Centre for Internet and Society

Online gag:Existing rules give little freedom

praskrishna — 2011-12-12T05:42:05Z

Even as the controversy over Kapil Sibal's attempt to get internet giants such as Google and Facebook to prescreen user-generated content to weed out 'offensive' material rages, a yet-to-be-published study by Bangalore-based Centre for Internet and Society reveals that rules already in place can have "chilling effects on free expression on the internet".

The study set out to examine if the Information Technology (Intermediaries Guidelines) Rules 2011, notified in April 2011, could create a gagging effect on websites that provide a platform for user-generated content in the form of opinion and comments. Websites such as Facebook, Yahoo, YouTube and Twitter fall under this category. The study was commissioned by the Centre for Internet and Society, which was invited to comment on the department of information technology when it framed the seminal Information Technology Act 2000.

The study author set out to test the process of 'takedown' (requesting an internet entity to remove material that can be interpreted as 'hateful', 'disparaging', 'defamatory', etc) by notifying seven separate internet entities of content linked to their websites or hosted by them that could, in very loose terms, be deemed offensive. The entities are not named in the study.

This first-of-a-kind experiment included actions such as sending search engines a takedown notice alerting it to results on searching the keywords 'online gambling' and alerting a news website about comments on a news story related to the Telangana dispute.

In six of the seven cases, the intermediaries and hosts - technical terms for websites that host content - acted promptly to not only remove the 'offensive' content without due processes of investigation but in some cases went beyond their brief to remove all content connected with the one mentioned in the takedown notice.

For instance, a news website that was sent a takedown notice about a well-argued and non-abusive comment to an article on the Telangana issue took down not just that comment, but all 15 comments published below the article In the case of the results of a search for 'online gambling', despite the fact that intermediaries are exempted from being implicated in such cases, one search engine notified took down not just the three links mentioned in the notice but another 25 sub-domains as well, "presumably to avoid legal risk and to err on the side of caution," the CIS report says.

"Our criticism is of the policy and not of the websites and Internet entities that are forced to err on the side of caution when faced by such notices," says Sunil Abraham, executive director, Centre for Internet and Society. "We are aware that they do not always have the legal and manpower resources necessary to monitor the enormous volumes of content they host." These companies often overstep their brief in order to avoid legal hassles resulting from what Abraham calls "unconstitutional limits on free speech".

The original story was published by the Times of India on 9 December 2011. Sunil Abraham was quoted in it. Read the story on Times of India here

For more details visit https://cis-india.org/online-gag

GoldenEye ransomware attack hit operations at Pipavav Port, JNPT

praskrishna — 2017-07-06T22:53:13Z

Shipping ministry says the GoldenEye ransomware attack at JNPT and Pipavav port may result in bunching of inbound and outbound cargo.

The article by Jyotika Sood and Utpal Bhaskar was published in Livemint on June 28, 2017. Pranesh Prakash was quoted.

Operations at one of three terminals at India’s largest container port, Jawaharlal Nehru Port Trust (JNPT) run by AP Moller-Maersk, near Mumbai, were disrupted by a global ransomware attack, the port said on Wednesday. The version that caused the disruption has been dubbed GoldenEye by security firm Bitdefender Labs.

Operations at the Danish firm’s terminal at Gujarat Pipavav Port were also affected, but by the Petya variant of the ransomware.

Ransomware typically logs users out of their own systems and asks them to pay a ransom if they want to access the encrypted data.

“The central server is in Europe which we can’t control. It is not a problem aimed at India... we have become collateral damage,” said a senior Indian government official involved in cybersecurity operations.

The ransomware hit the integrated transport and logistics firm’s global operations on Tuesday across its 75 terminals. It also impacted Chernobyl’s radiation monitoring system, law firm DLA Piper, pharma firm Merck, a number of banks, an airport, the Kiev metro, British advertising giant WPP and Russian oil firm Rosneft, according to Bitdefender Labs.

“The IT (information technology) department of JNPT became aware of the attack at around 4.30pm on Tuesday. The Windows server started conking off and the master file got encrypted and we couldn’t access any data. The operations immediately came to a standstill,” said a JNPT official requesting anonymity.

AP Moller-Maersk operates the Gateway Terminals India (GTI) at JNPT which has a capacity to handle 1.8 million standard container units. JNPT, which ships more than half the containerized cargo passing through India’s ports, serves a vast hinterland comprising all of northern and western India.

“While DP World and JNPT terminals are operational, the Gateway Terminals India operated by APM is completely shut,” said the JNPT official.

This is the second major ransomware attack since May after hackers exploited a loophole that was first identified by the US National Security Agency, to create WannaCry, that affected several businesses in more than 150 countries including India.

The ministry of corporate affairs and the Andhra Pradesh Police were affected, besides several large organizations..

“While the terminal operator is taking steps to address the issues disrupting operations, it is anticipated that there could be bunching of in-bound and out-bound container cargo,” India’s shipping ministry said in a statement.

Maersk group, through its terminal and infrastructure business, has invested $800 million in India.

“The global attack has impacted APM terminal of the JNPT port. The operations at the terminal have slowed down and are being entered manually. We are trying to handle the crisis by diverting traffic to other terminals,” JNPT chairman Anil Diggikar said, adding that JNPT’s operations have not been affected to a great extent.

He said it would take around 24 hours to clear the backlog.

Gujarat Pipavav Port told stock exchanges that the ransomware did not have “any major impact on the company at this point in time”.

Concerns have been expressed about the safety of India’s infrastructure projects with power generation and transmission projects figuring high on terrorist threat lists.

Ravi Shankar Prasad, minister of electronics and information technology, on Wednesday said advisories have been issued and the government is keeping a close watch on developments.

The Indian Computer Emergency Response Team (CERT-In), the agency coordinating efforts on cybersecurity issues, in a 27 June advisory warned, “It has been reported that variants of Petya ransomware with work-like capabilities are spreading.”

Such attacks pose a grave threat to the economy and businesses. Cybersecurity Ventures predicts global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion by 2021.

Experts believe India is ill-equipped to face such attacks.

“These cases of malware attacks highlight the need for proper planning of cybersecurity at all levels, especially for the government infrastructure networks,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bengaluru-based think tank.

“Transportation and shipping companies are ill-prepared for cyberattacks,” added Amit Jaju, executive director, fraud investigation and dispute services, EY.

The emergency playing out at the ports assumes significance, given India’s Rs8 trillion investment plan until 2035 under the Sagarmala programme, which involves the construction of new ports to harness the country’s 7,517km coastline and setting up of as many as 142 cargo terminals at major ports.

“Indian companies lose approximately Rs40,000 crore due to cybercrime every year. India is among the top 5 countries today in terms of the frequency and the number of cyber attacks,” Jaju said.

“We are not prepared at all. This is a question of cyber literacy because the latest attack has reused the same Windows vulnerability that was exploited by WannaCry ransomware last month and for which security patches were released almost three months ago by Microsoft,” added cybersecurity expert Mohit Kumar.

Anirudh Laskar, Mayank Aggarwal, Shally Seth & Komal Gupta contributed to the story.

For more details visit https://cis-india.org/internet-governance/news/livemint-june-28-2017-jyotika-sood-utpal-bhaskar-golden-eye-ransomware-attack-hit-operations-at-pipavav-port-jnpt

Second India China Think-Tank Forum

praskrishna — 2017-07-07T02:43:09Z

The second India-China Think-Tank Forum was held in Beijing from June 22 to 27, 2017. The Forum was jointly organized by the Institute of Chinese Studies, the Indian Council of World Affairs, and the Chinese Academy of Social Sciences. Saikat Dutta represented an Indian think tank.

The Forum was set up following an MoU between India and China during the visit of Prime Minister Narendra Modi in 2015. The idea of the forum is to explore contentious issues and new areas of cooperation between India and China as a Track 1.5 dialogue. Read More

Click here for the report

Click to read Saikat Dutta's presentation

For more details visit https://cis-india.org/internet-governance/news/second-india-china-think-tank-forum

Freedom of Expression on the Internet : Possibilities and Challenges

praskrishna — 2017-07-09T02:30:32Z

Sharat Chandra Ram was a speaker at an international seminar organized by Bolivar Technological University, Cartagena in Colombia on June 29, 2017. The theme of the seminar was ‘Freedom of Expression on the Internet : Possibilities and Challenges”.

For more info on the event, click here

For more details visit https://cis-india.org/internet-governance/news/freedom-of-expression-on-the-internet-possibilities-and-challenges

Act now to protect yourself against future ransomware attacks

praskrishna — 2017-07-10T14:46:14Z

There was Wannacry, then Petya, and several other lesser-known ones: With ransomware attacks coming thick and fast, get proactive about protecting yourself.

The article by Sanjay Kumar Singh was published by Business Standard on July 5, 2017.

The Wannacry ransomware attack in May was followed by the Petya attack last week. This attack affected the Ukrainian government and large corporates like Maersk and Merck. In India it affected the operations of terminals at Jawaharlal Nehru Port Trust (JNPT), operated by Maersk. According to Kaspersky Lab, the rate of ransomware attacks on businesses grew from one every 120 seconds in January 2016 to one every 40 seconds by October that year. The rate of attack on individuals' computers rose from one every 20 seconds to one every 10 seconds over this period. Today, it has become imperative for everyone, including entrepreneurs and small business owners, to learn how to defend themselves against such attacks.

A trend witnessed in 2016 was the growth of ransomware-as-a-service business model. "Code creators offer their malicious product on demand, selling uniquely modified versions to criminals who then distribute it through spam and websites, paying a commission to the creator," says Altaf Halde, managing director, Kaspersky Lab (South Asia). He adds that the growth of cashless payments in India will undoubtedly attract the attention of cyber criminals and lead to more attacks in future.

