Centre for Internet and Society

You Have the Right to Remain Silent

anja — 2011-08-02T07:55:22Z

India has a long history of censorship that it justifies in the name of national security. But new laws governing the Internet are unreasonable and — given the multitude of online voices — poorly thought out, argues Anja Kovacs in this article published in the Sunday Guardian on 17 April 2011.

In March 2011, Indian media - both social and traditional - was ablaze with fears that a new set of rules, proposed to complement the IT (Amendment) Act 2008, would thwart the freedom of expression of India's bloggers: contrary to standard international practice, the Intermediary Due Dilligence Rules seemed intent on making bloggers responsible for comments made by readers on their site. Only a few weeks earlier, the threat of online censorship had manifested itself in a different form: although the block was implemented unevenly, mobile applications market space Mobango, bulk SMS provider Clickatell, hacking-related portal Zone-H.com and blogs hosted on Typepad were suddenly no longer accessible for most Indian netizens, without warning or explanation.

Censorship in India is nothing new. At the time of Independence, there was widespread fear among its lawmakers that unrestricted freedom of expression could become a barrier to the social reforms necessary to put the country on Nehru's path to development – particularly as the memory of Partition continued to be vivid. Although freedom of expression is guaranteed by the Constitution, it is therefore subject to a fairly extensive list of so-called "reasonable" restrictions: the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence. But while this long list might have made sense at the time of Partition, in the mature democracy that India has now become, its existence, and the numerous opportunities for censorship and surveillance that it has enabled or justified, seems out of place. Indeed, though all these restrictions in themselves are considered acceptable internationally, there are few other democratic states that include all of them in the basic laws of their land.

An appetite for censorship does not only exist among India's legislature and judiciary, however. Especially since the early nineties, instances of vigilante groups destroying art, preventing film screenings, or even attacking offending artists, writers and editors have become noteworthy for their regularity. But it is worth noting that even more progressive sections of society have not been averse to censorship: for example, section of the Indian feminist movement have voiced strong support for the Indecent Representation of Women Act that seeks to censor images of women which are derogatory, denigrating or likely to corrupt public morality.

What connects all these efforts? A belief that suppressing speech and opinions makes it possible to contain the conflicts that emanate from India's tremendous diversity, while simultaneously ensuring its homogenous moral as much as political development. But if the advent of satellite television already revealed the vulnerabilities of this strategy, the Internet has made clear that in the long term, it is simply untenable. It is not just that the authors of a speech act may not be residents of India; it is that everybody can now become an author, infinitely multiplying the number of expressions that are produced each year and that thus could come within the Law's ambit. In this context, even if it may still have a role, suppression clearly can no longer be the preferred or even dominant technology of choice to manage disagreements. What is urgently needed is the building of a much stronger culture of respectful disagreement and debate within and across the country's many social groups. If more and more people are now getting an opportunity to speak, what we need to make sure is that they end up having a conversation.

Yet the government of India so far has mostly continued on the beaten track, putting into place a range of legislations and policies to meticulously monitor and police the freedom of expression of netizens within its borders. Thus, for example, section 66F(1)(B) of the IT (Amendment) Act 2008 defines "cyberterrorism" so broadly as to include the unauthorised access to information on a computer with a belief that that information may be used to cause injury to...decency or morality. The suggested sentence may extend to imprisonment for life. The proposed Intermediary Due Dilligence Rules 2011 privatise the responsibility for censorship by making intermediaries responsible for all content that they host or store, putting unprecedented power over our acts of speech into the hands of private bodies. The proposed Cyber Cafe Rules 2011 order that children who do not possess a photo identity card need to be accompanied by an adult who does, constraining the Internet access of crores of young people among the less advantaged sections of society in particular. And while the US and other Western countries continue to debate the desireability of an Internet Kill Switch, the Indian government obtained this prerogative through section 69A of the IT (Amendment Act) 2008 years ago.

Such measures are given extra teeth by being paired with unprecedented systems of surveillance. For example, there are proposals on the table that make it obligatory for telecommunication carriers and manufacturers of telecommunications equipment to ensure their equipment and services have built-in surveillance capabilities. While at present, records are only kept if there is a specific requirement by intelligence or security agencies, the Intelligence Bureau has proposed that ISPs keep a record of all online activities of all customers for at least six months. The IB has also suggested putting into place a unique identification system for all Internet users, whereby they would be required to submit some form of online identification every time they go online.

