vodafone is subject to the laws and operating licenses of each nation where it operates, unlike as a search engine such as Google, which can provide services across international borders but still be subject to United States law – where it is incorporated.

The report is an important step forward for consumer privacy. First, the Report shows that the company is aware of the conflict of interest between government authorities and its customers, and the pivotal position that the company can play in honoring the privacy of its users by providing information regarding the same in all cases where it legally can. Additionally, providing the user insight into challenges that the company faces when addressing and responding to law enforcement requests, the Report provides a brief overview of the legal qualifications that must be met in each country to access customer data. Also, Vodafone’s report has encouraged other telecom companies to disclose similar information to the public. For instance, Deutsche Telekom AG, a large European and American telecommunications company, said Vodafone’s report had led it consider releasing a report of it’s own.

Direct Government Access

The report revealed that six countries had constructed secret wires or “pipes” which allowed them access to customers’ private data. This means that the governments of these six countries have immediate access to Vodafone’s network without any due process, oversight, or accountability for these opaque practices. Essentially, the report reveals, in order to operate in one of these jurisdictions, a communications company must ensure that authorities have, real time and direct access to all personal customer data at any time, without any specific justification. The report does not name these six nations for legal reasons.

"These pipes exist, the direct access model exists,” Vodafone's group privacy officer, Stephen Deadman, told the Guardian. “We are making a call to end direct access as a means of government agencies obtaining people's communication data. Without an official warrant, there is no external visibility. If we receive a demand we can push back against the agency. The fact that a government has to issue a piece of paper is an important constraint on how powers are used."

Data Organization

Vodafone’s Report lists the aggregate number of content requests they received in each country where it operates, and groups these requests into two major categories. The first is Lawful Interceptions, which is when the government directly listens in or reads the content of a communication. In the past, this type of action has been called wiretapping, but now includes reading the content of text messages, emails, and other communications.

The second data point Vodafone provides for each country is the number of Communications Data requests they receive from each country. These are requests for the metadata associated with customer communications, such as the numbers they have been texting and the time stamps on all of their texts and calls.

It is worth noting that all of the numbers Vodafone reports are warrant statistics rather than target statistics. Vodafone, according to the report, has chosen to include the number of times a government sent a request to Vodafone to "intrude into the private affairs of its citizens, not the extent to which those warranted activities then range across an ever-expanding multiplicity of devices, accounts and apps."

Data Construction

However, in many cases, laws in the various companies in which Vodafone operates prohibit Vodafone from publishing all or part of the aforementioned data. In fact, this is the rule rather than the exception. The majority of countries, including India, prohibit Vodafone from releasing the number of data requests they receive. Other countries publish the numbers themselves, so Vodafone has chosen not to reprint their statistics either. This is because Vodafone wants to encourage governments to take responsibility for informing their citizens of the statistics themselves.

The report also makes note of the process Vodafone went through to determine the legality of publishing these statistics. It was not always straightforward. For example, in Germany, when Vodafone’s legal team went to examine the legislation governing whether or not they could publish statistics on government data requests, they concluded that the laws were unclear, and asked German authorities for advice on how to proceed. They were informed that publishing any such statistics would be illegal, so they did not include any German numbers in their report. However, since that time, other local carriers have released similar statistics, and thus the situation remains unresolved.

Other companies have also recently released reports. Twitter, a microblogging website, Facebook, a social networking website, and Google a search engine with social network capabilities have all released comparable reports, but their reports differ from Vodafone’s in a number of ways. While Twitter, Google, and Facebook all specified the percent of requests granted, Vodafone released no similar statistics. However, Vodafone prepared discussions of the various legal constraints that each country imposed on telecom companies, giving readers an understanding of what was required in each country for authorities to access their data, a component that was left out of other recent reports. Once again, Vodafone’s report differed from those of Google Facebook and Twitter because while Vodafone opens businesses in each of the countries where it operates and is subject to their laws, Google, Facebook, and Twitter are all Internet companies and so are only governed by United States law.

Google disclosed that it received 27,427 requests over a six-month period ending in December, 2013, and also noted that the number of requests has increased consistently each six-month period since data began being compiled in 2009, when fewer than half as many requests were being made. On the other hand Google said that the percentage of requests it complied with (64% over the most recent period) had declined significantly since 2010, when it complied with 76% of requests.

Google went into less detail when explaining the process non-American authorities had to go through to access data, but did note that a Mutual Legal Assistance Treaty was the primary way governments outside of the United States could force the release of user data. Such a treaty is an agreement between the United States and another government to help each other with legal proceedings. However, the report indicated that Google might disclose user information in situations when they were not legally compelled to, and did not go into detail about how or when it did that. Thus, given the difficulty of obtaining a Mutual Legal Assistance Treaty in addition to local warrants or subpoenas, it seems likely that Google complies with many more non-American data requests than it was legally forced to.

Facebook has only released two such reports so far, for the two six month periods in 2013, but they too indicated an increasing number of requests, from roughly 26,000 to 28,147. Facebook plans to continue issuing reports every six months.

Twitter has also seen an increase of 22% in government requests between this and the previous reporting period, six months ago. Twitter attributes this increase in requests to an increase in users internationally, and it does seem that the website has a similarly growing user base, according to charts released by Twitter. It is worth noting that while large nations such as the United States and India are responsible for the majority of government requests, smaller nations such as Bulgaria and Ecuador also order telecom and Internet companies to turn over data.

Vodaphone’s Statistics

Though Vodafone’s report didn’t print statistics for the majority of the countries the report covered, looking at the few numbers they did publish can shed some light on the behavior of governments in countries where publishing such statistics is illegal. For the countries where Vodafone does release data, the numbers of government requests for Vodafone data were much higher than for Google data. For instance, Italy requested Vodafone data 605,601 times, while requesting Google data only 896 times. This suggests that other countries such as India could be looking at many more customers’ data through telecom companies like Vodafone than Internet companies like Google.

Vodafone stressed that they were not the only telecom company that was being forced to share customers’ data, sometimes without warrants. In fact, such access was the norm in countries where authorities demanded it.

India and the Reports

India is one of the most proliferate requesters of data, second only to the United States in number of requests for data from Facebook and fourth after the United States, France and Germany in number of requests for data from Google. In the most recent six-month period, India requested data from Google 2,513 times, Facebook 3,598 times, and Twitter 19 times. The percentage of requests granted varies widely from country. For example, while Facebook complies with 79% of United States authorities’ requests, it only grants 50% of India’s requests. Google responds to 83% of US requests but only 66% of India’s.

Facebook also provides data on the number of content restrictions each country requests. A content restriction request is where an authority asks Facebook to take down a particular status, photo, video, or other web content and no longer display it on their site. India, with 4,765 requests, is the country that most often asks Facebook to remove content.

While Vodafone’s report publishes no statistics on Indian data requests, because such disclosure would be illegal, it does discuss the legal considerations they are faced with. In India, the report explains, several laws govern Internet communications. The Information Technology Act (ITA) of 2000 is the parent legislation governing information technology in India. The ITA allows certain members of Indian national or state governments order an interception of a phone call or other communication in real time, for a number of reasons. According to the report, an interception can be ordered “if the official in question believes that it is necessary to do so in the: (a) interest of sovereignty and integrity of India; (b) the security of the State; (c) friendly relations with foreign states; (d) public order; or (e) the prevention of incitement of offences.” In short, it is fairly easy for a high-ranking official to order a wiretapping in India.

The report goes on to detail Indian authorities’ abilities to request other customer data beyond a lawful interception. The Code of Criminal Procedure allows a court or police officer to ask Vodafone and other telecom companies to produce “any document or other thing” that the officer believes is necessary for any investigation. The ITA extends this ability to any information stored in any computer, and requires service providers to extend their full assistance to the government. Thus, it is not only legally simple to order a wiretapping in India; it is also very easy for authorities to obtain customer web or communication data at any time.

It is clear that Indian laws governing communication have very little protections in place for consumer privacy. However, many in India hope to change this reality. The Group of Experts chaired by Justice AP Shah, the Department of Personnel and Training, along with other concerned groups have been working towards the drafting of a privacy legislation for India. According to the Report of the Group of Experts on Privacy, the legislation would fix the 50 or so privacy laws in India that are outdated and unable to protect citizen’s privacy when they use modern technology.

On the other hand, the Indian government is moving forward with a number of plans to further infringe the privacy of civilians. For example, the Central Monitoring System, a clandestine electronic surveillance program, gives India’s security agencies and income tax officials direct access to communications data in the country. The program began in 2007 and was announced publicly in 2009 to little fanfare and muted public debate. The system became operational in 2013.

Conclusion

Vodafone’s report indicates that it is concerned about protecting its customer’s privacy, and Vodafone’s disclosure report is an important step forward for consumer web and communication privacy. The report stresses that company practice and government policy need to come together to protect citizen’s privacy and –businesses cannot do it alone. However, the report reveals what companies can do to effect privacy reform. By challenging authorities abilities to access customer data, as well as publishing information about these powers, they bring the issue to the government’s attention and open it up to public debate. Through Vodafone’s report, the public can see why their governments are making surveillance decisions. Yet, in India, there is still little adoption of transparent business practices such as these. Perhaps if more companies were transparent about the level of government surveillance their customers were being subjected to, their practices and policies for responding to requests from law enforcement, and the laws and regulations that they are subject to - the public would press the government for stronger privacy safeguards and protections.

For more details visit https://cis-india.org/internet-governance/blog/vodafone-report-explains-govt-access-to-customer-data

VII NLSIR Symposium

praskrishna — 2014-01-09T07:08:33Z

The National Law School of India Review (NLSIR) - the flagship journal of the National Law School of India University (NLSIU), Bangalore is pleased to announce the seventh NLSIR Symposium on “Bridging the Security-Liberty Divide” scheduled to be held on December 21 and December 22, 2013 at the National Assessment and Accreditation Council (NAAC, opposite NLSIU Campus, Nagarhavi) Conference Hall, Bangalore.

This was published by NLSIR on December 20, 2013.

The decade following September 11 has been dubbed “liberty’s lost decade”, not just for the United States of America but for the world at large, marked by increasing tension between State interests in national security and individual liberty. As we continue to grapple with the implications of this clash, one clear winner seems to be emerging, best observed by examining changes in legal systems throughout this decade. The recent upsurge of criticism against NSA activity globally, however, could be seen as indicative of a changing trend. The VIIth NLSIR Symposium seeks to trace this dialogue between competing notions of security and liberty, and hopes to assess and analyse similar developments in India Confirmed speakers for the symposium include renowned legal experts such as Hon’ble Justice Muralidhar, Menaka Guruswamy, Mrinal Satish, Bharat Karnad, Aparna Chandra, Chinmayi Arun, Shyam Diwan, Bhairav Acharya, Roshni, Yug Mohit Chaudhary and Saikat Datta.

This year, the discussions will be divided into four panels:

Session I: Securing Liberty from the State - Redefining Criminal Thresholds in Law
(Forenoon, December 21, 2013, Saturday)

Session II: Intrusive Intelligence - Surveillance Programs and Privacy in India
(Afternoon, December 21, 2013, Saturday)

Session III: Beyond Borders - Extradition, Asylum and Concerns of State Security
(Forenoon, December 22, 2013, Sunday)

Session IV: Connecting the Dots
(Afternoon, December 22, 2013, Sunday)

For more details visit https://cis-india.org/news/nlsir-december-21-2013-nlsir-symposium

Views | Why the Left may for once be right

praskrishna — 2012-04-25T11:48:50Z

The article by Pramit Bhattacharya was published in LiveMint on April 23, 2012.

India’s information technology (IT) minister, Kapil Sibal appears to be running into rough weather over IT rules framed last year, which curb freedom of expression on the internet. The rules have incensed India’s growing blogging community and piqued at least a few of his fellow parliamentarians.

On the opening day of the upcoming parliamentary session on Tuesday, the Rajya Sabha is set to vote on an annulment motion against the IT rules, moved by P. Rajeeve of the Communist Party of India (Marxist), a rediff.com report said. Ironically, the party that still treats Stalin as a hero (quoting him unfailingly in its political resolutions) has become the first to stand up for internet freedom.
Rajeeve is of course not the only parliamentarian to take exception to the rules. Jayant Choudhry, a member of parliament (MP) from the Rashtriya Lok Dal, was the first to draw attention to the draconian rules late last year, and MPs from other regional parties such as the Samajwadi Party and the Asom Gana Parishad criticized the rules in a parliamentary discussion in December.

Two sets of rules, one governing cyber cafes and the other relating to intermediaries have attracted most criticism. The rules relating to intermediaries such as internet service providers, search engines or interactive websites such as Twitter and Facebook are the most disturbing. Intermediaries are required under the current rules to remove content that anyone objects to, within 36 hours of receiving the complaint, without allowing content creators any scope of defence.

The criteria for deciding objectionable content, laid down in the rules, are subjective and vague. For instance, intermediaries are mandated to remove among other things, ‘grossly harmful’ content, whatever that may mean.

This is a unique form of ‘private censorship’ that will endanger almost all online content. In this age of easily offended sensibilities, it is virtually impossible to write anything that does not “offend” anyone. For instance, even this piece may be termed ‘grossly harmful’ to the CPI(M) party.

However far-fetched this may sound, this has already become a reality. A researcher working with the Bangalore-based Centre for Internet and Society (CIS) tried out such a strategy with several different intermediaries, and was successful in six out of seven times, always with frivolous and flawed complaints, Pranesh Prakash of CIS wrote in a January blog-post. It has become much easier in India to ban an e-book than a book, Prakash pointed out.