Next, let us turn to how ransomware works. An operating system (OS) is a large and complicated piece of software with millions of lines of software code. A malware exploits vulnerabilities within the OS to infiltrate it. An infiltration can happen in multiple ways: if you download a malicious email attachment, visit a code-carrying web site, via an infected pen drive, and so on.

Ransomware is a form of malware that encrypts the files in a critical part of the computer, such as My Documents or Desktop, where people usually store their files. It could also encrypt specific file types, say, such .doc files. The user is then informed that his files have been encrypted along with the warning that unless he pays up within the next few hours his files will be deleted. Says Udbhav Tiwari, policy officer at the Centre for Internet and Society, Bengaluru: "You first have to first pay the attackers using anonymous money like bitcoins and then they give you the key for decrypting your files."

A ransomware attack can be dealt with in two ways: either pay the money and get the files unlocked, or find a way to circumvent the encryption. The latter option can, however, take a fair bit of time.

Safeguard measure you should adopt
Back up important files regularly. Check periodically that these files have not got damaged Enable ‘Show file extensions’ option in Windows settings. Stay away from extensions like “exe”, “vbs” and “scr”. Many familiar file types can be dangerous as scammers use multiple extensions (like hot-chics.avi.exe or doc.scr) If you discover an unknown process on your machine, cut off the Internet connection immediately If you have been infected, find the name of the ransomware. If it's an older version, your files can be restored. For restoration tools visit https://www.nomoreransom.org/

Among the safeguard measures you should adopt, first and foremost, never open a suspicious file. By being vigilant you can avoid a lot of ransomware attacks.

Most malware exploit vulnerabilities within the OS. "These vulnerabilities are frequently patched by the creators of the OS. But if people use pirated OS, or don't upgrade it regularly, they could land in trouble," says Tiwari. Soon after the Wannacry attack, Microsoft had issued a patch. People who updated their computers immediately didn't get affected by it. Also, use the latest version of an OS.

Use a quality antivirus (AV) solution, which is usually one you have to pay for. A high-quality AV can even protect you against vulnerabilities not patched by the OS manufacturer. AVs scan files. If they detect patterns indicating the presence of malware, they lock them apart from the rest of the computer, thereby preventing them from spreading.

One option is to use an OS that is less vulnerable, like Mac and Linux. Fewer malware are designed for these OS as fewer people use them.

Finally, if your files do get encrypted, don’t pay the ransom, unless instant access to those files is critical. "Each payment only fuels this unlawful business," says Halde.

For more details visit https://cis-india.org/internet-governance/news/business-standard-july-5-2017-sanjay-kumar-singh-act-now-to-protect-yourself-against-future-ransomware-attacks

Reliance Jio data leaked on website : report

praskrishna — 2017-07-10T14:53:42Z

Reliance Jio customer data was leaked on independent website magicapk.com, including details such as names, mobile numbers and email IDs , said a report.

The article was published by Livemint on July 10, 2017.

Reliance Jio Infocomm Ltd’s customer data was allegedly leaked on an independent website, magicapk.com, a report said. Jio, which crossed the 100 million mark in February, barely six months after it was launched, ended the financial year with 108.9 million subscribers as of 31 March.

The report, published first in a late-night article on Sunday on Fonearena.com, alleged that “several sensitive details” were exposed, including customers’ first and last names, mobile numbers, email IDs, circles, SIM activation dates and even the Aadhaar numbers. The Aadhaar numbers, however, were redacted on magicapk.

“To my disbelief I found my own details in the database and also couple of my colleagues are affected too,” wrote Varun Krish, the author of the article. However, if you now click on Magicapk.com, it reads: “This Account has been suspended .” The Registrar of the site, according to the whois database, is Godaddy.com, LLC.

When contacted, a Reliance Jio spokesperson said, “We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.”

Fonearena.com, on its site, has responded with a: “We still stand by our story.”

The report assumes significance because the site exposed redacted Aadhaar card details. There are nearly 1.2 billion Aadhaar number holders in the country. Aadhaar aims to plug leakages in the delivery of state benefits, such as subsidized grains to the poor, and aid in generating a savings of about Rs70,000 crore a year for the government. But data breaches have rattled citizens, especially since India does not have a Privacy Act.

In March, the Unique Identification Authority of India (UIDAI) blacklisted a common services centre for 10 years after it shared the Aadhaar details of former cricket captain Mahendra Singh Dhoni. On 25 April, Mint reported that many government departments, including the ministry of drinking water and sanitation, the Jharkhand Directorate of Social Security, and the Kerala government’s pension department, had published Aadhaar numbers of beneficiaries of the schemes they run in violation of the Aadhaar Act .

On 1 May, Bengaluru-based think tank Centre for Internet and Society (CIS) reported that a Central government ministry and a state government may have made public up to 135 million Aadhaar numbers .

Under the Aadhaar (Targeted Delivery of Financial Subsidies, Benefits and Services) Act, 2016, the unique identity number is mandatory only to receive social welfare benefits. However, tagging of the Aadhaar number is being made mandatory by the government for various schemes including PAN (permanent account number) accounts for taxation. On 7 July, the Supreme Court refused to pass any interim order against the mandatory use of Aadhaar for various government schemes. It, instead, suggested that petitioners call for immediate formation of a Constitution bench to decide on the case .

News of the alleged data leak also comes at a time when there have been a spate of cyber hacks.

For instance, just when companies started believing that WannaCry—the malware that held over 200,000 individuals across 10,000 organizations in nearly 100 countries to ransom—was on the wane, a virus christened GoldenEye (a variant of the Petya ransomware) by security firm Bitdefender Labs attacked companies, mostly in Ukraine. And while the target primarily appeared to be European countries, the ransomware was also reported to be making inroads in countries like India.

For more details visit https://cis-india.org/internet-governance/news/livemint-july-10-2017-reliance-jio-data-leaked-on-website-report

Social Activist Alleges Threat By Police Officer Over Possession of Aadhaar

Admin — 2017-07-20T14:31:12Z

Social activist Shabnam Hashmi recorded a policeman telling her those without address proof and Aadhaar could be “eliminated”.

The article by Gaurav Vivek Bhatnagar was published in the Wire on July 16, 2017. Pranesh Prakash was quoted.

Well-known social activist Shabnam Hashmi held a press conference to say she was threatened on the telephone by a police officer at the Lajpat Nagar police station warning her that the government had launched a ‘surround and eliminate’ campaign against people whose addresses are not known and who do not possess Aadhaar numbers or cards. This is now a standing instruction to all police stations, Hashmi was told. Moreover, the officer – accused of threatening and abusing Hashmi when she called him on the night of July 14 to know why the husband of a woman, who learns stitching at a training centre run by the NGO Pehchan at Jaitpur in south-east Delhi, had been summoned at a late hour – insisted that police personnel were well within their rights to act in this way.

The police may brush aside this assertion as the concerned officer’s personal opinion, or they may deny the veracity of the conversation, which Hashmi recorded and shared with the media; but she and other anti-Aadhaar activists say the interaction raises questions about the consequences – intended or unintended – of the Centre’s stress on making Aadhaar mandatory for the personal liberty and civil rights of ordinary residents.

Many Aadhaar critics have, in the past, expressed the fear that the irresponsible use or misuse of Aadhaar could lead to India becoming a ‘surveillance state’ or ‘police state’ by placing enormous discretionary powers in the hands of unscrupulous state officials.

Petitioners in SC had cautioned against misuse of Aadhaar

Earlier this year, Communist Party of India leader Binoy Viswam had filed a petition in the Supreme Court questioning the introduction of Section 139 AA of the IT Act to link Aadhaar cards with PAN cards. Subsequently, in an interview in April this year, he had noted that “the citizens are becoming instruments in the hands of the state” as “by taking fingerprints, iris scans and other details of the citizens of the country, the state is becoming the custodian of its people.” He had also expressed the fear that “the state can use this data according to its whims and fancies”.

Viswam could not have been more correct. Much before the use of data, “elements” of the state have started using the ruse of creation of data itself as a convenient tool to threaten and intimidate people and this is precisely what happened in the case of Hashmi.

Recalling the incident, Hashmi, who is the founding trustee of Pehchan, said the NGO runs a small centre in Jaitpur extension where it teaches school dropouts to appear for class 10 and 12 examinations and also runs sewing classes for women.

Hashmi said that at around 9 pm on July 14, Haseen, the husband of Mubina, one of the trainees, was summoned by a sub-inspector to the Lajpat Nagar police station regarding a complaint. When Hashmi called up the police station to find out what the summons was about, the policeman allegedly “hurled abuses”, and used “highly derogatory and uncivilised language” during the conversation.

Though Hashmi did not have a recorder in her phone at the time of the first call, she subsequently downloaded one and later recorded her conversation with the same officer.

In this conversation, the policeman is heard reasoning with Hashmi that he had not summoned Haseen at a late hour. He claimed that he used harsh language in the first conversation since she had not identified herself and had only proclaimed herself to be a social worker. It also comes across in the conversation that Hashmi had told the man in the earlier conversation that he was drunk while being on duty and that this had irked him. It emerged that the cop had got an inkling that she was recording the later conversation, because of which he apparently mellowed down.

The issue assumes significance as after declaring twice in the past that Aadhaar cannot be made mandatory for delivering services, the Supreme Court had recently upheld the validity of an Income Tax law amendment linking PAN with Aadhaar for filing tax returns.

Former Attorney General Mukul Rohatgi had argued that the government was “entitled to have identification” and that “as constituents of society people can’t claim immunity from identification.” Rohatgi had insisted that “no right is absolute, right to body is not absolute. Under extreme cases even right to life can be taken away, under due process.”