Proponents of such legislation often point to the new threats to safety and security that the Internet poses to defend these measures, and it is indeed a core obligation of any state to ensure the safety of its citizens. But the hallmark of a democracy is that it carefully balances any measures to do so with the continued guarantee of its citizens' fundamental rights. Despite the enormous changes and challenges that the Internet brings for freedom of expression everywhere, such an exercise seems to sadly not yet have been systematically undertaken in India so far.

The recent blocking of websites with which we started this article reflects the urgent need to do so. In response to RTI applications by the Centre for Internet and Society and Medianama, the Department of Information Technology, which is authorised to order such blocks, admitted to blocking Zone-H, but not any of the other websites affected earlier this year. In an interview with The Hindu, the Department of Telecommunication too had denied ordering the blocking of access, despite the fact that some users trying to access Typepad had reported seeing the message "this site has been blocked as per request by Department of Telecom" on their screen. In the mean time, Clickatell and Mobango remain inaccessible for this author at the time of writing. That we continue to be in the dark as to why this is so in the world's largest democracy deserves to urgently become a rallying point.

For more details visit https://cis-india.org/internet-governance/blog/your-right-to-remain-silent

Comments on the Draft Rules under the Information Technology Act

pranesh — 2011-09-21T06:13:42Z

The Centre for Internet and Society commissioned an advocate, Ananth Padmanabhan, to produce a comment on the Draft Rules that have been published by the government under the Information Technology Act. In his comments, Mr. Padmanabhan highlights the problems with each of the rules and presents specific recommendations on how they can be improved. These comments were sent to the Department of Information and Technology.

Comments on the Draft Rules under the Information Technology Act as Amended by the Information Technology (Amendment) Act, 2008

Submitted by the Centre for Internet and Society, Bangalore

Prepared by Ananth Padmanabhan, Advocate in the Madras High Court

Interception, Monitoring and Decryption

Section 69

The section says:

Where the Central Government or a State Government or any of its officer specially authorised by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource.
The procedure and safeguards subject to which such interception or monitoring or decryption may be carried out, shall be such as may be prescribed.
The subscriber or intermediary or any person in-charge of the computer resource shall, when called upon by any agency referred to in sub-section (1), extend all facilities and technical assistance to-

(a) provide access to or secure access to the computer resource generating transmitting, receiving or storing such information; or

(b) intercept, monitor, or decrypt the information, as the case may be; or

The subscriber or intermediary or any person who fails to assist the agency referred to in sub-section (3) shall be punished with imprisonment for a term which may extend to seven years and shall also be liable to fine.

Recommendation #1
Section 69(3) should be amended and the following proviso be inserted:

Provided that only those intermediaries with respect to any information or computer resource that is sought to be monitored, intercepted or decrypted, shall be subject to the obligations contained in this sub-section, who are, in the opinion of the appropriate authority, prima facie in control of such transmission of the information or computer resource. The nexus between the intermediary and the information or the computer resource that is sought to be intercepted, monitored or decrypted should be clearly indicated in the direction referred to in sub-section (1) of this section.

Reasons for the Recommendation
In the case of any information or computer resource, there may be more than one intermediary who is associated with such information. This is because “intermediary” is defined in section 2(w) of the amended Act as,

“with respect to any electronic record means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record, including telecom service providers, network service providers, internet service providers, webhosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes”.

The State or Central Government should not be given wide-ranging powers to enforce cooperation on the part of any such intermediary without there being a clear nexus between the information that is sought to be decrypted or monitored by the competent authority, and the control that any particular intermediary may have over such information.

To give an illustration, merely because some information may have been posted on an online portal, the computer resources in the office of the portal should not be monitored unless the portal has some concrete control over the nature of information posted in it. This has to be stipulated in the order of the Central or State Government which authorizes interception of the intermediary.

Recommendation #2
Section 69(4) should be repealed.

Reasons for the Recommendation
The closest parallels to Section 69 of the Act are the provisions in the Telegraph Rules which were brought in after the decision in PUCL v. Union of India, (1997) 1 SCC 301, famously known as the telephone tapping case.

Section 69(4) fixes tremendous liability on the intermediary for non-cooperation. This is violative of Article 14. Similar provisions in the Indian Penal Code and Code of Criminal Procedure, which demand cooperation from members of the public as regards production of documents, letters etc., and impose punishment for non-cooperation on their part, impose a maximum punishment of one month. It is bewildering why the punishment is 7 years imprisonment for an intermediary, when the only point of distinction between an intermediary under the IT Act and a member of the public under the IPC and CrPC is the difference in the media which contains the information.