The rules regulating cyber cafes are no better. Cyber cafes are required to keep a log detailing the identity of users and their internet usage, which has negative implications for privacy and personal safety of users, analysis of the rules by PRS legislative research said.

Internet freedom in India has declined over time and is only ‘partly free’, a 2011 report on internet freedom by US-based think tank, Freedom House said. India has joined a growing club of developing nations where, “internet freedom is increasingly undermined by legal harassment, opaque censorship procedures, or expanding surveillance,” the report noted.

The only saving grace is that some of the IT rules are drafted in a language so arcane that anyone will find it hard to decipher them, leave alone implementing them. Sample this: “The intermediary shall not knowingly deploy or install or modify the technical configuration of computer resource or become party to any such act which may change or has the potential to change the normal course of operation of the computer resource than what it is supposed to perform thereby circumventing any law for the time being in force: provided that the intermediary may develop, produce, distribute or employ technological means for the sole purpose of performing the acts of securing the computer resource and information contained therein.”

The first task at hand for Sibal may be to explain to fellow lawmakers what the above rule is supposed to mean, before he defends such rules.

Click for the original, Pranesh Prakash is quoted in this article.

For more details visit https://cis-india.org/news/left-may-for-once-be-right

Video Surveillance and Its Impact on the Right to Privacy

Vaishnavi Chillakuru — 2011-09-29T05:35:56Z

The need for video surveillance has grown in this technologically driven era as a mode of law enforcement. Video Surveillance is very useful to governments and law enforcement to maintain social control, recognize and monitor threats, and prevent/investigate criminal activity. In this regard it is pertinent to highlight that not only are governments using this system, but residential communities in certain areas are also using this system to create a safer environment.

However, this move is fundamentally opposed by many civil rights and privacy groups across different jurisdictions and have expressed concern that by allowing continual increases in government surveillance of citizens that we will end up in a mass surveillance society, with extremely limited, or non-existent political and/or personal freedoms.

European Union

The Data Protection Directive [1]of 1995, a Directive was issued by the European Union (EU) to regulate the processing and free movement of personal data. In pursuance with this Directive, every country of the EU passed a legislation to govern the protection of personal data. In this regard, the United Kingdom (UK) enacted the Data Protection Act (DPA) in 1998 and the same was brought into force in the year 2001.

The DPA sets forth eight, Data Protection Principles (DPP)[2] to protect personal data in the public sphere. Although video surveillance has not been explicitly referred to in the legislation, the definition given by the DPA is broad enough to encompass it. The application of these principles to video surveillance has been made explicit through the publication of the CCTV Code of Practice (CoP) by the information commissioner. The CoP does not apply to surveillance cameras used for household purposes. Images captured for recreational purposes with a camera, video recorder, etc., are also exempt. The main features of the CoP have been summarized below:

It is important to ascertain who has the responsibility for the control of the images i.e., deciding what is to be recorded, how the images should be used and to whom they may be disclosed. The body which makes these decisions is called the data controller and is responsible for the compliance with the DPA. The body has to notify the information commissioner as to who the data controller is.
An impact assessment should be done to evaluate the scheme’s impact on the privacy rights of the public. While conducting such an assessment, the data controller should take into account what benefits can be gained, whether better solutions exist, and what effect it may have on individuals. The results of the assessment should be used to determine whether video surveillance is justified and if so, how it should be operated.
The camera equipment should be chosen so as to fulfill the purposes for which the surveillance is being carried out. They should have the necessary technical specification so that the images are of appropriate quality. The camera should be positioned in such a way that only those areas which are intended to be the subject of surveillance are covered.
Viewing of live feed must be restricted to authorized personnel only. The data controller should try and protect the images from public view. Disclosure of recorded images should also be controlled and limited to the purpose for which the surveillance was set up. All other requests for viewing images should be considered carefully and balanced against the privacy rights of other individuals who may be affected by the disclosure of the images.
The DPA does not prescribe any minimum or maximum period of retention. It should be ascertained keeping in mind the purpose for which the surveillance system was set up. However, the images should not be kept for longer than is strictly necessary.
There should be prominently placed signs to let people know that they are in an area which is under video surveillance. This can be supplemented by an audio announcement in places where public announcements are already being used, such as in stations. Systems in public spaces and shopping centres should have signs giving the name and contact details of the company, organisation or authority responsible.
Staff operating the system needs to be aware of the rights of the individual under the DPA.

Canada

Canada has two federal laws which deal with privacy — the Privacy Act, 1985 and the Personal Information Protection and Electronic Documents Act, 2000 (PIPEDA). The former protects privacy rights by limiting the collection, use and disclosure of personal information by the federal government departments and agencies whereas the latter deals with the collection, use and disclosure of personal information by private sector organizations. In addition to these two legislations, every province or territory has their own privacy legislations.

A privacy commissioner is appointed to receive and investigate complaints filed by Canadian citizens pertaining to allegations of violation of the Acts. They also conduct research into privacy issues and promote awareness. The privacy commissioner reports directly to the House of Commons and the Senate. Every province or territory may also have its own commissioner or ombudsman authorized to investigate complaints. The Office of the Privacy Commissioner of Canada (OPC) published two sets of guidelines in order to define and circumscribe the use of video surveillance and ensure that the impact on privacy is minimized.

The first set of guidelines is meant to guide the regulation of video surveillance (by law enforcement agencies) in public spaces i.e., in places where there is free and unrestricted access to everyone. These guidelines were drawn up after extensive discussions between the OPC and the Royal Canadian Mount Police (RCMP). However, these guidelines are to be considered merely as an aid and notwithstanding anything stated in the guidelines, the RCMP has the right to carry out its functions as it deems fit. Some of the important pointers are[3]

Video surveillance should only be used to address a "real and pressing problem" which is of sufficient in magnitude so as to warrant the overriding of the privacy rights of citizens. Hence, there should be "real and verifiable" instances of crime or concern for public safety.
Video surveillance should be conducted only as a last resort i.e., in circumstances where there in no other less privacy-intrusive alternative.
A "privacy impact assessment" should be conducted beforehand to assess the degree of interference that will result due to the video surveillance.
Relevant stakeholders (for example, members of the communities that will be affected by the surveillance systems) should be considered before arriving at a decision.
Video surveillance must comply with all applicable laws including over arching laws such as the Canadian Charter of Rights and Freedoms.
The video surveillance should be conducted in such a way that impact on the privacy rights of citizens is minimized. For example, limited use of video surveillance (e.g., for limited periods of day, public festivals, peak periods) should be preferred to be always on surveillance if it will achieve substantially the same result.
The public should be informed that they are under surveillance. Clear signs should be put up mentioning the perimeter of the surveillance areas, the person responsible for surveillance and his contact details in case of any queries.
Security of the equipment and images should be assured.
People whose images are recorded should be able to request access to their recorded personal information.

The second set of guidelines is with respect to video surveillance in private sector organizations. These guidelines apply to overt video surveillance of the public by private sector organizations in publicly accessible areas. They do not apply to covert video surveillance nor do they apply to the surveillance of employees.

"Determine whether a less privacy-invasive alternative to video surveillance would meet your needs.
Establish the business reason for conducting video surveillance and use video surveillance only for that reason.
Develop a policy on the use of video surveillance.
Limit the use and viewing range of cameras as much as possible.
Inform the public that video surveillance is taking place.
Store any recorded images in a secure location, with limited access, and destroy them when they are no longer required for business purposes.
Be ready to answer questions from the public. Individuals have the right to know who is watching them and why, what information is being captured, and what is being done with recorded images.
Give individuals access to information about themselves. This includes video images.
Educate camera operators on the obligation to protect the privacy of individuals.
Periodically evaluate the need for video surveillance."

United States of America

Statutory laws governing the regulation of video surveillance in America are scarce. While there are some state laws which regulate aspects of public video surveillance, there are virtually no federal laws which directly deal with it. However, video surveillance implicates certain constitutional doctrines — especially the first and the fourth amendments. Although it cannot be denied that the liberties enshrined by these amendments can be severely affected by continuous surveillance, so far, the American courts and jurisprudence on the subject have been very permissive.

Another important directive is the "Fair Information Practices" (FIP) originating from the recommendations written by the United States Government which provide certain rights to individuals with respect to the use and dissemination of personal information. Although these guidelines do not have the force of law, they can prove to be a valuable guide for the treatment of any government-held record containing personally identifiable information. The rights of individuals listed by the FIP, in their most basic form, have been given below:[4]

"Notice and awareness of the purpose of data collection, and how such information is used;
Consent to the collection of personal information, and choice concerning how it is used;
Access to and participation in the process of data collection and use, including the right to correct errors;
Integrity and security adequate to protect the information against loss or misuse; and
Redress and accountability for injury resulting from loss or misuse of personal information."

Also, the American Bar Association, in 1999, published standards for technologically-assisted physical surveillance, including video surveillance. Some of the key points of these guidelines are given below:

While regulating the use of video surveillance for law enforcement purposes, certain factors should be kept in mind. For example, the nature of the law enforcement objective or objectives sought to be achieved, the extent to which the surveillance will achieve the law enforcement objectives, the nature and extent of the crime involved, etc.
The extent to which the surveillance invades privacy should be assessed. While conducting such an assessment, care should be taken to enhance the privacy of the location under surveillance by taking into consideration the nature of the place, activity, condition, or location.
Alternate measures should be preferred over video surveillance in order to maintain a balance between the right to privacy and the need for surveillance.
Notice of the surveillance should be given when appropriate.
The scope of the surveillance should be limited to its authorized objectives and be terminated when those objectives are achieved.

Australia

Neither the Australian Federal Constitution nor the Constitutions of the six states and two territories contain any express provisions relating to privacy. However, there are several state and federal privacy laws governing specific sectors and aspects. The primary federal statute is the Privacy Act of 1988 (PA). This statute was enacted in a bid to give effect to Australia's commitment to the International Covenant on Civil and Political Rights and the Organization for Economic Cooperation and Development (OECD). There are four key areas of application of the Act out of which only two are relevant in the context of video surveillance. The first is the eleven Information Privacy Principles (IPPs), based on the OECD Guidelines. These principles are applicable to federal government agencies. The second is the National Privacy Principles (NPP) which regulates private sector organizations. However, private organizations can set forth their own "code of practice" and get it approved by the privacy commissioner as long as it does not go against the broad framework laid down by the NPPs.

Apart from the PA, each state or territory may have its own laws or practices regarding video surveillance. For instance, covert video surveillance in New South Wales is governed by the Workplace Video Surveillance Act, 1998. The Government of New South Wales also published a report on CCTV in public places. Similarly, Victoria is governed by the Surveillance Devices Act, 1999 and Western Australia by the Surveillance Devices Act, 1998. However, South Australia, Tasmania, Northern Territory and Australian Capital Region have no legislation dealing with the use of video surveillance.

Japan

The Constitution of Japan does not contain any express provisions guaranteeing the right to privacy. Till 2003, even statutory law in the field of data protection was non-existent and the government followed a policy of self regulation. It was only in 2003 that the Japanese Parliament enacted the Protection of Personal Information Act. The law underlying privacy in Japan[6] protects only personal information that is obtained and held by administrative agencies, private agencies. It seeks to set forth penal provisions in order to curb leakage of personal information by the government. The subsequent amendments to this Act have widened its scope to cover data that is paper based as well as computerized. Therefore, it can be said that the instant legislation is broad enough to encompass video surveillance data as well.

In this regard it is set forth that there exists no consolidated law to govern video-surveillance systems. Nevertheless, Japan uses video surveillance systems in order to assist the law enforcement agencies. The National Police Agency uses a video surveillance system called the "N system"[7] in order to record license plate numbers of vehicles on roads, highways, etc. This facilitates effective and efficacious law enforcement in Japan. Furthermore, Tokyo police have been operating surveillance cameras on utility poles and buildings to monitor pedestrians in the several densely populated districts of the city.[8] However, this mechanism has been challenged severely by litigants and many privacy groups in the court of law.

Conclusion

We have now moved into an age where security seems to be the primary issue for most countries and their citizens. Video surveillance is increasingly being used to assuage the fears of the citizens and bring perpetrators to justice. In such a scenario, the issue of privacy rights of individuals seems to have taken a backseat. While some countries such as Canada and Britain have attempted to strike a balance between the need for surveillance and the privacy rights of the people, other countries such as the United States of America and Japan do not seem to have made much progress in terms of creating video surveillance norms or regulations to protect the privacy rights of citizens.

Considering the pressing need for video surveillance to address national security issues, India surprisingly has no laws on the same. In this regard, India needs to draw from the experience of the United Kingdom and Canada. The first step is to enact laws permitting video surveillance.

These laws should be tightly worded and strictly connoted, considering the encroachment on civil liberties. Further, in order to balance security with privacy, the next step is to create an office for the information commissioner. It should be created and powers should be conferred to ensure that the privacy related disputes are handled efficiently and expeditiously. Furthermore, the misuse of the powers conferred upon surveillance authorities should be deterred by giving further powers to the commissioner to impose pecuniary liability.

Bibliography

European Union

Canada

United States of America:

Australia:

Japan

https://www.privacyinternational.org/article/phr2006-japan#[45]

Notes

[1]Directive 95/46/EC.

[2]See http://www.ico.gov.uk/for_organisations/data_protection/the_guide/the_principles.aspx (eight data protection principles)

[3]Full guidelines: http://www.priv.gc.ca/information/guide/vs_060301_e.cfm.

[4]Full guidelines: http://www.americanbar.org/publications/criminal_justice_section_archive/crimjust_standards_taps_blk.html#9.

[5]http://www.proactivestrategies.com.au/library/Loss%20Prevention/Video%20Surveillance%20National%20article.PDF.