Experts have often cautioned against Aadhaar misuse

According to legal experts, the illegalities related to Aadhaar do not just end with such arguments. Writing for The Wire, Prashant Reddy T., a research associate at the School of Law, Singapore Management University, had noted that in the past couple of months the “Modi government has increasingly used its rule-making powers under various laws in a manner which is contrary to the law of the land.” He was referring to the Centre’s announcement to mandatorily link Aadhaar numbers to all non-small bank accounts, failing which, access to the bank accounts would be disabled after December 31.

“As is often the case with this government, the question now is whether this new mandatory Aadhaar requirement (and the threatened punishment) is legal,” the expert had asked.

Earlier this year, writing for the Hindustan Times, Pranesh Prakash, policy director at the Centre for Internet and Society, and an affiliated fellow at Yale Law School’s Information Society Project, had referred to the immense potential of Aadhaar for profiling and surveillance. He had called for fundamentally altering Aadhaar, saying that if the rampant misuse of surveillance and wilful ignorance of the law by the state were anything to go by, the future looked bleak.

For more details visit https://cis-india.org/internet-governance/news/the-wire-gaurav-vivek-bhatnagar-july-16-2017-social-activist-alleges-threat-by-police-officer-over-possession-of-aadhaar

Should an Inability to Precisely Define Privacy Render It Untenable as a Right?

amber — 2017-08-04T01:49:56Z

The judges may still be able to articulate the manner in which limits for a right to privacy may be arrived at, without explicitly specifying them.

The article was published in the Wire on August 2, 2017.

Ludwig Wittgenstein wrote in his book, Philosophical Investigations, that things which we expect to be connected by one essential common feature, may be connected by a series of overlapping similarities, where no one feature is common. Instead of having one definition that works as a grand unification theory, concepts often draw from a common pool of characteristics. Drawing from overlapping characteristics that exist between family members, Wittgenstein uses the phrase ‘family resemblances’ to refer to such concepts.

In his book, Understanding Privacy, Daniel Solove makes a case for privacy being a family resemblance concept. Responding to the discontent in conceptualising privacy, Solove attempted to ground privacy not in a tightly defined idea, but around a web of diverse yet connected ideas. Some of the diverse human experiences that we instinctively associate with privacy are bodily privacy, relationships and family, home and private spaces, sexual identity, personal communications, ability to make decisions without intrusions and sharing of personal data. While these are widely diverse concepts, intrusions upon or interferences with these experiences are all understood as infringements of our privacy.

Other scholars too have recognised this dynamic, evolving and difficult to pinpoint nature of privacy. Robert Post described privacy as a concept “engorged with various and distinct meanings.” Helen Nissenbaum advocates a dynamic idea of privacy to be understood in terms of contextual norms.

The ongoing arguments in the Supreme Court on the existence of a constitutional right to privacy can also be viewed in the context of the idea of privacy as a family resemblance concept. In their arguments, the counsels for the petitioners have tried to make a case for privacy as a multi-dimensional fundamental right. Senior advocate Gopal Subramanium argued before the court that privacy inheres in the concept of liberty and dignity under Constitution of India, and is presupposed by various other rights such as freedom of speech, good conscience, and freedom to practice religion. He further goes on say that there are four aspects to privacy – spatial, decisional, informational and the right to develop personality. Shyam Divan, also arguing for the petitioners, further added that privacy includes the right to be left alone, freedom of thought, freedom to dissent, bodily integrity and informational self-determination.

When the chief justice brought up the need to define the extent of the right to privacy, the counsels raised concerns about the right being defined too specifically. This reluctance was borne out of the recognition that by its very nature, the right to privacy is a cluster of rights, with multiple dimensions manifesting themselves in different ways depending on the context. Both advocates, Subramaniam and Arvind Datar, argued that court must not engage in an exercise to definitively catalog all the different aspects of the right, foreclosing the future development of the law on point. This reluctance was also a result of the fact that the court has isolated the question of the existence of the right to privacy and how it may apply in the case of the Aadhaar project. Usually judges are able to ground legal principles in the relevant facts of the case while developing precedents. The referral to this bench is only on the limited question of the existence of a constitutional right to privacy. Therefore, any limits that are articulated by the court on the right exist without the benefit of a context.

On the other hand, the Attorney General (AG) argued that this very aspect of privacy was a rationale for not declaring it a fundamental right. At various points during the arguments, he indicated that the ambiguous and vague nature of the concept of privacy made it unsuitable as a fundamental right. Similarly, Tushar Mehta, arguing for Unique Identification Authority of India, also sought to deny privacy’s existence as a fundamental right as it is too subjective and vague.

The above argument assumes that the inability to precisely define privacy renders its untenable as a right. The key question is whether this lack of a common denominator makes privacy too vague a right, liable to expansive misinterpretations. Conceptions that do not have fixed and sharp boundaries, are not boundless. What it means is that the boundaries can often be fuzzy and in a state of constant evolution, but the limits and boundaries always exist.

At one point during the hearings, Justice Rohinton Nariman wanted the counsels to work on the parameters of challenge for state action with respect to privacy. As mentioned earlier, in the absence of facts to work with, such an exercise is fraught with risks. However, the judges may still be able to articulate the manner in which such limits may be arrived at, without specifying them. Justice Nariman himself later agrees that the judicial examination must proceed on a case by case basis, taking into account not only the tests under Article 14,19 and 21 under which petitioners have tried to locate privacy, but also under any other concurrent rights which may be infringed.

The AG also argued that the infringement of privacy in itself does not amount to a violation of the rights under Article 21, rather in some cases the transgressions on privacy may lead to an infringement of a person’s right to liberty and only in such cases should the fundamental rights be invoked. Thus, the argument made was that there was no need to declare privacy as a fundamental right but only to acknowledge that limiting privacy may sometimes lead to violations of the already existing rights. This argument may have been more cogent had he identified specific dimensions of privacy which, according to him, do not qualify as fundamental rights. However, this might have meant conceding that other dimensions of privacy, in fact do amount to fundamental rights.

It must be remembered that the problem of changing or multiple meanings is not limited to privacy. As the bench noted, drawing comparisons to the concepts of ‘liberty’ and ‘dignity’, these are constitutionally recognised values which equally suffer from a multitude of meanings based on context. The government’s position here is in line with critiques of privacy that Solove seeks to bust in his book. The idea of privacy evolves with time and people. And people, whether from a developed or developing polity, have an instinctive appreciation for it. The absence of a precise definition does not necessarily do great disservice to a concept, especially one that is fundamental to our freedoms.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-august-2-2017-should-an-inability-to-precisely-define-privacy-render-it-untenable-as-a-right

Privacy is not a unidimensional concept

amber — 2017-08-07T08:02:20Z

Right to privacy is important not only for our negotiations with the information age but also to counter the transgressions of a welfare state. A robust right to privacy is essential for all citizens in India to defend their individual autonomy in the face of invasive state actions purportedly for the public good. The ruling of this nine-judge bench will have far-reaching impact on the extent and scope of rights available to us all.

This article, written by Amber Sinha was published in the Economic Times on July 23, 2017.

In a disappointing case of judicial evasion by the apex court, it has taken over 600 days since a reference order passed in August 11, 2015, for this bench to be constituted. Over two days of arguments, the counsels for the petitioners have presented before the court why the right to privacy, despite not finding a mention in the Constitution of India, is a fundamental right essential to a person’s dignity and liberty, and must be read into not one but multiple articles of the Constitution. The government will make its arguments in the coming week.

One must wonder why we are debating the contours of the right to privacy, which 40 years of jurisprudence had lulled us into believing we already had. The answer to that can be found in a series of hearings in the Aadhaar case that began in 2012. Justice KS Puttaswamy, a former Karnataka High Court judge, filed a petition before the Supreme Court, questioning the validity of the Aadhaar project due its lack of legislative basis (since then the Aadhaar Act was passed in 2016) and its transgressions on our fundamental rights. Over time, a number of other petitions also made their way to the apex court, challenging different aspects of the Aadhaar project. Since then, five different interim orders by the Supreme Court have stated that no person should suffer because they do not have an Aadhaar number. Aadhaar, according to the court, could not be made mandatory to avail benefits and services from government schemes. Further, the court has limited the use of Aadhaar to specific schemes: LPG, PDS, MGNREGA, National Social Assistance Programme, the Pradhan Mantri Jan Dhan Yojna and EPFO.

The real spanner in the works in the progress of this case was the stand taken by Mukul Rohatgi, then attorney general of India who, in a hearing before the court in July 2015, stated that there is no constitutionally guaranteed right to privacy. His reliance was on two Supreme Court judgments in MP Sharma v Satish Chandra (1954) and Kharak Singh v State of Uttar Pradesh (1962): both cases, decided by eight- and six-judge benches respectively, denied the existence of a constitutional right to privacy. As the subsequent judgments which upheld the right to privacy were by smaller benches, Rohatgi claimed that MP Sharma and Kharak Singh still prevailed over them, until they were overruled by a larger bench.

The reference to a larger bench has since delayed the entire matter, even as a number of government schemes have made Aadhaar mandatory. This reading of privacy as a unidimensional concept by the courts is, with due respect, erroneous. Privacy, as a concept, includes within its scope, spatial, familial, informational and decisional aspects. We all have a legitimate expectation of privacy in our private spaces, such as our homes, and in our personal relationships. Similarly, we must be able to exercise some control over how personal data, like our financial information, are disseminated. Most importantly, privacy gives us the space to make autonomous choices and decisions without external interference. All these dimensions of privacy must stand as distinct rights. In MP Sharma, the court rejected a certain aspect of the right of privacy by refusing to acknowledge a right against search and seizure. This, in no way prevented the court, even in the form of a smaller bench, from ruling on any other aspects of privacy, including those that are relevant to the Aadhaar case.