Section 69(3) is akin to the duty cast upon members of the public to extend cooperation under Section 39 of the Code of Criminal Procedure by way of providing information as to commission of any offence, or the duty, when a summons is issued by the Court or the police, to produce documents under Sections 91 and 92 of the Code of Criminal Procedure. The maximum punishment for non-cooperation prescribed by the Indian Penal Code for omission to cooperate or wilful breach of summons is only a month under Sections 175 and 176 of the Indian Penal Code. Even the maximum punishment for furnishing false information to the police is only six months under Section 177 of the IPC. When this is the case with production of documents required for the purpose of trial or inquiry, it is wholly arbitrary to impose a punishment of six years in the case of intermediaries who do not extend cooperation for providing access to a computer resource which is merely apprehended as being a threat to national security etc. A mere apprehension, however reasonable it may be, should not be used to pin down a liability of such extreme nature on the intermediary.

This would also amount to a violation of Articles 19(1)(a) as well as 19(1)(g) of the Constitution, not to mention Article 20(3). To give an example, much of the information received from confidential sources by members of the press would be stored in computer resources. By coercing them, through the 7 year imprisonment threat, to allow access to this computer resource and thereby part with this information, the State is directly infringing on their right under Article 19(1)(a). Furthermore, if the “subscriber” is the accused, then section 69(4) goes against Article 20(3) by forcing the accused to bear witness against himself.

Draft Rules under Section 69

Rule 3
Directions for interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under sub- section (2) of section 69 of the Information Technology (Amendment) Act, 2008 (hereinafter referred to as the said Act) shall not be issued except by an order made by the concerned competent authority who is Union Home Secretary in case of Government of India; the Secretary in-charge of Home Department in a State Government or Union Territory as the case may be. In unavoidable circumstances, such order may be made by an officer, not below the rank of a Joint Secretary to the Government of India, who has been duly authorised by the Union Home Secretary or by an officer equivalent to rank of Joint Secretary to Government of India duly authorised by the Secretary in-charge of Home Department in the State Government or Union Territory, as the case may be:

Provided that in emergency cases –
(i) in remote areas, where obtaining of prior directions for interception or monitoring or decryption of information is not feasible; or
(ii) for operational reasons, where obtaining of prior directions for interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource is not feasible;

the required interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource shall be carried out with the prior approval of the Head or the second senior most officer of the Security and Law Enforcement Agencies (hereinafter referred to as the said Security Agencies) at the Central Level and the officers authorised in this behalf, not below the rank of Inspector General of Police or an officer of equivalent rank, at the State and Union Territory level. The concerned competent authority, however, shall be informed of such interceptions or monitoring or decryption by the approving authority within three working days and that such interceptions or monitoring or decryption shall be got confirmed by the concerned competent authority within a period of seven working days. If the confirmation from the concerned competent authority is not received within the stipulated seven working days, such interception or monitoring or decryption shall cease and the same information shall not be intercepted or monitored or decrypted thereafter without the prior approval of the concerned competent authority, as the case may be.

Recommendation #3
In Rule 3, the following proviso may be inserted:

“Provided that in the event of cooperation by any intermediary being required for the purpose of interception, monitoring or decryption of such information as is referred to in this Rule, prior permission from a Supervisory Committee headed by a retired Judge of the Supreme Court or the High Courts shall be obtained before seeking to enforce the Order mentioned in this Rule against such intermediary.”

Reasons for the Recommendation
Section 69 and the draft rules suffer from absence of essential procedural safeguards. This has come in due to the blanket emulation of the Telegraph Rules. Additional safeguards should have been prescribed to ensure that the intermediary is put to minimum hardship when carrying on the monitoring or being granted access to a computer resource. Those are akin to a raid, in the sense that it can stop an online e-commerce portal from carrying out operations for a day or even more, thus affecting their revenue. It is therefore recommended that in any situation where cooperation from the intermediary is sought, prior judicial approval has to be taken. The Central or State Government cannot be the sole authority in such cases.

Furthermore, since access to the computer resource is required, an executive order should not suffice, and a search warrant or an equivalent which results from a judicial application of the mind (by the Supervisory Committee, for instance) should be required.

Recommendation #4
The following should be inserted after the last line in Rule 22:

The Review Committee shall also have the power to award compensation to the intermediary in cases where the intermediary has suffered loss or damage due to the actions of the competent authority while implementing the order issued under Rule 3.