[6]This law extends to private businesses, government organizations and independent administrative agencies.

[7]540 locations on expressways and major highways throughout the country; it automatically records the license plate number of every passing car.

[8]This regime has also been litigated upon thoroughly with lawyers claiming the same to be unconstitutional.

For more details visit https://cis-india.org/internet-governance/blog/privacy/video-surveillance-privacy

Video Games: A Case Study of a Cross-cultural Video Collaboration

Larissa Hjorth and Nishant Shah — 2014-01-31T12:02:17Z

A new book focusing on Palestinian artists’ video, edited by Bashir Makhoul and published by Palestinian Art Court- al Hoash, 2013, includes a chapter co-authored by Larissa Hjorth and Nishant Shah.

This was published in a book on Palestinian art.

The rise of mobile media is heralding new forms of networked visualities. These visualities see place, politics and images entangled in new ways: what can be called ‘emplaced visuality’. In the images disseminated globally of citizen uprising such as the Arab Spring, it was mobile phones that provided the frame and context for new forms of networked visual politics. In the growth in networked photo apps such as Instagram and Hipstamic, how, when and why we are representing a relationship between place and co-presence is changing. No longer the poorer cousin to professional cameras, camera phones have lead the rise of do-it-yourself (DIY) aesthetics flooding mainstream and subcultural media cultures. In networked visuality contexts such as YouTube and Flickr, the aesthetic of what Burgess has called ‘vernacular creativity’[1] has become all-pervasive—so much so that even mainstream media borrows the DIY style.

Now, with locative media added into the equation, these visualities are not only networked but also emplaced—that is, entangled within the temporal and spatial movements of everyday life.[2]

Emplaced visualities represent a new relationship between place (as a series of what Doreen Massey calls ‘stories so far’)[3] co-presence, subjectivity and visuality. This phenomenon is impacting upon video art. In this chapter we reflect upon how mobile media visualities are impacting upon a sense of place and displacement. With the added dimension of Big Data and location-based services (like Google Maps and Facebook Places) now becoming part of the everyday informational circuits, how a sense of place and privacy is experienced and represented is changing. This phenomenon is apparent in the Palestinian cross-cultural video project called Al Jaar Qabla al Daar (The Neighbour before the House) as we will discuss in detail later in this chapter.

With its history of displacement and disapora, Palestinine’s role in contemporary art is increasingly becoming pivotal. This is especially the case with video art as a key medium for reflecting upon representations of place and movement. When we think of Palestinan video art the first artist we think of is Mona Hatoum. Hatoum was a poineer in so many ways. In particular, she gave voice to Arab women. Her work unsetttled the poetics of the everyday by evoking a sense of displacement and entanglement. While born in Beirut of Palestinan parents and then moving to London, she never identified as Lebanese. Despite never living in Palestinian, Hatoum was like a number of Palestinian refugees in Lebanon post 1948 who were never able to gain Lebanese identity cards. Unsurprisingly, Hatoum’s experiences of exile permulate her work. In particular, exile, politics and the body have played a key role. This is epitomised in her iconic Measures of Distance (1988) whereby Hatoum superimposes images of her mother having a shower with letters by her mum written in Arabian.

However, Hatoum is not the only artist representing the oevre of Palestinian video art. Over the last two decades—with the rise of mobile media affording easy accessibility to new media tools and networked contexts like YouTube—a new breed of video artists has arisen. An example is Navigations: Palestinian Video Art, 1988 to 2011 (curated as part of the Palestine Film Festival) that explored artists working in Palestine and the diaspora over nearly a quarter of a century. Unsurprisingly, motifs of diaspora and displacement feature throughout the fifteen works by Hatoum, Taysir Batniji, Manar Zoabi, Larissa Sansour and Khaled Jarrar to name a few. In Navigations: Palestinian Video Art key themes include ‘mobility and fluidity: the virtual and the real, the past and the future, the spectacular and the quotidian, the near and the far’.

Another example of an event promoting Palestinian video art is the /si:n/ Festival of Video Art & Performance. Consisting of performances, video installations, lectures, talks, and workshops in various venues all over the West Bank and includes artists from all over the world. The name /si:n/ is meant to linked the words ‘scene’ with ‘seen’ and has been seen as making an innovative context for video artists to share and collaborate in public venue. With themes such as ‘poetical revolution comes before political revolution’, the /si:n/ Festival provides a context that reflects upon exile and place in one of the most contested and politucal spaces, the West Bank. Beginning in 2009, the /si:n/ Festival became the first festival of video art in Palestine.

Given this rich tapestry of video art emerging in Palestine, in this chapter we explore the relationship between emergent mobile visualities, diaspora and place through a specific project called The Neighbour before the House. A cross-cultural video collaboration between Indian artists Shaina Anand, Ashok Sukumaran and Nida Ghouse, with Palestinian and Israeli artists Mahmoud Jiddah, Shereen Brakat and Mahasen Nasser-Eldin, The Neighbour before the House is a video art project that explores quotidian practices of life in a ‘post-surveillance society’. The Neighbour before the House is set in the context of the much contested territories and the relentless re-occupation and re-appropriation of East Jerusalem. Working with cheap surveillance technologies which have become such a ubiquitous part of the landscape of East Jerusalem, the artists use a PTZ (pan-tilt-zoom) security camera to inquire into the affective dimensions of ‘mobile’ life in the time of turbulent politics. The images that they capture look at jest, memory, desire and doubt, as fragile conditions of trust and life shape the everyday experiences of the region. The camera is given to the residents of a neighbourhood torn asunder by political strife and conflicts, asking them to search for the nugget of truth or morsel of thickness in the otherwise familiar flatness of walls and closed doors, which have been completely depleted of all depth because of the increased distance in the social relations.

The images eschew the tropes of traditional documentary making by and adopting the grainy, lo-res, digital non-frame, DIY aesthetics constantly in search of an image that might become the site of meaning making, but increasingly only capturing the mundane, the inane, the opaque and the evanescent. The image leads the commentary. The live camera operator’s interest and experience shape the image, rendering the familiar or the insignificant as hugely affective and evocative. The project further initiates a dialogue between the neighbours—both from across the contested zones, but also from across picket fences and walls of surveillance—by introducing the images to them, by inviting them to capture the images, and instil in them, the narratives of hope, despair, nostalgia, memory, loss, love, and longing.

The Neighbour before the House reflects upon the relationship between between art, technologies of visual reproduction and political strife. Moving away from the documentary style that has been popular in capturing the ‘real’, The Neighbour before the House refigures the temporality and spatiality through new affective and metaphorical tropes, playing with the tension between the presence of surveillance technologies and the familiarity of these images that breeds new conditions of life and living, trust and belonging, safety and threat, for people in Palestine. In the process, it introduces key questions to the role of the artist, the function of art, the form of video art practice, and the new negotiations that digital video apparatus introduce to the art worlds, beyond the now main-stream ideas of morphing, digitization, remixing etc.

Moreover, The Neighbour before the House reflects upon a shift away from the dominant network society paradigm and towards more contingent and ambivalent mirconarratives of camera phone practices. It toys with the DIY ‘banality’ aesthetics of camera phones in order to consider the ways in which place is overlaid with different types of information—electronic, geographic, psychological and metaphoric. On the one hand, The Neighbour before the House evokes network society metaphors. On the other hand, it suggests a move away from this paradigm and towards a politics of both ‘emplaced’ and displaced visuality. In order to discuss this transformation of the relationship between image, place and information from network society metaphors towards ‘emplaced’ visualities we firstly describe The Neighbour before the House before then reflecting upon a few key themes the project explores: that is, the movement of the networked society to emplaced visualities and the rise of the politics of the phoneur.

The Neighbour before the House 2012): A case study

As aforementioned, The Neighbor before the House is a collaborative video project between Indian, Israeli and Palestenian artists that appropriates, critically responds and insightfully rearranges the notion of art, politics and digital video technologies in its exploration of everyday practices of life in critical times in a networked post-surveillance society. The Neighbor before the House equips eight Palestenian families from East Jerusalem to be in control of PTZ (Pan Tilt Zoom) surveillance cameras mounted at strategic locations in the city, to observe the live feed on their TV sets, recording their reactions and live commentaries at what they see. Here the Big Brother, and its contemporary Big Data, is inverted through everyday citizens being given the omnipresent eye. It plays on the idea of the neighbour being both a friendly eye and when this watching shifts from being benevolent to malevolent.

As the artists write, ‘this footage shot with a security camera, takes us beyond the instrumental aspects of surveillance imaging, introducing us to the architecture of a deliberate and accelerated occupation of a city.’ Here the city is rendered into a cartography of informational circuits. Exploiting the conditions of networked spectacle, the project attempts to remap the real and the everyday through ‘inquisitiveness, jest, memory, fear, desire and doubt’. They use the surveillance cameras—symbols of suspicion and fear—to catalyse stories from Palestenians in different neighbourhoods about what can be seen: ‘messianic archeological digs; Israeli settlement activities; takeovers of Palestenian properties; the Old City, the Wall and the West Bank,’ among other mundane and marvellous details of living life in those precarious conditions.

Through the inversion of the politics of survellience from the Big Brother to the ubiquitous neighbour, The Neighbor before the House provides a rich, evocative and non-representational history of living in East Jerusalem. The networked media spectacles which have come to stand-in for the complex geo-political struggles of the region are displaced. As the low-res cameras reduce the deep geography into an alien flatness on the TV screens, as the camera captures glimpses of what could have been, records traces of blurred movements which require discussions and debates about their possible meaning, and engages the families to communicate their hopes, fears, desires and doubts, the art project also signals us to the new forms, functions and role of video art. Rather than the media event or spectacle,
The Neighbor before the House provides the micronarrative gestures of the everyday. The ways in which the place is a tapestery of subjectivities and experiences, not just a media spectacle.

As artist Shaina Anand mentions in an interview with Shah, this is a new kind of storytelling, where,

… a lot of the practice actually removes the filmmaker, the director, the auteur, and also therefore the cameraman, and also the lens... and offers these possibilities and privileges— of this look and gaze and all—to the subjects themselves[4]

And as the lens makes itself invisible, it also gives new importance to the apparatus of surveillance, seeing and its incorporation in our lives. As Florian Schenider mentions in the introduction to the project, the house upon which the camera is mounted, itself becomes a tripod made of stones. Instead of thinking of the video apparatus as out there, the private conditions of the home, the histories of the family, their relationships with neighbours and communities that they have lost, and strangers that they have inherited, all become the defining circumstances of this new crisis.

Borrowing from a Quranic saying, Al Jaar Qabla Al Daar, which is close to the idea of ‘loving they neighbour’ it explores how the presence of new digital video technologies establishes difference, distance, alienation, proximity, curiosity and surveillance which is not merely a function of governmental structures but also a condition of gamification and everyday engagement for the families in East Jerusalem. For the artists, this also takes up another connotation of ‘checking out your neighbour before you buy the house’ suggesting establishing bounded similarities to seek comfort. The edited footage of the video shows how and when the users got in control of the keyboard and a joy-stick, panning, tilting and zooming the camera, watching the live feeds on their Television sets as they speak live over the footage. These commentaries are personal as they are affective. Sometimes the commentary leads the person to probe the image, deeper, trying to find a meaning that can no longer be supported by the hyper-pixelated image on their screen, but becoming a site through which memories and interpretations

get generated. What begins as a playful probe soon takes up sinister shades, as some generate narratives of loss and death. Others take the opportunity to spy on the new settlers who have sometimes taken over their older houses, wondering what changes they are making to what was their own. There is a sense of rawness and urgency, as they look back, with fear, and anger, but also with resignation at the houses that they were evicted from, and the semblance of life that they can spot from their remote presence.

The final 5 cuts that the artist produce, give us a deep and evocative insight into geography, temporality, and the ways in which we can re-appropriate the network spectacle to look at things that are often forgotten, dropped out of, or rendered invisible in the neat and clean lines of network models and diagrams. The ‘footage’ quality of the probes, the long dwellings on insignificant images, and the panoptican nature of video as witness, video as spy, and video as affective engagement with territories and times that are lost, all give a new idea of what the future of video art would be like. Instead of looking at a tired old Foucauldian critique of surveillance, The Neighbor before the House posits the question of ‘Who watches the watchman?’ in ways that are both startling and assuring.

Visualising the Politics of the Network

One of the key themes of The Neighbour before the House is the changing role of the network society—especially in an age of Big Data and locative-based services (LBS)—whereby privacy and surveillance come to the forefront. The network society has often been cited as one of the defining frameworks of our heavily mediated times. From theorists such as Barry Wellman and Manuel Castells, the network metaphor has burgeoned in parallel with the all-pervasive rise of Information and Communication Technologies (ICTs) globally. According to Lee Raine and Wellman in Networked, the ‘new social operating systems of networked individualism liberates us from the restrictions of tightly knit groups.’[5]

Raine and Wellman argue that there has been a ‘triple revolution’: the rise of social networking, the capacity of the internet to empower individuals, and the always-on connectivity of mobile devices’.[6]

The ability of networks to explain a range of human personal and social relationships has afforded it great explanatory power, where everything (and hence, by association, everybody) can be understood and explained by the indexicalities and visual cartographies that networks produce. The network is simultaneously, and without any sense of irony, committed to both, examining sketchiness and producing clarity of any phenomena or relationality. The network presumes an externality which can be rich, chaotic and complex and proposes tools and models through which that diverse and discrete reality can be rendered intelligible by producing visualisations.