The limited referral to this bench means that the court will have to rule on the status of privacy and its possible limitations in isolation, without even going into the details of the Aadhaar case (based on the nature of protection that this bench accords to privacy, the petitioners and defendants in the Aadhaar case will have to argue afresh on whether the project does impede on this most fundamental right). There are no facts of the case to ground the legal principles in, and defining the contours of a right can be a difficult exercise. The court must be wary of how any limits they put on the right may be used in future. Equally, it is important to articulate that any limitations on the right to privacy due to competing interests such as national security and public interest must be imposed only when necessary and always be proportionate.

It will not be enough for the court to merely state that we have a constitutional right to privacy. They would be well advised to cut through the muddle of existing privacy jurisprudence, and unequivocally establish the various facets of the right. Without that, we may not be able to withstand the modern dangers of surveillance, denial of bodily integrity and self-determination through forcible collection of information. The nine judges, in their collective wisdom, must not only ensure that we have a right to privacy, but also clearly articulate a robust reading of this right capable of withstanding the growing interferences with our autonomy.

For more details visit https://cis-india.org/internet-governance/privacy-is-not-a-unidimensional-concept

The rise of India’s typography community

Admin — 2017-08-07T15:17:25Z

Meet India’s typography community, as they adapt regional language scripts for the digital age and take their passion mainstream.

Seven hundred and eighty languages and 400 scripts: that’s the number the People’s Linguistic Survey of India identified in 2013. Of these, how many scripts do we see daily? Giving text a unique ‘voice’ are typefaces and fonts, created by type designers across the world. It’s safe to say that India is a prime player in this market because of the sheer number of languages we have. Satya Rajpurohit, founder of Ahmedabad-based Indian Type Foundry (ITF), knows this all too well. His family of fonts, called Kohinoor, is what your Apple device is probably displaying every time you look at regional text.

Innovate and experiment

“Designing Indic fonts is tricky; languages that have nothing in common script-wise — like Hindi and Gujarati — should complement each other,” he explains. After getting a global brand to license ITF’s fonts (his other clients include Google, Samsung and Sony), he invested $3 million of his own money in creating fontstore.com, India’s first subscription-based model. Launched early July, he says, “It works like Netflix for fonts: pay a monthly commitment of around $15 and use as many as you need. Within the first month, we’ve had 300 subscribers.” It took 35 designers working for two years to design the commissioned fonts that are available exclusively on the site; more will be added periodically to expand the library.

This propensity to innovate is not uncommon among the Indian type community. Shiva Nallaperumal from Chennai was on the Forbes 30 Under 30 list this year, for being the youngest Indian recipient, at 24, of the SOTA (Society of Typographic Aficionados) Catalyst Award. A graduate of Maryland Institute College of Art, USA, he recently launched Calcula, his latest experimental typeface, in collaboration with a Dutch type foundry, Typotheque. “It also involved coding (done by a partner), as it engineers itself while you type to fit into the letters on either side. It was just a project in pushing boundaries; now, the market will have to find uses for it,” he shares.

Going public

Today, the interest in Indic types is on the rise, thanks to this emerging community of designers. Public demonstrations are also fuelling curiosity. “In Delhi, we organise Typerventions, where we meet common people in a public space and make font installations,” says designer Pooja Saxena, who created a Santhali font. These interventions include writing words with pieces of watermelon and stencilling the word “petrichor” on the road in water and watching it evaporate in the Delhi heat. “There are also typography boot camps and workshops in March, around World Typography Day,” she says, which are surprisingly well-attended.

In Mumbai, type design studio Mota Italic, run by Rob Keller and Kimya Gandhi, organises Typostammtisch (pronounced too-poe-shtaam-tish) events — there’s one happening today at 5 pm at the Doolally Taproom in Colaba. Groups of at least 30 people come together for each meet, invariably held at a pub and featuring lively show-and-tell presentations and games using regional script. “This week, we’ve planned a Type Tour of India,” says Keller.

Latin vs Indic

Regional languages in India were first set to type by the British, which resulted in some bastardisation of the script. Nallaperumal explains, “South Indian scripts are written with a scribe, so it is a single line with no contrast. Devanagiri is more calligraphic because of the pens they are written with. The person who made the first Tamil fonts did not get that. He applied the calligraphic logic to our languages, resulting in varying thickness in each character, which actually does not exist.” But it’s too late to go back to the original, as people wouldn’t be able to recognise it, feel the designers. “We need to improve what people are comfortable with right now. Designing one Indian typeface is more difficult than Latin. With English, you’re done with 26 letters; Indian languages have around 800 characters each, most of which are complicated,” says Rajpurohit.

Regional type was also constrained by the cost of the technology involved, and restricted to the machines that were used to develop them. Aurobind Patel, design consultant for leading Indian and UK newspapers, says, “Font development is now much more accessible, and thanks to smartphones, there’s a need for type that translates the same way across devices. Google has pumped in enormous amounts of money to create fonts, even in dying languages that literally have a handful of readers to ensure that any search that pops up on their engine looks authentic.” However, the challenge in creating typefaces for uncommon Indic languages is immense. Saxena knows the difficulties all too well, as she worked for two and a half years to design the Santhali font, commissioned by The Centre for Internet and Society (they were creating a Wikipedia site in the language). “It needed a lot of hands-on research, looking at old printing materials, talking to readers and writers, getting their feedback on how it should look,” she says.

On the web

The growth of Indic is, unsurprisingly, coming at a most opportune time. While a 1997 study by Babel, a joint initiative of the Internet Society and Montreal-based Alis Technologies, showed that in the mid 1990s English made up almost 80% of the Internet, today, according to internetworldstats.com, that’s down to 30%. A paper presented at a social media conference in Barcelona in 2011 found that 49% of all tweets were in languages other than English. And, closer home, a NASSCOM-Akmai Technologies report released last August said that by 2020, there will be an estimated 730 million Internet users in India — and of the new users, 75% will access it from rural India, and a similar number will engage using local languages.

Sarang Kulkarni, founder of EkType, a Mumbai-based foundry that focuses on Indian type, explains, “These numbers are attracting international attention: around 25 countries are developing Indian typefaces, including China.”

Looking back

Earlier this year, the story of designer Robert Green and the beautiful Doves Type that he recovered from the bottom of the Thames River was doing the rounds on social media. In 2016, designer Steve Welsh ran a Kickstarter campaign to revive a font called Euclid — it is now called Lustig Elements, after its designer. “Many familiar typefaces in use today are preserved or were revived from earlier eras. Baskerville and Garamond — eighteenth and sixteenth century typefaces, respectively — were revived at the beginning of the 20th century. Then there are updated derivatives of old types, like the ubiquitous Times New Roman, which itself is a hybrid of Robert Granjon’s 16th century designs and (again) Baskerville,” says Green, on what we can learn from older types.

While there is not much revival of fonts happening in India — considering that our history of type goes back a couple of centuries, it’s understandable — typography has made its way into pop culture. At EkType, Kulkarni has worked with Hanif Kureshi, of Kyoorius Designyatra, to digitise hand-painted lettering, thus preserving the typographic practice of street painters around the country. “As technology advances, 3D typefaces can be used online and in word processing software as well,” says Kulkarni.

In the classroom

Education in type design, including at University of Reading’s MA Typeface Design course, is Latin-centric. “We are not taught to design in Indian script. There might be a small workshop, but in formal education we are only taught to design in English,” says Saxena, an MATD graduate.

Vaibhav Singh, another Reading scholar, who has designed fonts for Adobe, agrees. “Young designers require reliable sources of information to inform their practice and those are few and far between,” he says. Stating that historical research is patchy at the moment, he feels postgraduate and doctoral theses coming from design schools are beginning to form a base for future work. “Histories of printing usually steer clear of technology, design, and production – and this is an area where interdisciplinary collaboration will add to our knowledge of India’s typographic history,” he says.

To this end, Singh has started a publishing imprint and a journal called Contextual Alternate, launching next year, to address the lack of scholarly research.

Pop goes the type

Brands like Mumbai-based Kulture Shop have made typography cool; they also function as a collective, with over 40 artists contributing to the designs on six product lines. Co-founder Kunal Anand says, “Typography and words have a way of cutting through the noise. You can show an image that can capture a thousand words but when you say something using typography, the subtleties of a letter can change the word entirely.” He adds that people can link their identity to typography, literally wearing it on their sleeve. Kochi-based Teresa George, who runs ViaKerala and the Malayalam Project, says that when it comes to Kerala, script is enmeshed in the culture. “Type can be an extension of who we are. For the younger generation, it’s a way of connecting to their roots,” she says.

This kind of interest is important, as the type we see around us is ubiquitous, says Mahendra Patel, former principal designer at National Institute of Design, Ahmedabad.

“The simple life is the most difficult life. Within the limitations that older foundries had, they created beautiful types. Now in the digital age, we have a certain sense of responsibility towards these classical and historical fonts, and it’s important to go back and revive them. At the same time, there are plenty of new fonts coming out. For me, both are right. There is enough space for both revival and new approaches.”

Basics of type design

Typeface is a collection of fonts: the former is like an album, the latter, the songs. For example, Helvetica is a typeface and Helvetica Bold is a font.

Fonts are designed based on what they are going to be used for. This includes the spacing between each letter combination, and the height and length of the ascenders and descenders.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-susanna-myrtle-lazarus-august-4-2017-the-rise-of

Who is Following Me: Tracking the Trackers (IGF2012)

praskrishna — 2012-12-07T17:17:32Z

The Internet Society and the Council of Europe are co-organising a workshop at the IGF (Baku - 8 November 2012 - 09:00 - 10:30) regarding online tracking. Malavika Jayaram is a speaker.

Interest in online tracking as a policy issue spiked with the release of the Preliminary Federal Trade Commission Staff Report in December 2010 entitled Protecting Consumer Privacy in an Era of Rapid Change – A Proposed Framework for Businesses and Policymakers calling for a “do not track” mechanism, the launch of the W3C Tracking Protection Workng Group and the recent entry into force of the so-called European “Cookie Directive” provisions. However, the actual and potential observation of individuals’ interactions online has long been a concern for privacy advocates and others.

Much of the policy attention is currently focused on cookies used to track users to build profiles for more targeted advertising, but some of the more difficult issues are:

How to deal with less-observable tracking (e.g. browser and/or device fingerprinting, monitoring of publicly disclosed information)
How to develop laws that accommodate different tracking scenarios – for example:
- different entities (law enforcement, companies, etc.);
- different and sometimes multiple purposes (security, personalising user experience, targeting advertising, malicious activity; etc.);
- first-party and third-party tracking o single site and multiple site tracking
Transparency (particularly on small mobile devices)
Whether a traditional consent model is sufficient and effective

The panel:

Wendy Seltzer, Policy Council, World Wide Web Consortium (W3C)
Kimon Zorbas, Vice President, Interactive Advertising Bureau (IAB) Europe
Cornelia Kutterer, Director of Regulatory Policy, Corporate Affairs, LCA, Microsoft EMEA
Malavika Jayaram, partner at Jayaram & Jayaram, Bangalore
Shaundra Watson, Counsel for international consumer protection, USA Federal Trade Commission
Rob van Eijk, Council of Europe expert, Leiden University (PhD student)

The moderators:

Christine Runnegar, Internet Society
Sophie Kwasny, Council of Europe

The remote moderator:

James Lawson, Council of Europe

This workshop will explore:

Current and emerging trends in online tracking (and their related purposes)
How to give individuals full knowledge of the tracking that occurs when they go online
Mechanisms to give individuals greater control over tracking and data use
The respective roles of all actors (government, law enforcement, Internet intermediaries, businesses, browser vendors, application developers, advertisers, data brokers, users, Internet technical community, etc.)
Whether effective data protection online can be ensured solely by law.
Whether self-regulation and voluntary consensus standards offer better options for tuning privacy choice to the rapidly advancing technology environment.

Please read our background paper and update

For more details visit https://cis-india.org/news/who-is-following-me

Debate on Section 66A rages on

praskrishna — 2012-12-10T09:44:31Z

Last week, a reputed BPO in Chennai took down its Facebook page and introduced stricter moderation for posts on its bulletin board.

Vasudha Venugopal's article was published in the Hindu on December 10, 2012. Pranesh Prakash is quoted.

The measure, an official said, was aimed at avoiding any "callous remark by any employee." "We have discussions on many raging topics here, and we are just making sure the content is clean with no intended defamation."

The need to present only ‘unobjectionable content’ is just one off-shoot of a controversy that has gripped the country after at least five persons were arrested in recent months for posting their views online. But what started as an outcry by a few voices against the IT Act has now turned into a campaign against the constitutional validity of the Act itself. Last week also saw concerted protests to demand the repeal of Section 66A of the IT Act, under which most of the accused were booked. Human chains and protests were conducted in Chennai, Bangalore, Pune, Hyderabad, Guntur, Kakinada, Vijaywada, Visakhapatnam, Pune, Kozhikode and Kannur, among others.

In the past few months, the debate on the use of Section 66A in particular, and the Act in general, has gathered momentum. The arrests of Jadavpur University professor Ambikesh Mahapatra for circulating a cartoon lampooning West Bengal Chief Minister Mamata Banerjee; cartoonist Aseem Trivedi; businessman Ravi Srinivasan for tweets against Union Finance Minister P. Chidambaram’s son Karti Chidambaram; and the two girls in Maharashtra for criticising the bandh after Shiv Sena leader Bal Thackeray’s death have sparked popular anger.

“Public anger and media attention have been so strong that the government has been forced to retreat, which is a good first step,” says Alagunambi Welkin, president of the Free Software Foundation Tamil Nadu, which organised the protests in Chennai. "The next step would be to plug the loopholes in the IT Act. After all, this same government has declared in various international forums that it is all for promoting openness online."

Activists say that along with the increased pressure on the government, collecting information on cases of the misuse of the Act are the tasks that have to be fulfilled immediately. Human rights activist A. Marx, who has filed a public interest litigation petition against Section 66A, says the selective application of the law is very troubling. From a broader perspective though, this is also an issue of global proportions. Recently, a man in the U.K. was jailed for 18 months after he was found guilty of posting abusive messages on an online memorial. In July this year, a young Moroccan was arrested in Casablanca on the charge of posting “insulting caricatures of the Prophet Mohammed on Facebook.”

As recently as Tuesday, a Shenzen resident was arrested for posting a letter online, accusing a senior village official of corruption, and last week, a man in Kent was arrested for posting an image of a burning poppy on a social network site.

However, Pranesh Prakash, policy director, Centre For Internet And Society, Bangalore, notes that the more problematic parts in India’s laws are ones that result from adaptation. India’s own adaptation of the U.K. law, for instance, considerably increases punishment from six months to three years. However, if it is any consolation, there are voices worldwide being raised on this issue. Till last week, Google’s search page had a message: "Love the free and open Internet? Tell the world’s governments to keep it that way," and a link for comments directed to the Dubai conference, which will see a wide-ranging discussions and key decisions on global internet governance.

For more details visit https://cis-india.org/news/the-hindu-sci-tech-internet-december-10-2012-vasudha-venugopal-debate-on-section-66a

New rules leave social media users vulnerable: Experts

Krupa Joseph — 2021-06-14T11:27:53Z

They analyse the implications of the government vs Twitter controversy on individual privacy

The article by Krupa Joseph was published in the Deccan Herald on 10 June 2021. Torsha Sarkar has been quoted.

The government had notified the changes on February 25, and allowed social media companies three months to comply. Twitter and WhatsApp had then separately approached the Delhi High Court against the new regulations, fearing they could compromise user privacy.

On Monday, the court gave Twitter three weeks to file a response to the government’s charge that it had not appointed a grievance officer as claimed.

Vague rules

Karthik Srinivasan, communications consultant, who uses his blog Beast of Traal to comment on social media, says the new rules are “vague and open-ended”.

“Coupled with the fact that we still do not have a data protection law, the rules could be severely misused both by government and private entities,” he says.

Users are particularly vulnerable in a country where anything and everything offends a lot of people, he says.

Law overreach

Torsha Sarkar, researcher with the Centre for Internet and Society, says the rules introduce additional obligations for social media platforms and classify intermediaries.

“Intermediaries with over five million users would have obligations to introduce traceability, instal automated filtering, provide detailed grievance redressal mechanisms, and publish compliance reports detailing action taken on takedown orders,” she says.

While some of these obligations are similar to those laid down internationally, some alterations are causing concern. The traceability requirement, for example, is highly contentious as it would erode user privacy.

“It is also concerning that the user threshold, for a country like India, with such vast Internet usage, is set at a very low level. This means that even smaller social media platforms might becompelled to carry out economically crippling obligations,” she explains.

The legislative overreach is seen in how the initial draft , which only covered entities like Twitter and Facebook, now seeks to cover digital news media and content curators like Netfl ixand Hulu, she says.

Stretching the scope of the legislation this way is undemocratic since it was not subject to any public consultation, she notes.

Case in High Court

Mishi Choudhary, technology lawyer and founder of SFLC.in, a legal services organisation specialising in law, technology and policy, says the IT rules notified by the government are unconstitutional. “In the garb of addressing misinformation and regulating technology companies, the government has been exceeding the powers granted through subordinate legislation and using it for political purposes,” she says. It is on these grounds that the Free and Open Source Software community has challenged the new rules in the Kerala High Court. “Technology companies need regulation but not at the expense of user rights,” she says.

Congress ‘toolkit’ row

A few weeks after social media platforms were asked to take down posts critical of thegovernment’s management of India’s Covid-19 crisis, Twitter once again found itself at thereceiving end. Last week, Twitter labelled a tweet by BJP leader Sambit Patra, accusing theCongress of working with a ‘toolkit, as ‘manipulated media’. Twitter says it gives the label totweets that include media (videos, audio, and images) that are “deceptively altered orfabricated”. The Delhi police then sent a notice to Twitter in connection and asked the micro-blogging site to explain the reasons for assigning the tag. The police also conducted raids onTwitter offices in India. Things escalated when Twitter said the government was intimidating it. The government hit back saying law-making was its privileges, and Twitter, being a social media platform, should not dictate legal policy framework.

New rules

Under the new IT rules, social media companies like Facebook, WhatsApp and Twitter will be responsible for identifying the originator of a flagged message within 36 hours. They also have to appoint a chief compliance officer, a nodal contact person and a resident grievance officer. Failing to comply with these rules would cause the platforms to lose their status as intermediaries, and make them liable for whatever is posted on their platforms.

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-krupa-joseph-june-10-2021-new-rules-leave-social-media-users-vulnerable

The All India Privacy Symposium: Conference Report

natasha — 2012-04-30T05:16:41Z

Privacy India, the Centre for Internet and Society and Society in Action Group, with support from the International Development Research Centre, Privacy International and Commonwealth Human Rights Initiative had organised the All India Privacy Symposium at the India International Centre in New Delhi, on February 4, 2012. Natasha Vaz reports about the event.