These visualisations are artefacts—in as much as all mapping exercises produce artefacts—and operate under the presumption of a benignity devoid of political interventions or intentions. The visualisations are non-representational, in terms that they do not seek to reproduce reality but actually understand it, and thereby shaping the lenses and tools to unravel the real nature of the Real. In this function, the network visualisations are akin to art, attaining symbolic value and attempting to decode a depth that the network itself defies and disowns, simulating conditions of knowing and exploring, emerging as surrogate structures that stand in for the real. Thus the rich set of actions, emotions, impulses, traces, inspirations, catalysts, memories, etc. get reified as transactions which can be sorted in indices, arranged in databases, and presented as an abstract, symbolic and hyper-visual reality which can now be consumed, accessed and archived within the network, thus obfuscating the reality that it was premised upon.

This phenomenon is what Shah calls the spectacle imperative of the network. Especially with the proliferation of ubiquitous image and video recording digital devices, this ability to create subjective, multiple, fractured spectacles that feed into the network’s own understanding of itself (rather than an engagement with a reality outside) has become the dominant aesthetic that travels from Reality TV programming to user generated content production on video distribution channels on the internet. This networked spectacle, without a single auteur or a concentrated intention—so the videos from the Arab Spring on YouTube, for example, range from small babies in prams to women forming barricades against a marching army, and from people giving out free food and water to acts of vandalism and petty thefts—has become the new aesthetic of video interaction, consumption and circulation. It invites an engagement, divesting our energies and attentions from the physical and the political, to the aesthetic and the discursive. Which is to say that when we consume these spectacles (or indeed, produce them, not necessarily only through the images but also through texts), we produce a parallel universe that demands that we understand the world ‘out there’ through these cultural artefacts which require an immense amount of decoding and meaning making. The network, in its turn, offers us better and more exhaustive tools of mining and sifting through this information, sorting and arranging it, curating and managing it, so that we build more efficient networks without essentially contributing to the on-the-ground action.

This peculiar self-sustaining selfish nature of the network, to become the only reality, under the guise of attempting to explain reality, is perhaps the most evident in times and geographies of crises. Where (and when) the conditions of politics, circumstances of everyday survival, and the algebra of quotidian life becomes too precarious, too wearisome, too unimaginable to cope with, the network spectacle appears as both the tool for governance as well as the site of protest. Hence, the same technologies are often used by people on different sides of the crises, to form negotiations and get a sense of control, on a reality that is quickly eluding their lived experiences. Surveillance cameras storing an incredible amount of visual data, forming banal narratives of the everyday, appear in critical times and geographies as symbols of control and containment, by authorities that seek to establish their sovereignty over unpredictable zones of public life and dwelling. The gaze of the authority is often criss-crossed by the cell-phone, the webcam, the tiny recording devices of everyday life that people on the streets and in their houses use, to record the nothingness of the crisis, the assurance of normalcy and the need to look over the shoulder and beyond the house, to know that whether or not god is in the heavens, all is well with the world.

The Place of the Visual: Towards a theory of emplaced visuality

However, with the rise of mobile media and its micronarrative capacity, the politics of network, and its relationship to a sense of place changes. Far from eroding a sense of place in the growing unboundness of home, mobile technologies reinforce the significance locality.[7] Mobile media also signal a move away from earlier depictions of the network society. Through the growth in camera phone practices overlaid with location-based services, we see new forms of visuality that reflect changing relations between place and information. With the rise of technologies in an increasingly mobile—physically and technologically—place has become progressively more contested. As Rowan Wilken and Gerard Goggin note in Mobile Technologies and Place, place is one of the most contested, ambiguous and complex terms today.[8] Viewing it as unbounded and relational, Wilken and Goggin observe, ‘place can be understood as all-pervasive in the way that it informs and shapes everyday lived experience—including how it is filtered and experienced via the use of mobile technologies’.[9] As social geographer Doreen Massey notes, maps provide little understanding into the complex elusiveness of place as a collection of ‘stories-so-far’:

One way of seeing ‘places’ is as on the surface of maps… But to escape from an imagination of space as surface is to abandon also that view of place. If space is rather a simultaneity of stories-so-far, then places are collections of those stories, articulations within the wider power-geometries of space. Their character will be a product of these intersections within that wider setting, and of what is made of them… And, too, of the non-meetings-up, the disconnections and the relations not established, the exclusions. All this contributes to the specificity of place.[10]

For anthropologist Sarah Pink, place is increasingly being mapped by practices of emplacement.[11] With location based media like Google Maps and geotagging becoming progressively part of everyday media practice, how place is imagined and experienced across geographic, psychological, online and offline spaces is changing. This impacts upon the role of ethnography and its relationship to geography and place. As Anne Beaulieu notes, ethnography has moved from co-location to co-presence.[12] In this shift, we see the role of ethnography to address the complex negotiations between online and offline spaces growing.

In The Neighbour before the House, we are made to consider the changing role of visuality in how place is experienced and practiced. By deploying a surveillant and multivalent gaze, The Neighbour before the House asks us to reconsider privacy and surviellance in an age of locative media. The rise of the network society has witnessed numerous tensions and ambivalence, especially around the the relationship between agency, information and place. This is epitomised by the second generation camera phones practices whereby with the added layer of LBS—where and when images were taken—becomes automatic by default. Whereas first generation of camera phone practices noted gendered differences.[13] through LBS, these differences take on new dimensions—particularly in terms of its potential ‘stalker’ elements.[14] While notions of privacy differ subject to socio-cultural context, LBS do provide more details about users and thus allow them to be victims of stalking (Cincotta, Ashford, & Michael 2011).

The shift towards second generation camera phone images sees a movement away from networked towards emplaced visualities (Pink & Hjorth 2012; Hjorth 2013; Hjorth & Arnold 2013). On the one hand, this overlaying of the geographic with the social highlights that place has always mattered to mobile media (Ito 2002; Hjorth 2005). Far from eroding place, mobile media amplify the complexities of place as something lived and imagined, geographic and yet psychological. LBS enable mobile media users to create and convey more complex details about a locality. On the other hand, LBS create new motivations for narrating a sense of place and the role of amateur and vernacular photography.

Shifts in contemporary amateur photography highlight the changes in how place, co-presence and information is navigated, performed and represented. This issues are particularly prevalent in contested location like Palestine. Last century it was the Kodak camera that epitomized amateur photography and played an important role in normalizing notions of the family as well as ritualizing events such as holidays.[15]

As Lisa Gye notes, personal photography is central to the process of identity formation and memorialization.[16] The shift towards camera phones not only changes how we capture, store, and disseminate images but also has ‘important repercussions for how we understand who we are and how we remember the past’.[17]

Moreover, with the rise in possibilities for sharing via social media like microblogs and Twitter, camera phone photography not only magnifies UCC, but also provides filters and lenses to enhance the “professional” and “artistic” dimensions of the photographic experience.[18]

For Daniel Palmer, smartphone photography is distinctive in various ways, with one key feature being the relationship between touch and the image in what he calls an ”embodied visual intimacy” (2012: 88). With the rise of high quality camera phones, along with the growth in distribution services via social and locative media, new forms of visuality are emerging (Pink & Hjorth 2012). The added dimensions of movement and touch becoming important features of the camera phone with the emphasis on networked is shifting to “emplaced” visuality. Images as emplaced in relation to what human geographer Tim Ingold has called a “meshwork” and entanglement of lines (2008). Images themselves are part of such lines as they are inextricable from the camera and person who took them. In this sense camera phone images are not simply about what they represent (although they are also about that) but are additionally about what is behind, above, below, and to either side.

By using different smartphone photo apps, respondents tried to inscribe a sense of place with emotion. This practice is what anthropologist Sarah Pink identifies as the “multisensorality of images.” That is, they are located in “the production and consumption of images as happening in movement, and consider them as components of configurations of place” (Pink 2011: 4). Drawing on Tim Ingold’s conceptualization of place as “entanglement” (Ingold 2008), Pink notes, “Thus, the ‘event’ where photographs are produced and consumed becomes not a meeting point in a network of connections but an intensity of entangled lines in movement… a meshwork of moving things” (Pink 2011: 8).

While the surveillant eye of Big Brother now takes the form of Big Data, the emplaced nature of camera phone images can help to contribute to a changing relationship between performativity, memory and place that is user-orientated. Rather than operating to memorialize place, camera phone practices, especially through LBS networks, are creating playful performances around the movement of co-presence, place and placing (Richardson & Wilken 2012). As noted elsewhere, Pink and Hjorth argue that camera phone practices are highlighting a move away from the network society towards emplaced visualities and socialities (2012). Emplaced visuality means understanding camera phone practices and the socialities that create and emerge through them in ways corresponding with non-representational (Thrift, 2008) or ‘more-than-representational’ approaches in geography which according to Hayden Lorimer encompass:

… how life takes shape and gains expression in shared experiences, everyday routines, fleeting encounters, embodied movements, precognitive triggers, affective intensities, enduring urges, unexceptional interactions and sensuous dispositions (Lorimer, 2005: 84).

Thus we see camera phone photography as a part of the flow of everyday life, an increasingly habitual way of being that is sensed and felt (emotionally and physically). Yet, because camera phone photography involves the production and sharing of images, it also compels us to engage with the relationship between the representational and the non-representational. Emplaced visualities see images as embedded with the movements of everyday life. Tim Cresswell has suggested that we consider ‘three aspects of mobility: the fact of physical movement—getting from one place to another; the representations of movement that give it shared meaning; and, finally, the experienced and embodied practice of movement’ (Cresswell, 2010: 19). These three aspects of mobility are deeply interwoven and entangled. In camera phone photography the experience and representation of camera phone photography is enacted in the ‘flow’ of everyday life at the interface where digital and material realities come together. These emplaced visualities are often abstracted through the mechanics of Big Data mega surveillance. But as The Neighbour before the House demonstrates, the perpetual movement of emplaced visualities is in sharp contrast with the unmoving, omipresent Big Data eye.

This contrast between the moving and unmoving, micro and macro information overlaid onto place can also be reflected as part of the shift from the flâneur to the phoneur. The notion of mobility—as a technology, cultural practice, geography and metaphor—has impacted upon the ways in which twenty-first century cartographies of the urban play out. Through the trope of mobility, and immobility, rather than overcoming all difference and distance, the significance of local is reinforced. While nineteenth-century narrations of the urban were symbolised by the visual economics of the flâneur, the twenty-first century wanderer of the informational city has been rendered what Robert Luke calls the phoneur. [19] The conceptual distance, and yet continuum, between the flâneur and the phoneur is marked by the paradigmatic shift of the urban as once a geospatial image of, and for, the bourgeoisie, as opposed to the phoneur which sees the city transformed into informational circuit in which the person is just a mere node with little agency. Beyond dystopian narrations about the role of technology in maintaining a sense of intimacy, community and place, we can find various ways in which the tenacity of the local retains control. In particular, through the tension between mobile media and Big Data, we can see how the local and the urban can be re-imagined in new ways.

The flâneur (or the wanderer of the modern city), best encapsulated by German philosopher Walter Benjamin’s discussion of Baudelaire’s painting, has been defined as an important symbol of Paris and modernity as it moved into nineteenth century urbanity. Thanks to the restructuring of one third of the small streets into boulevards by Baron Hausmann, Paris of the nineteenth century took a new sense of place and space.

Luke’s phoneur, on the other hand, is the ‘user’ as as part of the informational network flows constituting contemporary urbanity. If the flâneur epitomised modernism and the rise of nineteenth-century urban, then for Luke, the phoneur is the twenty-first-century extension of this tradition as the icon of modernity. As Luke observes, in a networked city one is connected as part of circuit of information in which identity and privacy is at the mercy of system. The picture of the urban city today painted by Luke is one in which the individuals have minimal power in the rise of corporate surveillance.

Neighbour before the House problematises Luke’s dystopian view of the phoneur. The picture painted by Neighbour before the House is much more ambivalent. However it does make the audience reflect upon the changing nature of surveillance in an age of Big Data.[20]

These tensions around the dystopian phoneur and a more embodied and emplaced version can be found running as an undercurrent in the work of Neighbour before the House.

Conclusion

In this chapter we have explored the cross-cultural video collaboration, The Neighbour before the House, to consider the changing relationship between a sense of place, information and the politics of visuality. As we have suggested, with the rise of location-based camera phone practices and Big Data we are seeing new forms of visuality that are best described as emplaced rather than networked. The notion of emplaced reflects some of the tensions around contemporary representations of mobility and movement, particularly prevalent in the often displaced and diasporic experiences of Palestine.

Filmed in Palestine,The Neighbour before the House explores the notion of place as entangled and embedded at the same time as displaced through the rise of ICTs. By providing some of the paradoxes and ambivalences surrounding contemporary media practices and its relationship between information and place, it allows for a space for reflection and contemplation about the surveillence and privacy.

[1]. Jean Burgess, Vernacular creativity and new media (Doctoral dissertation), 2007. Retrieved from http://eprints.qut.edu.au/16378/

[2]. Sarah Pink and Larissa Hjorth Emplaced Cartographies: Reconceptualising camera phone practices in an age of locative media’, Media International Australia, 145 (2012): 145-156.

[3]. Doreen Massey

[4]. Shaina Anand interviewed by Nishant Shah, December 2012.

[5]. Raine, L. and B. Wellman 2012, Networked, Cambridge, Mass, MIT Press.

[6]. Ibid.

[7]. Mizuko Ito, ‘Mobiles and the Appropriation of Place’. Receiver 8, 2002, (consulted 5 December 2012) http://academic.evergreen.edu/curricular/evs/readings/itoShort.pdf ; Hjorth, L. (2005) ‘Locating Mobility: Practices of Co-Presence and the Persistence of the Postal Metaphor in SMS/MMS Mobile Phone Customization in Melbourne’, Fibreculture Journal, 6, (consulted 10 December 2006) http://journal.fibreculture.org/issue6/issue6_hjorth.html.