The symposium was organized around five thematic panel discussions:
Panel 1: Privacy and Transparency
Panel 2: Privacy and E-Governance Initiatives
Panel 3: Privacy and National Security
Panel 4: Privacy and Banking
Panel 5: Privacy and Health

Introduction

Elonnai Hickok (Policy Advocate, Privacy India) introduced the objectives of Privacy India. The primary objectives were to raise national awareness about privacy, do an in-depth study of privacy in India and provide feedback on the proposed ‘Right to Privacy’ Bill. Privacy India has reviewed case laws, legislations, including the upcoming policy and conducted state-level privacy workshops and consultations across India in Kolkata, Bangalore, Ahmedabad, Guwahati, Chennai, and Mumbai. India like the rest of the world is answering some fundamental questions about the powers of the government and citizen’s rights and complications that arise from emerging technologies. Through our research we have come to understand that privacy varies across cultures and contexts, and there is no one concept of privacy but instead several distinct core notions that serve as complex duties, claims and obligations.

Privacy and Transparency

Panelists: Ponnurangam K, (Assistant Professor, IIIT New Delhi), ), Chitra Ahanthem (Journalist, Imphal), Nikhil Dey (Social & Political Activist), Deepak Maheshwari (Director, Corporate Affairs, Microsoft), Gus Hosein (Executive Director, Privacy International, UK), and Prashant Bhushan, (Senior Advocate, Supreme Court of India).
Moderator: Sunil Abraham (Executive Director, Centre for Internet and Society, Bangalore)
Poster: Srishti Goyal (Law Student, NUJS)

Srishti Goyal provided the general contours, privacy protections, limits to privacy and loopholes of policy relating to transparency and privacy, specifically analyzing the Right to Information Act, Public Interest Disclosures Act, and the Official Secrets Act.

Nikhil Dey commented on the interaction between the right to privacy and the right to information (RTI). He referred to Gopal Gandhi, the former Governor of West Bengal, “we must ensure that tools like the UID must help the citizen watch every move of government; not allow the government watch every move of the citizen.” Currently, the RTI and the UID stand on contrary sides of the information debate. A privacy law could allow for a backdoor to curb RTI. So, utmost care has to be taken while drafting legislation with respect to right to privacy.

Data and information has leaked furiously in India and it has leaked to the powerful. A person who is in a position of power can access private information irrespective of any laws in place to safeguard privacy. It is necessary to look at the power dynamics, which exists in the society before formulating legislation on right to privacy. According to Nikhil Dey, there should be different standards of privacy with respect to public servants. A citizen should be entitled to information related to funds, functions and functionaries. The main problem arises while defining the private space of a public servant or functionaries.

The RTI Act has failed to address the legal protection for the right to privacy. Perhaps, rules regarding privacy can be added to the Act. It can be defined by answering the questions: (i) what is ‘personal information’? (ii) what is it’s relation to public activity or public interest? (iii) what is the unwarranted invasion of the privacy of an individual? and (iv) what is the larger public good? Expanding on these four points can provide greater legal protection for the right to privacy.

Gus Hosein described the intersection and interaction of the right to information and the right to privacy. He referred to a petition filed by Privacy International requesting information on the expenses of members of parliament. Privacy and transparency of the government are compatible in the public interest. Gross abuse of the public funds by MPs was revealed by this particular petition such as pornography or cleaning of moats of MPs homes. Privacy advocates are supporters of RTI, however, it cannot be denied that there is no tension between transparency and privacy. In order chalk out the differences, there is a need of a legal framework. According to Gus Hosein, in many countries the government office that deals with right to information also deals with cases related to right to privacy.

Mumbai and New Delhi police have started using social media very aggressively, encouraging citizens to take photographs of traffic violations and upload them to Facebook or Twitter. In reference to this, Ponnurangam described the perceptions of privacy and if it agreed or conflicted with his research findings. Ponnurangam has empirically explored the awareness and perspective of privacy in India with respect to other countries. He conducted a privacy survey in Hyderabad, Chennai and Mumbai. People are very comfortable in posting pictures of others committing a traffic violation or running a red light. Ironically, many people have posted pictures of police officers committing a traffic violation such as not wearing a helmet or running a red light.

Chitra Ahanthem described the barriers and challenges of using RTI in Manipur. There are more than 40 armed militia groups, which are banned by the central and state government. The central government provides economic packages for the development of the north-east region. However, the state government officials and armed groups pocket the economic packages. These armed groups have imposed a ban on RTI. Furthermore, Manipur is a very small community. If people try and access information through RTI they risk getting threatened by the Panchayat members and being ostracized from the community or their clan.

People are apprehensive about filing RTI because they believe that these procedures are costly and the police and government may also get involved. Officials use the privacy plea to avoid giving out information. Since certain information are private and not in the public domain, government officials, use the defense of privacy to hide information. In addition, the police brutality prevalent in the area deters people to even have interactions with government officials.

According to Deepak Maheshwari, the open data initiative is a subset within the larger context of open information. There is an onus on the government to publish information, which is in the public domain. As a result, one does not necessarily have to go through the entire process of filing an RTI to get information, which is already there in the public domain. Moreover, if it is freely available in public domain, then one can anonymously access such information; this further strengthens the privacy aspects of requesting information and facilitating anonymity with respect to access to such information in the public domain. It has also to be noted that it is not sufficient to put data out in the public domain but it should also disclose the basis of the data for example, if there is representation of a data on a pie chart, the data which was used to arrive at the pie chart should also be available in the public domain. The main intention of releasing data to the public domain or having open data standards should not only be to provide access to such data but also should be in such a fashion so as to enable people to use the data for multiple purposes.

Prashant Bhushan noted that one of the grounds for withholding information in the RTI Act is privacy. An RTI officer can disclose personal information if he feels that larger public interest warrants the disclosure, even if it is personal information, which has no relationship to public activity or interest. This raises the important question, “what constitutes personal information?” He referred to the Radia Tapes controversy. Ratan Tata has filed a petition in the Supreme Court on the grounds that the Nira Radia tapes contained personal information and that the release of these tapes into the public domain violated his privacy. The Centre for Public Interest Litigation has filed a counter petition on the grounds that the nature of the conversations was not personal but in relation to public activity. They were between a lobbyist and bureaucrats, journalists and ministers. Prashant Bhushan stressed the importance of releasing these tapes into the public domain to show glimpses of all kinds of fixing, deal-making and show how the whole ruling establishment functions. It is absurd for Ratan Tata to claim that this is an invasion of privacy. Lastly, he felt when drafting a privacy law, clearly defining and distinguishing personal information and public is extremely important.

One of the interesting comments made during the panel was on the assumption that data is transparent. Transparency can be staged; questions have to be asked around whether the word is itself transparent.

Privacy and E-Governance Initiatives

Panelists: Anant Maringanti, (Independent Social Researcher), Usha Ramanathan, (Advocate & Social Activist), Gus Hosein, (Executive Director, Privacy International, UK), Apar Gupta, (Advocate, Supreme Court of India), and Elida Kristine Undrum Jacobsen (Doctoral Researcher, The Peace Research Institute Oslo).
Moderator: Sudhir Krishnaswamy (Centre for Law and Policy Research)
Poster: Adrija Das (Law Student, NUJS)

Adrija Das discussed the legal provision relating to identity projects and e-governance initiatives in India. The objective of any e-governance project is to increase efficiency and accessibility of public services. However, a major problem that arises is the linkage of the data results in the creation of a central database, accessible by every department of the government. Furthermore, implementing data protection and security standards are very expensive.

Sudhir Krishnaswamy highlighted the default assumptions surrounding e-governance initiatives: e-governance initiatives solve governance problems, increase efficiency, increase transparency and increase accountability. It is important to analyze the problems that arise from e-governance initiatives, such as privacy.

Usha Ramanathan described the increased number and vastness of e-governance initiatives such as UID, NPR, IT Rules and NATGRID. There are also many burdens on privacy that emanate from the introduction and existence of electronic data management systems. Electronic data management systems have allowed state to collect, store and use personal information of individual. Currently, the DNA Profiling Bill is pending before the Parliament. It is important to question the purpose and need for the government to collect such personal information. It is also to be noted that, there are certain laws such as Collection of Statistics Act, 2008 that penalize individuals if they do not comply with the information requests of the government.

Anant Maringanti discussed the limitations of data sharing that once existed. Currently, data can move across space in a very short time. He analyzed the state and market rationalities involved in e-governance initiatives, which raise the question “who can access data and at what price?”. Data may seem to be innocent or neutral, but data in the hands of wrong people becomes very crucial due to abuse and misuse. For example, Andhra Pradesh was praised as the model state for UID implementation. However, during the process of collecting data for UID a company bought personal information and sold the data to third parties.

Apar Gupta discussed the dilemmas of e-governance. Generally information in the form of an electronic record is presumed to be authentic. The data which government collects is most often inaccurate and wrong. So the digital identity of a person can be totally different from the real identity of that particular person. The process for correcting such information is also very inconvenient and sometimes impossible.
Under the evidence law any electronic evidence is presumed to be authentic and admissible as evidence. The Bombay High Court decided a case involving the authenticity of a telephone bill generated by a machine. The judgment said that since it is being generated by a machine, through and automated process, there is no need to challenge the authenticity of the document, it is presumed to true and authentic. The main danger in such case is that one does away with the process of law and attaches certain sanctity to the electronic record and evidence.

It should be also observed that how government maintains secrecy as to the ways in which it collects data. For example, the Election Commission has refused to disclose the functioning and design of electronic voting machines. The reason given for such secrecy is that if such information is put in the public domain then the electronic voting machines will be vulnerable and can be tampered with. But we, who use the voting machines, will never find out its vulnerabilities.

According to Gus Hosein, politicians generally have this wrong notion that technology can solve complex administrative problems. Furthermore, the industry is complicit; they indulge in anti-competitive market practice to sell these technologies as a solution to problems. However, such technology does not solve any problems rather it gives rise to problems.

Huge amount of government funds is associated with collection of personal data but such data is rendered useless or rather misused, because the government does not have clue as to how to use the data for development and security purposes. The UK National Health Records project estimated to cost around twelve to twenty billion pounds. However, a survey carried out by a professor in University College London showed that the hospital and other health institutions do not use the information collected by the National Health Records. Similarly, the UK Identity Card scheme was estimated to cost 1.3 billion pounds and finally it was estimated to cost five billion pounds. The identity cards are rendered obsolete, the sole department interested in the identity card was the Home Office Department, no other department intended on using it.

Technology should be built in such a manner that it empowers the individual. Technology should allow the individual to control his identity and as well as access all kinds of information available to the government and private bodies on that individual.

According to Elida Kristine Undrum Jacobsen, technology is regarded in this linear manner. It is increasingly being naturalized and as an all-encompassing solution. The use of biometric systems in the UID raises three areas of concern: power, value and social relationships.

With regards to power, there is a difference between providing documentation and information for identification. However, problems arise when the mode of identification becomes one’s body. It also leads to absolute reliance on technology, if the machine says that this is an individual’s identity then it is considered to be the absolute truth and it does not matter even if the individual is someone else. It becomes furthermore problematic with biometric system because it is generally used for forensic purposes.

The other component of UID or any national identification scheme is the question of consent and its relationship to privacy. In the case of UID project, people are totally unaware about how their information will be used and what purposes can it be used or misused for. Therefore, there is no informed consent when it comes to collection of biometric data under the UID project.

On the issue of social value it is to be noted that the value of efficiency becomes the most important value, which is valued. Many of the UIDAI documents state that the UID will provide a transactional identity. However, at the same time it takes away societal layers, which is inherently part of one’s identity. In addition, it makes it possible for the identity of a person to become a commodity to be sold. This also means that the personal information has economic value and players in the market such as insurance companies, banks can buy and sell the information.

When there is identification projects using biometrics it gives the State a lot of power; the power to determine and dictate one’s identity irrespective of the difference in real identity. Moreover, when such identifications projects are carried out at a national level it also gives rise to problem related to exclusion and inclusion of people or various purposes. The classification of the society based on various factors becomes easy and there is a huge risk involved with such classification.

The issues, which came out from the Q&A session, were:

The interplay between fairness and lawfulness in the context of privacy and data collection. There has to be a question asked as to why certain information is required by the State and how is it lawful.
In the neo-liberal era corporations are generally considered to be private. This has to be questioned and furthermore the difference between what is private and what is public. There are also concerns about corporations increasingly collaborating with the State. Can it be still considered as private?

Privacy and National Security

Panelists: PK Hormis Tharakan (Former Chief of Research and Analysis Wing, Government of India), Saikat Datta (Journalist), Menaka Guruswamy, (Advocate, Supreme Court, New Delhi), Prasanth Sugathan, (Legal Counsel, Software Freedom Law Center), and Oxblood Ruffin, (Cult of the Dead Cow Security and Publishing Collective).
Moderator: Danish Sheikh (Alternative Law Forum)
Poster: Suchitra Menon (Law Student, NUJS)

Suchitra Menon discussed the legal provisions for national security in relation to privacy. Specifically, she described the guidelines and procedural safeguards with respect to phone tapping and interception of communication decisional jurisprudence.

In the year 2000, the Information Technology Act (IT Act), 2000 was enacted, this Act had under section 69 allowed the State to monitor and intercept information through intermediaries. Prasanth Sugathan described how the government has been trying to bypass the procedural safeguard laid down by the Supreme Court in the PUCL case by using Section 28 of the IT Act, 2000. The provision deals with certifying authority for digital signatures. The certifying authority under the Act also has the authority to investigate offences under the Act. The provision mainly deals with digital signature but it is used by the government to intercept communication without implementing the procedural safeguards laid down for such interception. Furthermore, the IT Rules which was notified by the government in April, 2007 allows the government to intercept any communication with the help of the intermediaries. The 2008 amendment to the IT Act was an after effect of the 26/11 attacks in Mumbai. The legislation has become draconian since then and privacy has been sacrificed to meet the ends of national security.

Oxblood Ruffin read out his speech and the same is reproduced below.

“The online citizenry of any country is part of its national security infrastructure. And the extent to which individual privacy rights are protected will determine whether democracy continues to succeed, or inches towards tyranny. The challenge then is to balance the legitimate needs of the state to secure its sovereignty with protecting its most valuable asset: The citizen.

It has become trite to say that 9/11 changed everything. Yet it is as true for the West as it is for the global South. 9/11 kick started the downward spiral of individual privacy rights across the entire internet. It also ushered in a false dichotomy of choice, that in choosing between security and privacy, it was privacy that had adapted to the new realities, or so we’ve been told.

Let’s examine some of the fallacies of this argument.

The false equation which many argue is that we must give up privacy to ensure security. But no one argues the opposite. We needn’t balance the costs of surveillance over privacy, because rarely banning a security measure protects privacy. Rather, protecting privacy typically means that government surveillance must be subjected to judicial oversight and justification of the need to surveillance. In most cases privacy protection will not diminish the state’s effectiveness to secure itself.

The deference argument is that security advocates insist that the courts should defer to elected officials when evaluating security measures. But when the judiciary weighs privacy against surveillance, privacy almost always loses. Unless the security measures are explored for efficacy they will win every time, especially when the word terrorism is invoked. The courts must take on a more active role to balance the interests of the state and its citizens.

For the war time argument security proponents argue that the war on terror requires greater security and less privacy. But this argument is backwards. During times of crisis the temptation is to make unnecessary sacrifices in the name of security. In the United States, for example, we saw that Japanese-American internment and the McCarthy-era witch-hunt for communists was in vain. The greatest challenge for safeguarding privacy comes during times when we are least inclined to protect it. We must be willing to be coldly rational and not emotional during such times.

We are often told that if you have nothing to hide, you have nothing to fear. This is the most pervasive argument the average person hears. But isn’t privacy a little like being naked? We might not be ashamed of our bodies but we don’t walk around naked. Being online isn’t so different. Our virtual selves should be as covered as our real selves. It’s a form of personal sovereignty. Being seen should require our consent, just as in the real world. The state has no business taking up the role of Peeping Tom.

I firmly believe that the state has a right and a duty to secure itself. And I equally believe that its citizens are entitled to those same rights. Citizens are part of the national security infrastructure. They conduct business; they share information; they are the benefactors of democratic values. Privacy rights are what, amongst others, separate us from the rule of tyrants. To protect them is to protect and preserve democracy. It is a fight worth dying for, as so many have done before us.

PK Hormis Tharakan discussed the importance of interception communication in intelligence gathering. In the western liberal democracies, restrictions of privacy were introduced for the anti-terrorism campaigns and these measures are far restrictive than what the Indian legislations contemplate. Preventive intelligence is a major component in maintenance of national security and this intelligence is generated and can be procured through interception.

We do need laws to make sure that the power of interception is not excessive or out of proportion. But the graver issue is that the equipment used for interception of communication is freely available in the market at a cheap price. This allows private citizens also to snoop into others conversation. So, interception by civilians should be the main concern.

Menaka Guruswamy discussed the lack of regulation of Indian intelligence agencies that creates burdens on privacy. When there is a conflict between individual privacy and national security, the court will always rule in favour of the national security. Public interest always takes precedence over individual interest.

When there is a claim right to privacy vis-à-vis national security, generally these claims are characterized by dissent, chilling effects on freedom of expression and government accountability. In India, privacy is fragile and relatively a less justifiable right. Another challenge to privacy is that, when communication is intercepted, which part of the conversation can be considered to be private and which part cannot be considered so.

Saikat Datta described his experience of being under illegal surveillance by an unauthorized intelligence agency. When a person is under surveillance, he or she is already considered to be suspect. If the State commits any mistake as to surveillance, carrying surveillance, who is not at all a person of interest in such case upon discovery, there is no penalty for such discrepancy.
He warned of the dangers of excessive wiretapping, a practice that currently generates such a “mountain” of information that anything with real intelligence value tends to be ignored until it is too late, as happened with the Mumbai bombings in 2008. It is clear that the Indian government’s surveillance and interception programmes far exceed what is necessary for legitimate law enforcement.

The issues, which came during the Q&A session was:

In case of national security vis-à-vis privacy in heavily militarized zone, legislations such as Armed Forces Special Powers Act actually give authority to the army to search and seizure on mere suspicion? This amounts gross violation of privacy.

Privacy and Banking

Panelists: M R Umarji, (Chief Legal Advisor, Indian Banks Associations), N A Vijayashankar, (Cyber Law Expert), Malavika Jayaram, (Advocate, Bangalore)
Moderator: Prashant Iyengar (Associate Professor, Jindal Law University)
Poster: Malavika Chandu (Law Student, NUJS)

Prashant Iyengar highlighted how privacy has been a central feature in banking and finance. Even before the notion of privacy came into existence, banks had developed an evolved notion of secrecy and confidentiality, which was fairly robust. Every legislation dealing with banking and finance generally have a clause related to privacy and confidentiality. It might seem that it would be easy to implement privacy in banking and finance given the long relationship between banking and secrecy and confidentiality. However, this is not the case in the contemporary times. Specifically, with the growth in issues related to national security, transparency and technology, the highly regarded notion of privacy seems to be slowly depleting.

Malavika Chandu described the data protection standards that govern the banking industry. As part of the know-you-customer guidelines, banks are required to provide the Reserve Bank with customer profiles and other identification information. Lastly, she described case laws in relation to privacy with respect to financial records.