[8]. Rowan Wilken and Gerard Goggin, ‘Mobilizing Place: Conceptual Currents and Controversies’, in R. Wilken and G. Goggin (Eds) Mobile Technology and Place, New York, Routledge, 2012, pp. 3-25 (5).

[9].Ibid 6.

[10]. Doreen Massey,For Space, London, Sage, 2005 (130).

[11]. Sarah Pink, Doing Sensory Ethnography, London, Sage, 2009.

[12]. Anne Beaulieu, ‘From Co-location to Co-presence: Shifts in the Use of Ethnography for the Study of Knowledge’. Social Studies of Science, 40 (3) 2010: June. 453-470.

[13]. Dong-Hoo Lee, ‘Women’s creation of camera phone culture’. Fibreculture Journal 6, 2005, URL (consulted 3 February 2006) http://www.fibreculture.org/journal/issue6/issue6_donghoo_print.html; Larissa Hjorth, ‘Snapshots of almost contact’. Continuum, 21 (2) 2007: 227-238.

[14]. Alison Gazzard, ‘Location, Location, Location: Collecting Space and Place in Mobile Media’. Convergence: The International Journal of Research into New Media Technologies, 17 (4) 2011: 405-417.

[15]. Lisa Gye, ‘Picture this: the impact of mobile camera phones on personal photographic practices,’ Continuum: Journal of Media & Cultural Studies 21(2) 2007: 279–288.

[16]. Ibid 279.

[17]. Ibid 279.

[18]. Søren Mørk Petersen,Common Banality: The Affective Character of Photo Sharing, Everyday Life and Produsage Cultures, PhD Thesis, ITU Copenhagen.

[19]. Robert Luke, ‘The Phoneur: Mobile Commerce and the Digital Pedagogies of the Wireless Web’, in P. Trifonas (ed.) Communities of Difference: Culture, Language, Technology, pp. 185-204, Palgrave, London, 2006.

[20]. Sites such as www.pleaserobme.com, that seek to raise awareness about over-sharing of personal data, highlight not only the localised nature of privacy but also that privacy is something we do rather than something we possess.

For more details visit https://cis-india.org/internet-governance/blog/palestinian-video-art-larissa-hjorth-nishant-shah-video-games-a-case-study-of-cross-cultural-video-collaboration

US pressure threatens to weaken data - localisation mandate in India's landmark data-protection bill

Sandhya Sharma — 2019-08-22T01:41:21Z

Sources say the bill may have to concede vital ground to technology companies.

The article by Sandhya Sharma was published by ET Prime on August 19, 2019. Arindrajit Basu was quoted.

Indian law-enforcement agencies have repeatedly expressed their unhappiness with America’s reticence on the sharing of critical data — whether it was around the 26/11 Mumbai attacks or procuring electronic evidence under the Mutual Legal Assistance Treaty (MLAT) from technology companies.

Top cybersecurity sources in the government tell ET prime that India’s own Personal Data Protection (PDP) Bill 2019 is in response to this. Cabinet nod to the bill is expected anytime, and it is likely to be tabled in the next session of Parliament. However, thanks to diplomatic pulls and pressures, a vital provision of the bill could end up markedly diluted. Sources in the Indian government say the US has conveyed it does not want the bill at all.

“We expect it will be a better mechanism than MLAT” for procuring data from technology companies, says a person aware of the development, while adding that the thorny question of data localisation is now a very small part of the bill. Across key bilateral engagements — US Secretary of State Mike Pompeo’s June visit to India, G20 meetings between Prime Minister Narendra Modi and President Donald Trump, and a US trade representative delegation visiting India for talks — American unease with the growing “protectionism” in Indian policy has remained a key talking point.

"Forum members oppose data localisation policies, and we look forward to sharing our concerns when the data protection bill gets introduced in Parliament,” says Susan Ritchie, vice-president of technology, media, and telecommunications at lobby group U.S. India Strategic Partnership Forum (USISPF).

“An environment where regulatory coherence is a governmental priority provides industry with greater predictability and stability resulting in increased investment." A toothless treaty? According to policy experts, MLATs have been the most widely used method for cross-border data sharing. India has signed MLATs with 39 countries, including the US. These treaties give India access to data stored on the cloud and call for data stored by multinational service providers within the jurisdiction of the partner country. However, MLATs are time consuming and have failed in their basic function in the past, sources say, and hence the government was keen to hold the data of Indians back in India, including data pertaining to e-commerce transactions, banking, healthcare, etc.

According to the Justice Srikrishna Committee report, eight of the 10 most accessed websites by Indians are owned by US entities. If data is exclusively processed in India, it will potentially cut off foreign surveillance, the report also notes, while highlighting a three-pronged approach to Indian data to reduce dependence on MLATs.

Talking exclusively to ET Prime, Justice BN Srikrishna says, “MLAT is a long-drawn process and hence the process goes through several diplomatic and judicial channels. It takes anywhere between 18 months to two years to get the information from the foreign technology companies for any investigation [and] much more time for extracting information on taxation and other financial matters…. Once the data of Indian citizens is in India, it will be much easier for law enforcement agencies to take the data for investigation purposes. In the past, the technology companies have dilly-dallied on the information requests of Indian law enforcement agencies.” To be sure, the report does not claim "perfect compliance" through data localisation and it clarifies that for data owned by companies like Google a "conflict of law" might arise if the country of registration — in this case the US — also asserts jurisdiction.

According to the report, between January and June 2017, Google received 3,843 user data-disclosure requests by Indian governmental agencies. Google refused to provide data in 46% of the cases. Now with the PDP Bill, Indian officials can easily get their hands on the data of Indian citizens not residing in India, says Justice Srikrishna. US resistance US tech-industry insiders tell ET Prime on condition of anonymity that no law-enforcement agency should be allowed 100% unfettered access to information. They claim MLATs have been successful in most cases of intelligence sharing around terrorism and national security.

“National security” is a very wide concept in India, unlike in the US where it generally refers to international activities, they say. Jacob Gullish, senior director for digital economy at the lobby group US India Business Council (USIBC), says the term MLAT is often used incorrectly as a catch-all. MLATs are designed for a very narrow and a specific purpose: where the transmitted information is admissible in the foreign country’s judicial system, he says. “In these cases, information has to be handled carefully to ensure the request complies with domestic laws and the transmission is certified for authenticity and a chain of custody, as well as packaged to allow its use as evidence in a foreign court. This process takes time, and the business community supports MLAT reform.

“Just like in the physical world, due process rights for the citizens of the world’s largest and the world’s oldest democracies must be respected in the digital domain. Companies also need legal certainty when operating between different jurisdictions. The bottom line is that law enforcement agencies (LEAs) on both sides need to develop clear processes and procedures, as well as trusted relationships, which will facilitate information exchange during an investigation.” A Google spokesperson echoes Gullish. “On urging from us and other Internet companies, MLAT processes have improved and in most cases responses are provided in a week or two,” the spokesperson says.

“In addition, we are also advocating for MLAT reform, including supporting calls to invest over [USD20 million] to address insufficient staffing, and helping investigators around the world better understand the MLAT process, to help expedite requests.” Other industry insiders claim that US companies field a high volume of requests and respond quickly for the most part, and that ultimately all of this goes back to trust. In December 2011, a Delhi court had issued summons to 21 companies, including Facebook, Microsoft, Google, Yahoo, and YouTube, to face trial for allegedly hosting objectionable content promoting hatred or communal disharmony.

The then IT Minister Kapil Sibal had asked Google and Facebook to ensure prompt removal of offensive material, complaining that the companies had not cooperated in the past. Concerns with data-localisation norms in the present state 1. Diplomatic and political: Data-localisation mandates could impact India’s trade relationships with partners like the US. 2. Security risks (“Regulatory stretching of the attack surface”): Storing data in multiple physical centres increases the exposure to exploitation by malicious actors. 3. Economic impact: Restrictions on cross-border data flow may harm economic growth by increasing compliance costs and entry barriers for foreign service providers, thereby reducing investment or forcing businesses to pass on these costs to the consumers. The major cost pertains to setting up data centres in India.

Further, for startups looking to attain global stature, reciprocal restrictions slapped by other countries can be a serious hurdle. “Data localisation would be most effective if it is — (a) done after India updates its privacy and security standards by passing the Personal Data Protection Bill 2019; (b) done sectorally, after considering how critical it is to store the data in India; (c) done conditionally in (i) the country where data is transferred having equivalent privacy and security safeguards, both de jure and de facto and (ii) the presence of an executive data sharing agreement,” says Arindrajit Basu, senior policy officer at New Delhi-based think tank Centre for Internet and Society. This is essentially what the international community describes as “free flow of data with trust” — the G20 mandate which India recently rejected. Can the US CLOUD Act solve for the lack of information access? A section of policy experts argues that the localisation mandate proposed in India’s new bill does not solve an important problem: What happens when law-enforcement agencies need access to data relating to a foreigner stored in a server located in another jurisdiction by a company incorporated in the US? Will the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) passed in the US last year help?

The US has recently amended the CLOUD Act after a dispute between Microsoft and the US government. The law now ensures two things: American law-enforcement agencies will get access to data held by US cloud service providers (CSPs) regardless of jurisdiction, and allow “qualified foreign governments” to access data stored by US CSPs. This has given rise to a view that the CLOUD Act could be the silver bullet countries like India need to push US tech companies to share data in a timely fashion. Basu of the Centre for Internet and Society says, “India should use the threat of data localisation to negotiate an executive arrangement under the CLOUD Act. India would fare better if it were to use the language of international law to articulate its position in the MLAT reform process, or to propel itself to a better position under the CLOUD Act (which requires countries to demonstrate a commitment to a free and open Internet) or potentially pursue negotiations for a multilateral data sharing treaty.” Siddharth Jain, assistant commissioner in Delhi Police and an expert in investigating cyber-crime issues, says Indian technology firms do provide adequate and timely information about suspicious transactions; however, US firms are lax in sharing information.

Telangana IPS officer Rema Rajeshwari concurs that it’s a problem for law-enforcement agencies to cull out information from some US technology companies. Data-protection bill already diluted? ET Prime has learned that the net result of the pulls and pressures exerted by US commercial and diplomatic interests is that data localisation now remains just a small part of India’s data-protection bill. The Ministry of External Affairs maintains that the US-India relationship is “extremely important”. After President Trump’s controversial comments on offering mediation on the Kashmir issue, ministry spokesperson Raveesh Kumar said, “We are very strong strategic partners and we have brought in deep convergences across a range of issues.

We have excellent trade and investment linkages and are moving toward high defence and technology tie-up.” It’s not just political posturing by India to maintain the tricky relationship at a time when the Trump administration is coming up with reports one after the other criticising the country’s proposed data-protection policies. The PDP Bill was listed to be tabled in Parliament in the first session of the Modi 2.0 government but is yet to see the light of the day. If India tables the draft bill without making concessions that ease the demands on US technology companies, it will severely harm the India-US technology relationship, according to some US policy lobbyists. However, government sources tell ET Prime that the bill now has “data localisation as a very small part”, meaning that it is already likely diluted due to US pressure tactics. Sources say the non-critical data of an individual like height, weight, bank-account number, etc., will not need to be mandatorily stored in India. However, biometric data will have to be stored locally.

Top policymakers who were consulted for the Justice Srikrishna Committee report say should the bill be diluted under duress, it will be a sorry statement for India’s data-protection regime. Meanwhile, with nationalistic sentiments in full flourish during the new Modi government’s first Parliament session, the Ministry of Electronics and Information Technology issued a note that “the bill being prepared will address India’s sovereign data concerns and provide a framework to boost innovation in India while complying with the directives contained in the judgment of [the Honourable Supreme Court]”.

India and EU: a potential template In contrast to the Indo-US friction, India’s understanding with the European Union (EU) on the issue of data protection offers a potential template. India is looking at dialing EU to seek ‘adequacy’ status with the General Data Protection Regulation (GDPR) once it passes the PDP Bill. Tomasz Kozlowski, EU Ambassador to India, said at the recent ET 5G Congress, “Data protection is an important element of EU-India cooperation.

With such a law in place, India will be joining the global trend of global convergence toward a modern data-protection law, and take a leadership role in the region and globally, at a time when the need to address challenges to data privacy and security requires a common approach.” Kozlowski added that the “adoption of strong data protection law will also pave way for EU-India discussions and further facilitate data flows.” Top cybersecurity sources in the Indian government point out that the US has agreed to GDPR, which is far more stringent than the Indian Bill. If so, why make noise about India’s data-localisation demands?

For more details visit https://cis-india.org/internet-governance/news/et-prime-sandhya-sharma-august-19-2019-us-pressure-threatens-to-weaken-data-localisation-mandate-in-indias-landmark-data-protection-bill

US Copyright law faces constitutional challenge

sinha — 2016-08-11T13:28:13Z

In a major international development, the Electronic Frontier Foundation (EFF) has filed a lawsuit to strike down the provisions on Digital Rights Management(DRM) in the Digital Millennium Copyright Act. In this post, I discuss DRMs, the EFF lawsuit, and then draw upon the differences between the US and Indian copyright regime on DRM protection.

Originally published by Spicy IP on August 5, 2016. You may read EFF’s lawsuit here.

Decoding DRM

If you own a Netflix account and travel a lot, you may have been denied access to some TV shows depending on the country you logged in from. While that restriction can perhaps be gotten around by using VPNs, there exist other technological measures that prevent you from fixing your own automobile to sharing/making copies of an e-book that you supposedly bought. Such technological protection measures are commonly known as Digital Rights Management (DRM). These go back twenty years, and it was in 1996 when the first DRM appeared in the form of geo-access restrictions on DVD play.