N A Vijayashankar noted that the confidentiality and secrecy practices in the banking sector emanate from the banker-customer relationship. In the present context, secrecy and privacy maintained by the banks should be analyzed from the perspective of the right of the customer to safeguard his or her information from any third party. Generally, banks and other financial institutions protect personal information as a fraud control measure and not as duty to protect the privacy of a customer.

There has been a paradigm shift in banking practices from traditional banking practices to more efficient but less secure banking practice. Some of the terms and conditions of internet banking are illegal and do not stand the test of law. In contemporary times, banking institutions use confidentiality to cover up problems and data breach rather than protecting the customer. But the banks are not ready to disclose data breach as it apprehends that it will result in public losing faith in the system. The Reserve Bank of India, has recently notified that protection which is provided to the customers in banking services should also be extended to e-banking services. However, the banks have not properly implemented this.

M R Umarji highlighted fourteen laws related to banking which carries confidentiality clauses. In India, public sector banks dominate the market. These banks are created under a statute and such statute governs them. Therefore, they are duty bound to maintain secrecy and confidentiality. Private banks and cooperative banks are not bound by any statute. They do not have any obligations to maintain secrecy, but they do strictly observe confidentiality as a form of banking practice.

Banks are not allowed to reveal any personal information of an individual unless it is sought by some authority that has a legitimate right to claim such information. There has been a constant erosion of confidentiality due to various laws which empowers authorities to seek confidential information from the banks. Recently, in the light of the growing national security concerns, banks also have an obligation to report suspicious transactions. These have caused heavy burdens on right to privacy of an individual.

Under the Right to Information Act, 2005 public sector banks are considered to be public authorities. By the virtue of the Statute, any person can access information from banks. For example, in a recent case an information officer directed Reserve Bank of India, to disclose Inspection Reports. These reports generally contain information regarding doubtful accounts, non-performing account, etc. There is a need that banks should be exempted from the Right to Information Act, 2005. Since they are not dealing with public funds there is no need to apply transparency law to the banks.

Malavika Jayaram described the major conflicts and tensions with respect to privacy vis-à-vis banking and financial systems and financial data. Other privacy and transparency issues include: the publication of online tax information and income data.

Surveillance is built in the design of banking system, so it is capable of tracking personal information and activity. There is a need to implement more privacy friendly and privacy by design systems in the banking sector. Customers are generally ignorant about privacy policies and this influences informed consent and furthermore marketing institution may influence customers to behave in a particular manner. In this context privacy by design becomes very important.

Data minimization principles should be applied; since the more data collected the more there is a risk of data breach and misuse. In case of data retention it is necessary that person giving such data should know how much proportion of the data is being retained and for how long it is stored and also what is the scope of the data and for what purpose will it be used.

Personal information and data, which was previously collected by the government, are gradually being outsourced to private bodies. On one hand it is a good thing that private sector get their technology and security measures right as compared to the government agencies but it comes with the risk that it can be sold out by private bodies as commodities in the market. Private bodies that are harvesting the data can also be forced by the government to disclose it under a particular law or statute without taking into consideration the consent of the individual whose personal information is sought for.

There is multiplicity of documentation for identification, which makes transactions less efficient. This has attracted customers to more convenient systems such as one-access point systems, but people tend to forget the issues related to privacy, in using such a system. What is portrayed as efficient for the consumer is a tool for social control and who has access and authority to use such information.

Often the reason given for collecting information is that it will help the service provider to combat fraud. However, studies have shown people more often fake situation rather than identity. The other concerns are that of sharing of information and lack of choice with respect to such sharing. There should be check as to sharing of personal information as the data belongs to the individual and not the bank or any other institution which requires furnishing personal information in lieu of services. This gives rise to a binary choice to the user; either the individual has to provide information to avail the service or else one cannot avail the services.

There is supposed to be market for privacy. The notion of personal information is subjective and varies from person to person. For example, one might be comfortable to share certain information. However, others might not be.

The issues that came out of the Q&A sessions are:

The default settings are generally put at the low protection settings. Unless the user is aware of the privacy protection setting, he or she is prone to breach of privacy. Should the default privacy setting be set to maximum security and option can be given to the user to change it according to his or her preference?
Is there any system in the banks, which allows the customers of bank to know about which all third parties the bank has shared his or her personal information with?

Health Privacy

Panelists: K. K. Abraham, (President, Indian Network for People with HIV), Dr. B. S. Bedi, (Advisor, CDAC & Media Lab Asia), and Raman Chawla, (Senior Advocacy Officer, Lawyers Collective).
Moderator: Ashok Row Kavi (Journalist and LGBT Activist)
Poster: Danish Sheikh (Researcher, Alternative Law Forum)

Danish Sheikh outlined the possible health privacy violations. These included the disclosure of personal health information to third parties without consent, inadequate notification to a patient of a data breach, the purpose of collecting data is not specified and improper security standards, storage and disposal. The disclosure of personal health information has the potential to be embarrassing, stigmatizing or discriminatory.

Subsequently, Danish Sheikh examined the status of sexual minorities’ vis-à-vis the privacy framework. Culling out some real life examples based on various studies, media reports and judgments from the Supreme Court and the High Courts of Delhi and Allahabad, he also described privacy violations committed by both individuals as well as state authorities.

Ashok Row Kavi recounted how privacy was very contextual when debating section 377 in the LGBT community. The paradigm upon which they were going to fight the anti-sodomy law was that it was consenting sex between two adults in private space. However, this paradigm was not well received by women, as women did not see private space as safe space, due to domestic violence. Perceptions of privacy are very subjective and it differs from person to person.

Raman Chawla recounted the history of the Draft HIV/AIDS Bill. In 2002, the need for law related to HIV/AIDS was realized in order to protect right to consent, right against discrimination and right to confidentiality of HIV patients. The bill was finalized in the year 2006. Alarmingly, it is yet to be tabled before the Parliament.

The privacy provisions in the HIV bill clearly state that no person can be tested, treated or researched for HIV without the consent of the patient. It also casts that in a fiduciary relationship the health care provider must maintain confidentiality, however if the patient provides written consent then their status may be disclosed. The HIV condition of the patient can also revealed by the doctor if there is a court order demanding such disclosure. The doctor may disclose the status of the patient to his or her partner but he has to follow a particular protocol. The doctor should have sufficient belief that his or her partner is at risk of contracting HIV. The person who is infected will be asked for his/her views and counseled before his/her partner is informed. However, there are doubts as to the implementation and enforcement of this protocol.

Conclusion

Natasha Vaz (Policy Advocate, Privacy India) brought the symposium to a close by thanking the partners, the panelists, the moderators and the participants for their sincere efforts in making the All India Privacy Symposium a grand success. In India, a public discussion regarding privacy has been long over due. The symposium provided a platform for dialogue and building greater awareness around privacy issues in health, banking, national security, transparency and e-governance. Using our research, expert opinions, personal experiences, questions and comments various facets of privacy were explored.

Press Coverage

The event was featured in the media as well:

India needs an independent privacy law, says NGO Privacy India, Economic Times, February 2, 2012
New Bill to decide on individual’s right to privacy, Tehelka, February 6, 2012
Lack of strong privacy law in healthcare a big worry, Daily News & Analysis, February 13, 2012
Privacy concerns grow in India, Washington Post, February 3, 2012

Click to download the Agenda and Profile of Speakers (PDF, 1642 Kb)

Download the PDF (555 Kb)
Follow the webcast of the event

For more details visit https://cis-india.org/internet-governance/all-india-privacy-delhi-report

Will Only Legal Backing For Aadhaar Suffice?

praskrishna — 2016-03-16T02:31:52Z

Aadhaar is set to become mandatory, but the opponents of the scheme are not amused. Concerns about privacy of the Aadhaar number and the authenticity of the biometric data being collected have been expressed by people right from the beginning. But the government has not done much to address these issues.

The article was published in New Indian Express on March 14, 2016. Sunil Abraham was quoted.

“It does not matter what legislative backing they give it, it is still a surveillance programme. How can you have a privacy Bill for a surveillance programme? Legislative backing would be band-aid. I do not agree with it,” says Sunil Abraham, Executive Director of The Centre for Internet and Society. The society is a Bengaluru-based organisation looking at multi-disciplinary research and advocacy.

Abraham says that ever since the Aadhaar scheme was implemented, there was a massive degradation of civil liberties. “It is an opaque technology. Why should the government have such a database?” he asks.

Abraham says that the keys to the data should not have rested with the government where it is vulnerable. Instead, the government should have explored the concept of introducing smart cards issued to the citizen with the data stored on it.

Access to this data could not be had without the permission of the citizen, he says. At present, if something goes wrong or if the data is compromised, the government can always blame a lapse in technology, Abraham adds.

He questions the government’s logic where it assumes that only the poor section of society can misuse the benefits and says that it is well known that the problem exists in the supply chain and that the government has done nothing to address this.

Mathew Thomas of The Fifth Estate, an NGO, wonders what advantage the BJP suddenly found that they decided to pursue Aadhaar rather than send it to the trash bin as they had promised before the general elections.

Thomas says Aadhaar is flawed and is a fraud on the Constitution and the government has taken the money bill route simply to avoid a debate on it.

“Just passing a Bill is meaningless. This is radically wrong and we all know that protection of privacy is nonsense. How do they plan to plug the leakages? Have they even conducted a study, because there is no evidence of it. The correct beneficiary can get an LPG cylinder, but what is stopping the person from using it for an auto or for his car? That the government can lie to its own people is terrible,” he says.

A five-judge bench of the Supreme Court, which is hearing the matter on privacy concerns about Aadhaar, is expected to have a hearing by the end of this month.

For more details visit https://cis-india.org/internet-governance/new-indian-express-march-14-2016-will-only-legal-backing-for-aadhaar-suffice