Soon thereafter, it became de rigeur for businesses dealing in IP to apply all kinds of DRMs to their products. It was largely an embarrassing and a pointless saga of implementing software embedded restrictions to stem piracy (remember the Sony BMG rootkit fiasco?), given how blatantly they were discovered and circumvented. And now since technology is beginning to dwell even in our shoes, DRMs have been slapped onto these as well. So if you discover a bug causing a miscalculation in your step count, you are not only prohibited under law from probing the code and fixing it yourself, but you also may get jailed for doing so. Imagine such how such prohibition impacts and limits our daily lives and the work of professional researchers.

Clearly, DRM is not just a mere trifle to be brushed aside via smarter code– its ramifications go much farther. DRMs come with the problem of masking vulnerabilities, compromised security of the device and us er-privacy, and trampled consumer rights, fair use and free speech. Further, the poor design of DRMs makes them unable to distinguish between illegal use and fair-use. Progressive cutting down of users’ rights to store, reproduce, distribute media has become especially problematic for developing countries because of our greater dependence on free-er terms for sale, lending and donation. On the other hand, DRMs continue to become more ubiquitous(could be incorporated in the HTML 5 standard soon).

However, in an exciting development, the first major legal battle to kill DRM has begun!

Because finally in an unprecedented move, a constitutional challenge has been lodged in the US against DRM provisions, on the grounds that they restrict free speech and fair-use of copyright materials (the fair-use doctrine allows copyright law to co-exist with the first amendment). The complaint has been filed by EFF on behalf of Matthew Green (a security researcher) and Andrew “bunnie” Huang (a technologist)

The rejection that prompted a legal challenge..

Sections 1201-1205 of the Digital Millennium Copyright Act (DMCA) lay down provisions relating to circumvention of DRM. Uniquely, the DMCA vests power in the Librarian of Congress to periodically enact rules granting exemption from the anti-circumvention provisions to legitimate non-infringing use of works (known as DMCA Rulemaking). It was under this particular instance of rulemaking in 2015, wherein the Librarian failed to grant an exemption for “…speech using clips of motion pictures, for the shifting of lawfully-acquired media to different formats and devices, and for certain forms of security research.” The rejection triggered the challenge against ‘Rulemaking’, ‘anti-circumvention’ and ‘anti-trafficking’ provisions of the DMCA, namely sections 1201(a), 1203, and 1204 . (This exemption was applied for by EFF, which has been seeking (and been granted) exemptions since 2003.)

In fact, universally, DRM provisions pose questions of free speech, consumer rights, privacy and copyright law. In the following section I will examine and compare the US and Indian copyright regime on DRM protection.

WCT and DMCA were used to push DRM protection into Indian Copyright Act

The Indian Copyright Act, 1957 provisions on DRM are based in sections 2(xa), 65A and 65B, which were introduced through the Copyright Amendment Act, 2012. The sections define ‘Rights Management Information’, provide for ‘Protection of technological measures’ and ‘Protection of Rights Management Information’, respectively. It must be noted that the WIPO Copyright Treaty (WCT) was the first instrument to conceive rules on DRM protection (Articles 11, 12). US was the first country to import WCT provisions into its copyright law via DMCA, which even went above the WCT standards. Soon, Hollywood-backed USTR wanted India to follow suit, and the provisions were queued up for an amendment to India’s copyright law. Please note that India is NOT a party to the WCT, and was under no obligation to enact laws on DRMs. Nevertheless, the Indian provisions with some changes and added limitations were loosely lifted from the equivalent WCT articles.

It is worth noting that the Indian DRM provisions have better safeguards than the DMCA provisions:

1) The Indian provisions (s. 65A+ 65B) do not make building and distribution of circumvention tools illegal. Only the act of circumvention attracts criminal liability. However, there is a duty on the person facilitating circumvention for another person to maintain a record of the same, including the purpose for which the facilitation occurred. The purpose should not be expressly prohibited under the Copyright Act, 1957.

Regardless, being criminally liable for circumventing DRM is a major threat to small businesses and developers. In one instance, when some Indian developers had built an open source software “PlayFair” to bypass Apple’s FairPlay DRM, they were threatened with legal action under the US’ DMCA. Despite the DMCA having no jurisdiction in India, the developers shut shop.

2) Clauses 65A(1) and 65A(2)(a) confine violation of technological protection measures to rights enumerated in the act, only. This means that the section does not restrict circumventions which attempt to get access to the underlying work.

While India has not seen major challenges to this provision, in 2013 the Delhi High Court injuncted persons from jailbreaking into Sony Playstations. Amlan analysed the order and questioned it in terms of the Court finding the act of ‘modifying the playstation without Sony’s consent’ illegal. Because, if you read section 65A (emphasis supplied is mine):

65A. Protection of Technological Measures

(1) Any person who circumvents an effective technological measure applied for the purpose of protecting any of the rights conferred by this Act, with the intention of infringing such rights, shall be punishable with imprisonment which may extend to two years and shall also be liable to fine.

(2) Nothing in sub-section (1) shall prevent any person from:

(a) doing anything referred to therein for a purpose not expressly prohibited by this Act:

Provided that any person facilitating circumvention by another person of a technological measure for such a purpose shall maintain a complete record of such other person including his name, address and all relevant particulars necessary to identify him and the purpose for which he has been facilitated; or

(b) doing anything necessary to conduct encryption research using a lawfully obtained encrypted copy; or

(c) conducting any lawful investigation; or

(d) doing anything necessary for the purpose of testing the security of a computer system or a computer network with the authorisation of its owner; or

(e) operator; or [sic]

(f) doing anything necessary to circumvent technological measures intended for identification or surveillance of a user; or

(g) taking measures necessary in the interest of national security.

Clause (1) clearly states that the law is only applicable to such technological protection measures applied to protect any of the rights conferred by the copyright act. Which raises the questions of which rights are affected when OS of the playstation is modified, and how does the modification amount to copyright infringement? One may perhaps draw that the Court in this order placed the ‘consent’ of Sony above the law.

3) S. 65A(2) safeguards certain acts which also exist as exceptions granted in the Copyright Act. These enumerated acts may be performed without attracting liability: for instance, circumventions for purposes of encryption research, security testing, lawful investigation, evading surveillance by DRM are kosher. Note that s. 65A(2)(g) permits circumvention in the interest of national security.

(For a detailed exegesis of these provisions, please read this piece.)

A look at the draconian DMCA provisions

As I mentioned earlier, the DMCA provisions on DRMs are much stricter compared to the Indian copyright act. Both circumvention(s. 1201(a)(1)), and building and distribution of circumvention tools(s. 1201(a)(2)) are illegal and punishable. The DMCA also meticulously defines circumvention, in terms of “circumventing a technological measure” and “circumventing protection afforded by a technological measure.”

More alarmingly, these provisions envisage access controls as well as use controls. So a person decrypting a DVD to gain access to the work would be held liable for infringement (unlike in India where only the act of copying or modifying the work would trigger infringement). It is also worth noting that there is no clause stating that circumvention (and tools) of only those DRMs is illegal when the DRMs protect rights conferred under the DMCA.

While s. 1201(c) states that the section shall not affect “…rights, remedies, limitations or defenses to copyright infringement, including fair-use…” Further, there do exist exemptions to clauses(a)(1) and (2):

Exemption for nonprofit libraries, archives and educational institutions; and
Exemption for the purposes of law enforcement, intelligence and other government activities, reverse engineering (solely for the purposes of achieving interoperability), restricting internet access to minors, protecting personally identifiable information, security testing, encryption research, etc.

While the list seems to permit circumvention for a wide range of purposes and fair-use, the vague and narrow language has failed the implementation of these exemptions. EFF lists a bunch of these instances where the DRM provisions have been not necessarily used against pirates, but also scientists, consumers and legit competitors.

Further, the DMCA left it entirely to the US copyright agencies to carve exemptions for non-infringing uses of works on a triennial basis. This rulemaking procedure has received heavy criticism, and as a result of the 2015 rejection the Library of the Congress finds itself in a legal soup.

Finally, the EFF lawsuit also illustrates the violations of the plaintiffs rights to free speech and fair-use, as a direct result of the provisions and the Rulemaking process. Armed with a strong case, and as Cory Doctorow puts it, we may witness the eradication of DRM in our lifetime. And I will be following the developments closely and keep our readers updated.

For more details visit https://cis-india.org/a2k/blogs/us-copyright-law-faces-constitutional-challenge

Untangling the web of India's 'ungovernable' Net

praskrishna — 2013-04-16T06:06:20Z

India sells itself as a tech hub, outsourcing IT experts to the world. At home, it dreams of "equity on the Net." But millions remain unconnected and digital surveillance is on the rise.

This was published in Deutsche Welle on April 15, 2013. Sunil Abraham is quoted.

The Indian government has a dream. It dreams of the "Equinet" - a time when "there shall be equity on the Net."

"The Internet must not just be a platform for the privileged - the Internet must become an inclusive platform," India's communications minister Kapil Sibal says. "In fact, my vision is that the Internet should ultimately become the Equinet. In other words, all those, no matter which station in life they belong to, should have access to the Internet, and that can only happen if all the elements of the Internet are such that people can access them at affordable costs."

India has the third highest number of people on the Net, with about 150 million people connected.

But with a population of 1.2 billion, 150 million is not that many. Internet penetration languishes at around 10 percent, while in the United States and China - the top two countries in world rankings - Internet penetration is at 78 and 40 percent, respectively.

Like in America… in 1994

It's a fact that Google chairman Eric Schmidt highlighted on a recent tour of India, among other Asian countries.

"The Internet feels [in India] like in America in 1994," he says. "It is crucial for India to invest and enable fast fiber Internet connectivity within the country, between the country and the other countries."


While touring Asia, Schmidt said India seemed to have "rested on its laurels" after early success in the IT sector

You would think that connectivity would be better in India. The country prides itself on being a tech hub, with its centers of excellence in places like Bangalore. It has outsourced information technology specialists globally for over ten years.

Communications minister Sibal insists the government is investing where it can, saying India will connect 250,000 villages with fiber optics in the "next year or so."

"The networks should be in place, the fiber optics should be in place, [connectivity] should be efficient and of high speed, and above all, the access to handsets, which is really the key - unless handsets are affordable and accessible to ordinary people, you will not get the kind of penetration that you want from the Internet," he adds.

However, for some, there are even greater challenges for India than poor connectivity and bad infrastructure.

All eyes on you

In mid-March, police in India's financial capital Mumbai launched the country's first "Social Media Lab."

Mumbai police say they will use it to monitor and track "which topics are trending among the youth so [they] can plan law and order in a good way."

The Mumbai Social Media Lab comes amid concerns over "moral policing" of the Net by Indian authorities, and censorship - especially where comments involve political figures. The Times of India reports numerous requests by authorities to have content removed by Google and Twitter. There have also been arrests under the remit of a controversial section - 66A - of India's IT Act.

Sibal denies India wants to censor the Net. If people have been arrested under Section 66A of the IT Act, it's because police officials have either misread the law, or acted independently, he says.

"Yes, but I would say, from where does this emanate? Does it emanate with a complete understanding at the top?" asks V.C. Vivekanandan, director of the Institute of Global Internet Governance and Advocacy.


Indian communications minister Kapil Sibal says "Internet governance is an oxymoron"

"There are various, multiple layers of governance in a huge country like India, where people could be enthusiastic in their own way about thinking what is right and wrong," says Vivekanandan. "So, I don't really see censorship as such, but they would like to have discourse in a model which was pre-Internet."

Tracking private lives

But in other areas, India is showing itself to be very comfortable in the Internet age - and where it has its eyes fixed on the future.

"From what I can tell, the social media monitoring cell in Mumbai is perhaps one of the more benign components because it isn't keeping track of private communications," says Sunil Abraham, executive director of the Centre for Internet and Society (CIS) in Bangalore.

However, the Indian government plans to track everybody's online activities - that means anything that uses the Internet as a communication network.

"There are very many other projects like the unique identification (UID) and the National Intelligence Grid (NATGRID) that will keep track of private communications," says Abraham.

The UID is the Indian government's centralized biometric identity management system, which will connect more than 20 databases that 12 intelligence and law enforcement agencies will be able to access.

"These databases include banking records, telecommunications records and travel records [among other things]," says Abraham. "So, it's a very large scale attempt by the Indian government to place citizens under 360 degree blanket surveillance."

Internet governance is an oxymoron

But how these moves square with Sibal's vision of the Equinet is hard to see.


This Delhi laywer, Mohit Sharma, is one of only 11 percent of Indians who are connected to the Internet

The communications minister believes Indians will not be dissuaded from using the Net.

"The fact that 150 million people are on the Net is evidence of the fact that they are not scared, and if you go to Twitter today, there are more abuses on Twitter than perhaps you can find anywhere else in the world," says Sibal.

That doesn't necessarily mean that the government thinks this is a good thing. But Sibal insists he is against Internet governance - in fact, he says "Internet governance is an oxymoron."

"How can you govern something that cannot be governed? Because anybody can say anything on the Net," says Sibal. "So, there should be an element of self-regulation. Just as we interact with each other in civilized society, similarly people on the Net should also interact with each other with self-restraint."

But the CIS's Sunil Abraham isn't convinced.

"If one listens very carefully to what the minister says, he says you cannot regulate the Internet. But you can regulate what citizens do on the Internet," he says. "You can regulate what corporations do on the Internet. And you can also regulate what the government does on the Internet."

For more details visit https://cis-india.org/news/d-w-april-15-2013-untangling-the-web-of-indias-ungovernable-net

Unpacking video-based surveillance in New Delhi

Aayush Rathi and Ambika Tandon — 2019-06-20T05:13:25Z

Aayush Rathi and Ambika Tandon presented at an international workshop on 'Urban Data, Inequality and Justice in the Global South', on 14 June 2019, at the University of Manchester. The agenda for the workshop and the slides from the presentation by Aayush and Ambika are available below.

Agenda of the workshop: Download (DOCX)

Slides from the presentation: Download (PDF)

The aim of the workshop was to present findings from case studies on urban data justice commissioned by the Sustainable Consumption Institute and Centre for Development Informatics at the University of Manchester, on aspects of justice in data systems in cities across the world. Aayush and Ambika presented their study on video-based surveillance in New Delhi, which was conducted across a period of 3 months earlier this year. The study aimed to assess the extent to which CCTV surveillance systems in Delhi support the needs of women in the city, including lower class women and those from informal settlements. The study will be published as a working paper by the University of Manchester in the coming months.

For more details visit https://cis-india.org/raw/unpacking-video-based-surveillance-in-new-delhi-urban-data-justice

Understanding Surveillance and Privacy in India

praskrishna — 2014-09-08T06:08:49Z

Bhairav Acharya delivered a lecture at the Jamia Millia Islamia in New Delhi on August 28, 2014.

Abstract
While privacy seems intuitive to most people, its legal codification and protection is complex. This is because varying expectations of privacy exist in different social contexts demanding different forms and degrees of protection. In India, an unambiguous and enforceable constitutional right to privacy does not exist. The Supreme Court of India has, intermittently and unconvincingly, recognised a limited right to privacy in certain situations. Recent debates on privacy focus primarily on two areas: surveillance, and data protection. The interception of communications – phone calls, emails, and letters, – which is a type of surveillance, is statutorily regulated in India in an uneven way. A colonial law permits and regulates wiretaps in India. A derivative law governs emails and electronic communications. Both these laws suffer serious shortcomings. Indian law permits executive authorisations – by bureaucrats – of wiretaps without an independent audit and oversight mechanism. No legal provisions exist to redress improper wiretaps or information leaks – the Radia tapes controversy illustrates this. These lacunae remain unaddressed even as large-scale techno-utopian projects, such as the Central Monitoring System, move forward. However, the recent governmental push for privacy law does not stem from surveillance concerns but from international commerce in personal data. There is also a growing domestic constituency that is alarmed by the state’s collection of personal data without regulatory safeguards.

About the Speaker
Bhairav Acharya is a constitutional lawyer in India who joined the Bar in 2004 after graduating from the National Law School of India University, Bangalore. From 2004 - 2009, he was the Deputy Director of the Public Interest Legal Support and Research Centre (PILSARC), an organisation established to provide institutional legal support and credible research to popular movements, and to ideas and communities marginalised by law. He headed a UNHCR project to draft a refugee protection law for India and is a member of the NHRC’s National Experts Group on Refugee Law. He litigated – mostly constitutional law – in the chambers of a senior counsel in the Supreme Court of India, where he became especially interested in free speech law. From 2009 - 2010, he advised a leading Indian multinational information technology major on privacy law and data protection. At present, he independently advises the Centre for Internet and Society, Bangalore, on privacy law, and is drafting a proposed privacy statute to regulate data protection and surveillance in India to provide a participatory and consensus - based legal submission to the Indian government.

Event Details
Venue: CCMG Network Governance Lab,
Date: Thursday, August 28, 2014
Time: 11.30 a.m.

For more details visit https://cis-india.org/internet-governance/news/understanding-privacy-and-surveillance-in-india

Understanding Aadhaar and its New Challenges, May 26-27, 2016

sumandro — 2016-05-26T10:29:43Z

A workshop on “Understanding Aadhaar and its New Challenges” is being organised by the Centre for Studies in Science Policy, Jawaharlal Nehru University, and the Centre for Internet and Society, during May 26-27. It is also supported by the Centre for Communication Governance at NLU Delhi, Free Software Movement of India, Knowledge Commons, PEACE, and Center for Advancement of Public Understanding of Science & Technology. This is a legal and technical workshop to be attended by various key researchers and practitioners to discuss the current status of the implementation of the project, in the context of the passing of the Act and the various ongoing cases.

Workshop Programme

First Day, May 26

9:00-9:30	Registration
9:30-10:00	Prof. Dinesh Abrol - Welcome Self-introduction and expectations of participants Dr. Usha Ramanathan - Overview of the Workshop
10:00-11:00	Current Status of Aadhaar Dr. Usha Ramanathan, Legal Researcher, New Delhi - What the 2016 Law Says, and How it Came into Being S. Prasanna, Advocate, New Delhi - Status and Force of Supreme Court Orders on Aadhaar Discussion
11:00-11:30	Tea Break
11:30-13:30	Direct Benefits Transfers Prof. Reetika Khera, Indian Institute of Technology, Delhi - Welfare Needs Aadhaar like a Fish Needs a Bicycle Prof. Ram Kumar, Tata Institute of Social Sciences, Mumbai - Aadhaar and the Social Sector: A critical analysis of the claims of benefits and inclusion Ashok Rao, Delhi Science Forum - Cash Transfers Study Discussion
13:30-14:30	Lunch
14:30-16:00	Aadhaar: Science, Technology, and Security Prof. Subashis Banerjee, Deptt of Computer Science & Engineering, IIT, Delhi - Privacy and Security Issues Related to the Aadhaar Act Pukhraj Singh, former National Cyber Security Manager, Aadhaar, New Delhi - Aadhaar: Security and Surveillance Dimensions Discussion
16:00-16:30	Tea Break
16:30-17:30	Aadhaar - International Dimensions Prof. Chinmayi Arun, Center for Communication Governance, National Law University, Delhi - Biometrics and Mandatory IDs in other parts of the world Dr. Gopal Krishna, Citizens Forum for Civil Liberties - International Dimensions of Aadhaar Discussion
17:30-18:00	High Tea
18:00-19:00	Video Presentations

Second Day, May 27

9:30-11:00	Privacy, Surveillance, and Ethical Dimensions of Aadhaar Prabir Purkayastha, Free Software Movement of India, New Delhi - Surveillance Capitalism and the Commodification of Personal Data Arjun Jayakumar, SFLC - Surveillance Projects Amalgamated Col Mathew Thomas, Bengaluru - The Deceit of Aadhaar Discussion
11:00-11:30	Tea Break
11:30-10:30	Aadhaar: Broad Issues - I Prof. G Nagarjuna, Homi Bhabha Center for Science Education, Tata Institute of Fundamental Research, Mumbai - How to prevent linked data in the context of Aadhaar Dr. Anupam Saraph, Pune - Aadhaar and Moneylaundering Discussion
13:00-13:30	Video Presentations
13:30-14:30	Lunch
14:30-15:30	Aadhaar: Broad Issues - II Prof. MS Sriram, Visiting Faculty, Indian Institute of Management, Bangalore - Financial lnclusion Nikhil Dey, MKSS, Rajasthan (TBC) - Field witness: Technology on the Ground Prof. Himanshu, Centre for Economic Studies & Planning, JNU - UID Process and Financial Inclusion Discussion
15:30-16:00	Conclusion

For more details visit https://cis-india.org/internet-governance/events/understanding-aadhaar-and-its-new-challenges-may-26-27-2016

UN Special Rapporteur Report on Freedom of Expression and the Private Sector: A Significant Step Forward

vidushi — 2016-06-08T17:27:22Z

On 6 June 2016, the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, David Kaye, released a report on the Information and Communications Technology (“ICT”) sector and freedom of expression in the digital age. Vidushi Marda and Pranesh Prakash highlight the most important aspects of the report.

Background

Today, the private sector is more closely linked to the freedom of expression than it has ever been before. The ability to speak to a mass audience was at one time a privilege restricted to those who had access to mass media. However, with digital technologies, that privilege is available to far more people than was ever possible in the pre-digital era. As private content created on these digital networks is becoming increasingly subject to state regulation, it is crucial to examine the role of the private sector in respect of the freedom of speech and expression.

The first foray by the Special Rapporteur into this broad area has resulted in a sweeping report, that covers almost every aspect of freedom of expression within the ICT sector, except competition which we will elaborate on later in this post.

Introduction

The report aims to “provide guidance on how private actors should protect and promote freedom of expression in a digital age”. It identifies the relevant international legal framework as Article 19 of the International Covenant on Civil and Political Rights, and Article 19 of the Universal Declaration of Human Rights. The UN “Protect, Respect and Remedy” Framework and Guiding Principles, also known as the Ruggie Principles provide the framework for private sector responsibilities on business and human rights.

The report categorises different roles of the private sector in organising, accessing, regulating and populating the internet. This is important because the manner in which the ICT sector affects the freedom of expression is far more complicated than traditional communication industries. The report identifies the distinct impact of internet service providers, hardware and software companies, domain name registries and registrars, search engines, platforms, web hosting services, platforms, data brokers and e-commerce facilities on the freedom of expression.

Legal and Policy Issues

The Special Rapporteur discusses four distinct legal and policy issues that find relevance in respect of this problem statement: Content Regulation, Surveillance and Digital Security, Transparency and Remedies.

Content Regulation

The report identifies two main channels through which content regulation takes place: the state, and internal processes.

Noting that digital content made on private networks is increasingly subject to State regulation, the report highlights the competing interests of intermediaries who manage platforms and States which demand for regulation of this content on grounds of defamation, blasphemy, protection of national security etc. This tension is demonstrated through vague laws that compel individuals and private corporations to over-comply and err on the side of caution “in order to avoid onerous penalties, filtering content of uncertain legal status and engaging in other modes of censorship and self-censorship.” Excessive intermediary liability forces intermediaries to over-comply with requests in order to ensure that local access to their platforms are not blocked. States attempt at regulating content outside the law through extra legal restrictions, and push private actors to take down content on their own initiative. Filtering content is another method, wherein States block and filter content through the private sector. Government blacklists, illegal content and suspended accounts are methods employed, and these have sometimes raised concerns of necessity and proportionality. Network or service shutdowns are classified as a “particularly pernicious” method of content regulation. Non neutral networks also are a method of content regulation with the possibilities of internet service providers throttling traffic. Zero rating is a potential issue, although the report acknowledges that “it remains a subject of debate whether they may be permissible in areas genuinely lacking Internet access”.

The other node of content regulation has been identified as internal policies and practices of the private sector. Terms of service restrictions are often tailored to the jurisdiction’s laws and policies and don’t always address the needs and interests of vulnerable groups. Further, the report notes, design and engineering choices of how private players choose to curate content are algorithmically determined and increasingly control the information that we consume.

Transparency

The report notes that transparency enables those entities subject to internet regulation to take informed decisions about their responsibilities and liabilities in a digital sphere and points out, that there is a severe lack of transparency about government requests to restrict or remove content. Some states even prohibit the publication of such information, with India being one example. In respect of the private sector, content hosting platforms sometimes at least reveal the circumstances under which content is removed due to a government request, although this is rather erratic. The report recognises the need to balance transparency with competing concerns like security and trade secrecy, and this is a matter of continued debate.

Surveillance and Digital Security

Freedom of expression concerns arise as data transmitted on private networks is gradually being subjected to surveillance and interference from the State and private actors. The report finds that several internet companies have reported an increase in government requests for customer data and user information. According to the Special Rapporteur, effective resistance strategies include inclusion of human rights guarantees, restrictively interpreting government requests negotiations. Private players also make surveillance and censorship equipment that enable States to intercept communications. Covert surveillance has been previously reported, with States tapping into communications as and when necessary. When private entities become aware of interception and covert surveillance, their human rights responsibilities arise. As private entities work towards enhancing encryption, anonymity and user security, states respond by compelling companies to create loopholes for them to circumvent such privacy and security enhancing technology.

Remedies

Unlawful content removal, opaque suspensions, data security breaches are commonplace occurrences in the digital sphere. The ICCPR guarantees that all people whose rights have been violated must have an effective remedy, and similarly, the Ruggie principles require that remedial and grievance mechanisms must be provided by corporations. There is some ambiguity on how these complaint or appeal mechanisms should be designed and implemented, and the nature and structure of these mechanisms is also unclear. The report states that it is necessary to investigate the role of the state in supplementing/regulating corporate mechanisms, its role in ensuring that there is a mechanism for remedies, and its responsibility to make sure that more easily and financially accessible alternatives exist for remedial measures.

Special Rapporteur’s priorities for future work and thematic developments

Investigating laws, policies and extralegal measures that equip governments to impose restrictions on the provision of telecommunications and internet services. Examining the responsibility of companies to respond in a way that respects human rights, mitigates harm, and provides avenues for redress.
Evaluating content restrictions under terms of service and community standards. Private actors face substantial pressure from governments and individuals to restrict expression, and a priority is to evaluate the interplay of private and state actions on freedom of expression in light of human rights obligations and responsibilities.
Focusing on the legitimacy of rationales for intermediary liability for content hosting, restrictions, conditions for removing third party content.
Exploring censorship and surveillance within the human rights framework, and encouraging greater scrutiny before using these technologies for purposes that undermine the freedom of expression.
Identifying ways to balance an increasing scope of freedom of expression with the need to address governmental interests in national security and public order.
Internet access - Future work will explore issues around access and private sector engagement and investment in ensuring affordability and accessibility, particularly considering marginalized groups.
Internet governance - Internet governance frameworks and reform efforts are sensitive to the needs of women, sexual minorities and other vulnerable communities. Throughout this future work, the Special Rapporteur will pay particular attention to legal developments (legislative, regulatory, and judicial) at national and regional levels.

Conclusions and Recommendations

States: The report recommends that states should not pressurise the private sector to interfere with the freedom of speech and expression in a manner that does not meet the condition of necessary and proportionate principles. Any request to take down content or access customer information must be based on validly enacted law, subject to oversight, and demonstrate necessary and proportionate means of achieving the aims laid down in Article 19(3) of the ICCPR.
Private Actors: The Special Rapporteur recommends that private actors develop and implement transparent human rights assessment procedures, and develop policies keeping in mind their human rights impact. Apart from this, private entities should integrate commitments to the freedom of expression into internal processes and ensure the “greatest possible transparency”.
International Organisations: The report recommends that organisations make resources and educational material on internet governance publicly accessible. The Special Rapporteur also recommends encouraging meaningful civil society participation in multi-stakeholder policy making and standard setting processes, with an increased focus on sensitivity to human rights.

CIS Comments

CIS strongly agrees with the expansion of the Special Rapporteur’s scope that this report represents. He is no longer looking solely at states but at the private sector too.
CIS also notes that competition is an important aspect of the freedom of expression, but has not been discussed in this report. Viable alternatives to platforms, networks, internet service providers etc., will ensure a healthy, competitive marketplace, and will have a positive impact in resolving the issues identified above.
Our work has called for maintaining a balanced approach to liability of intermediaries for their users’ actions, since excessive liability or strict liability would lead to over-caution and removal of legitimate speech, while having no liability at all would make it difficult to act effectively against harmful speech, e.g., revenge porn.
CIS’ work on network neutrality has highlighted the importance of neutrality for freedom of speech, and has advocated for an evidence-based approach that ensures there is neither under-regulation, nor over-regulation. The Special Rapporteur suggests that ‘Zero-Rating’ practices always violate Net Neutrality, but the majority of the definitions of Net Neutrality proposed by academics and followed by regulators across the world often do not include Zero-Rating. Similarly, he suggests that the main exception for Zero-Rating is for areas genuinely lacking access to the Internet, whereas the potential for some forms of Zero-Rating to further freedom of expression, especially of minorities, even in areas with access to the Internet, provides sufficient reason for the issue to merit greater debate.

(Pranesh Prakash was invited by the Special Rapporteur to provide his views and took part in a meeting that contributed to this report)

For more details visit https://cis-india.org/internet-governance/un-special-rapporteur-report-on-freedom-of-expression-and-the-private-sector-a-significant-step-forward

UN Questionnaire on Digital Innovation, Technologies and Right to Health

Pahlavi and Shweta Mohandas — 2022-11-21T16:10:06Z

The Centre for Internet & Society (CIS) contributed to the questionnaire put out by the Office of the United Nations High Commissioner for Human Rights, on digital innovation, technologies and the right to health. The responses were authored by Pahlavi and Shweta Mohandas, and edited by Indumathi Manohar.

Questionnaire

1. What are benefits of increased use of digital technologies in the planning and delivery of health information, services and care? Consider the use of digital technologies for healthcare services, the collection and use of health-related data, the rise of social media and mobile phones, and the use of artificial intelligence specifically to plan and deliver healthcare. Please share examples of how such technologies benefited specific groups. How have digital technologies contributed to availability, accessibility, acceptability and quality of healthcare? Has the use of artificial intelligence improved access to health information, services and care? Please comment on existing or emerging biases in health information, services and care.

The use of digital technologies and forms of digital health interventions has seen an increase in interest from governments, industries, as well as individuals since the beginning of the pandemic. The lockdowns, and other social distancing measures created a push towards telemedicine and online consultations. Digital health services provide a number of people the opportunity to seek medical help without traveling, which particularly help people with accessibility needs, the elderly, and anyone else that has difficulty in movement.1 Telemedicine can also help meet the challenges of healthcare delivery to rural and remote areas, in addition to serving as a means of training and education.2

The pandemic brought about a push towards telehealth and telemedicine and the telemedicine market has been reported to touch $5.4 Bn by 2025,3 with a number of applications working to make it more accessible to people in India. With respect to AI there has been some adoption of AI in India to help the most vulnerable group of people. For example: Microsoft has teamed up with the Government of Telangana to use cloud-based analytics for the Rashtriya Bal Swasthya Karyakram program by adopting MINE (Microsoft Intelligent Network for Eyecare), an AI platform to reduce avoidable blindness in children.4 Similarly Philips Innovation Campus (PIC) in Bengaluru, Karnataka is harnessing technology to make solutions for TB detection from chest x-rays, and a software solution (Mobile Obstetrics Monitoring) to identify and manage high-risk pregnancies.5 More recently IWill by ePsyClinic, a mental-health platform in India, has received a grant from Microsoft's 'AI for Accessibility' program to accelerate the building of a Hindi-based AI Mental Health conversational program.6

However the use of digital technologies and online medical interventions has also widened the increasing gap between those who can afford a smart phone and internet and those who cannot. A digital-only health intervention also results in excluding a wide number of people who do not have a smartphone, for example the Indian contact-tracing app, Aarogya Setu, which was a mandatory download to access public places during the lockdown was initially only available via a smartphone. Additionally, the app initially was not compatible with screen readers.7 The disparities in digital access and infrastructure is not limited to individuals— a report by the Ministry of Electronics and Information Technology India highlighted that the government hospitals and dispensaries have very little ICT infrastructure with only some major public hospitals having computers and connectivity.8

As stated above, the adoption of digital health technologies is not uniform around the world, and the people who are not able to access these technologies missed being included in the data that is being collected by these systems, further excluding from the data set which might be used to train future interventions. In the same light, digital technologies such as AI based screening are based on historical data that have been proved to contain biases against

marginalised communities. Continuing to use these systems without addressing these biases and or including more diverse dataset results in the same people being marginalised and misdiagnosed further. For example, safety apps where data is provided by limited people could identify Dalit and Muslim areas as unsafe, reflecting the prejudices of the app’s middleand upper-class users.9 While this has not been revealed in healthcare apps, the growing use of CCTVs and subsequent use of facial recognition in only certain pockets of the city reveal the historical biases in the police system that lead to targeted surveillance.10

2. How has the rise of web platforms and social media increased access to health information and services, or conversely, increased risk of misdiagnosis or other harms? Please share examples of ways in which social media and web platforms facilitated innovation in access to evidence-based health information and services, or created new threats of discrimination, mental health harms, or online or offline violence.

Social media platforms have helped people immensely during the pandemic. For example, when people reached out to strangers for help for hospital beds and oxygen. However, the benefits of such were limited to people who were on social media and had the reach and networks to share such information.11Furthermore, social media and messaging apps such as Whatsapp also led to the spread of misinformation during the pandemic. For example a Whatsapp message claiming to be from the Ministry of Aayush which permitted homeopathy doctors to treat Covid19 spread significantly, leading to the official government channels clarifying that it is fake and cautioning people against it.12 It was also noted that at times when women shared requests for beds or oxygen during covid on social media, they were faced with fake calls, stalking and trolling on social media, making it harder for them to seek help.

3. How has the right to privacy been impacted by the use of digital technologies for health? Please share examples of ways in which data gathered from digital technologies have been used by States, commercial entities or other third parties to either benefit or harm groups regarding the right to health.

In 2006, the National e-Governance Plan (NeGP) was approved by the Indian State wherein a massive infrastructure was developed to reach the remotest corners and facilitate easy access of government services efficiently at affordable costs.13There has been a paradigm shift in the Indian state’s governance strategy, with severe implications for privacy and inclusion. However, this shift has been undertaken primarily through a series of administrative orders with no real legislative mandate and minimal judicial oversight. This digitisation began with services such as taxation, land record, passport details, but it soon extended its ambit, and it now covers most services for which the citizen is dependent upon the state— the latest being digital health.

In the Indian context, there have been a number of policies that have been published which dealt with digital health. The policies looked at creating a digital health ID, digitisation of health data, and the management of health data. However these policies are being introduced without the existence of a comprehensive data protection legislation. While there are certain safeguards mentioned in each policy, without privacy and data protection legislation it is impossible to ensure compliance and the rights of the data owners. This issue became a reality when during the vaccination for Covid, some vaccination centres created Health ID for people without their consent.14

4. What are current strengths or weaknesses of digital health governance at national, regional and global levels? Please provide examples of laws, regulations or other safeguards that has been put in place to protect and fulfill the rights to health, privacy, and confidentiality within the use of digital technologies for health? Do restrictive laws or law enforcement create any specific challenges for persons using digital technologies to access health information or services?

Digitisation of the healthcare system in India had started prior to the pandemic. However, the pandemic also saw a slew of digitisation policies being rolled out, the most notable being the National Digital Health Mission (re-designed as the Aayushman Bharat Digital Mission) which empowered and saw the government use the vaccination process to generate Health IDs for citizens, in several reported cases without their knowledge or consent.15 The entire digitisation process has been undertaken in the absence of any legislative mandate or judicial oversight. It has primarily been undertaken through issuance of executive notifications and resulting in absent or inadequate grievance redressal mechanisms.

The rollout of the NDHM also saw health IDs being generated for citizens. In several reported cases across states, this rollout happened during the Covid-19 vaccination process— without the informed consent of the concerned person. All of these developments took place in the absence of a data protection law and a law regulating the digital health sphere, raising critical concerns around citizens’ privacy and the governance and oversight mechanisms for digital health initiatives.

Valdez, R. S., Rogers, C. C., Claypool, H., Trieshmann, L., Frye, O., Wellbeloved-Stone, C., & Kushalnagar, P. (2021). Ensuring full participation of people with disabilities in an era of telehealth. Journal of the American Medical Informatics Association, 28(2), 389-392.
Paul, Hickok, Sinha, & Tiwari. (2018). Artificial Intelligence in the Healthcare Industry in India. Centre for Internet and Society India. Retrieved November 15, 2022, from https://cis-india.org/internet-governance/ai-and-healthcare-report/view
Dayalani, V., K., H., S., G., R., T., & M., L. (2021, February 15). 1mg Rises In Indian Telemedicine Space As Sector Set To Touch $5.4 Bn Market Size by 2025. Inc42 Media. Retrieved November 15, 2022, from https://inc42.com/datalab/telemedicine-a-post-covid-reality-in-india/
Government of Telangana adopts Microsoft Cloud and becomes the first state to use Artificial Intelligence for eye care screening for children - Microsoft Stories India. (2017, August 3). Microsoft Stories India. Retrieved November 15, 2022, from https://news.microsoft.com/en-in/governmenttelangana-adopts-microsoft-cloud-becomes-first-state-use-articial-intelligence-eye-care-screeningchildren/
D’Monte, L. (2017, February 15). How Philips is using AI to transform healthcare. Mint. Retrieved November 15, 2022, from https://www.livemint.com/Science/yxgekz1jJJ3smvvRLwmaAL/How-Philips-is-using-AI-to-transformhealthcare.html
PTI. (2022, November 11). Microsoft supports IWill with “AI for Accessibility” grant to develop AI CBT mental health program for 615 million Hindi users. Microsoft Supports IWill With “AI for Accessibility”Grant to Develop AI CBT Mental Health Program for 615 Million Hindi Users. Retrieved November 15,2022, from https://www.ptinews.com/pti/Microsoft-supports-IWill-with--AI-for-Accessibility--grant-todevelop-AI-CBT-mental-health-program-for-615-million-Hindi-users/58238.html
Nath. (2020, May 2). Coronavirus | Mandatory Aarogya Setu app not accessible to persons with disabilities.Coronavirus | Mandatory Aarogya Setu App Not Accessible to Persons With Disabilities - the Hindu. Retrieved November 15, 2022, from https://www.thehindu.com/news/national/coronavirus-mandatory-aarogya-setu-app-notaccessible-to-persons-with-disabilities/article31489933.ece
Sharma, N. C. (2018, July 16). Adoption of e-medical records facing infra hurdles: Report. Mint. Retrieved November 15, 2022, from https://www.livemint.com/Politics/CucBmKaoWLZuSf1Y9VaafM/Adoption-of-emedical-recordsfacing-infra-hurdles-Report.html
https://www.livemint.com/news/world/ai-algorithms-far-from-neutral-in-india-11613617957200.html
Vipra. (n.d.). The Use of Facial Recognition Technology for Policing in Delhi. Vidhi Centre for Legal Policy. Retrieved November 15, 2022, from https://vidhilegalpolicy.in/research/the-use-of-facial-recognition-technology-for-policingin-delhi/
Kalra, A., & Ghoshal, D. (2021, April 21). Twitter becomes a platform of hope amid the despair of India’s COVID crisis. Reuters. Retrieved November 15, 2022, from https://www.reuters.com/world/india/twitterbecomes- platform-hope-amid-despair-indias-covid-crisis-2021-04-21/
Times of India . (2020, April 29). WhatsApp message on Homeopathy and coronavirus treatment is fake- Times of India. The Times of India. Retrieved November 15, 2022, from https://timesondia.indiatimes.com/gadgets-news/whatsapp-message-on-homeopathy-and-coronavirustreatment-is-fake/articleshow/75425274.cms
Amber Sinha, Pallavi Bedi and Amber Sinha, “Techno-Solutinist Responses to Covid 19”, EPW, Vol LVI, No. 29, July 17, 2021 Retrieved from: https://www.epw.in/journal/2021/29/commentary/technosolutionist-responses-covid-19.html
Rana, C. (2021, October 1). COVID-19 vaccine beneficiaries were assigned unique health IDs without their consent.The Caravan. Retrieved November 15, 2022, from https://caravanmagazine.in/health/covid-19-vaccinebeneficiaries-were-assigned-unique-health-ids-without-their-consent

For more details visit https://cis-india.org/internet-governance/un-questionnaire-digital-innovation-technologies-right-to-health