Reasons for the Recommendation
The Review Committee should be given the power to award compensation to the loss suffered by the intermediary in cases where the police use equipment or software for monitoring/decryption that causes damage to the intermediary’s computer resources / networks. The Review Committee should also be given the power to award compensation in the case of monitoring directions which are later found to be frivolous or even worse, borne out of mala fide considerations. These provisions will act as a disincentive against the abuse of power contained in Section 69.

Blocking of Access to Information

Section 69A

The section provides for blocking of websites if the government is satisfied that it is in the interests of the purposes enlisted in the section. It also provides for penalty of up to seven years for intermediaries who fail to comply with the directions under this section.
The rules under this section describe the procedure which have to be followed barring which the review committee may, after due examination of the procedural defects, order an unblocking of the website.

Section 69A(3)
The intermediary who fails to comply with the direction issued under sub-section (1) shall be punished with an imprisonment for a term which may extend to seven years and also be liable to fine.

Recommendation #5
The penalty for intermediaries must be lessened.

Reasons for Recommendations
The penal provision in this section which prescribes up to seven years imprisonment and a fine on an intermediary who fails to comply with the directions so issued is also excessively harsh. Considering the fact that various mechanisms are available to escape the blocking of websites, the intermediaries must be given enough time and space to administer the block effectively and strict application of the penal provisions must be avoided in bona fide cases.

The criticism about Section 69 and the draft rules in so far as intermediary liability is concerned, will also apply mutatis mutandis to these rules as well as Section 69A.

Draft Rules under Section 69A

Rule 22: Review Committee
The Review Committee shall meet at least once in two months and record its findings whether the directions issued under Rule (16) are in accordance with the provisions of sub-section (2) of section 69A of the Act. When the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and order for unblocking of said information generated, transmitted, received, stored or hosted in a computer resource for public access.

Recommendation #6
A permanent Review Committee should be specially for the purposes of examining procedural lapses.

Reasons for Recommendation
Rule 22 provides for a review committee which shall meet a minimum of once in every two months and order for the unblocking of a site of due procedures have not been followed. This would mean that if a site is blocked, there could take up to two months for a procedural lapse to be corrected and it to be unblocked. Even a writ filed against the policing agencies for unfair blocking would probably take around the same time. Also, it could well be the case that the review committee will be overborne by cases and may fall short of time to inquire into each. Therefore, it is recommended that a permanent Review Committee be set up which will monitor procedural lapses and ensure that there is no blocking in the first place before all the due procedural requirements are met.

Monitoring and Collection of Traffic Data

Draft Rules under Section 69B

The section provides for monitoring of computer networks or resources if the Central Government is satisfied that conditions so mentioned are satisfied.

The rules provide for the manner in which the monitoring will be done, the process by which the directions for the same will be issued and the liabilities of the intermediaries and monitoring officers with respect to confidentiality of the information so monitored.

Grounds for Monitoring
Rule 4
The competent authority may issue directions for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource for any or all of the following purposes related to cyber security:
(a) forecasting of imminent cyber incidents;
(b) monitoring network application with traffic data or information on computer resource;
(c) identification and determination of viruses/computer contaminant;
(d) tracking cyber security breaches or cyber security incidents;
(e) tracking computer resource breaching cyber security or spreading virus/computer contaminants;
(f) identifying or tracking of any person who has contravened, or is suspected of having contravened or being likely to contravene cyber security;
(g) undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resource;
(h) accessing a stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force;
(i) any other matter relating to cyber security.

Rule 6
No direction for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource shall be given for purposes other than those specified in Rule (4).

Recommendation #7
Clauses (a), (b), (c), and (i) of Rule 4 must be repealed.

Reasons for Recommendations
The term “cyber incident” has not been defined, and “cyber security” has been provided a circular definition. Rule 6 clearly states that no direction for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource shall be given for purposes other than those specified in Rule 4. Therefore, it may prima facie appear that the government is trying to lay down clear and strict safeguards when it comes to monitoring at the expense of a citizens' privacy. However, Rule 4(i) allows the government to monitor if it is satisfied that it is “any matter related to cyber security”. This may well play as a ‘catch all’ clause to legalise any kind of monitoring and collection and therefore defeats the purported intention of Rule 6 of safeguarding citizen’s interests against arbitrary and groundless intrusion of privacy. Also, the question of degree of liability of the intermediaries or persons in charge of the computer resources for leak of secret and confidential information remains unanswered.

Rule 24: Disclosure of monitored data
Any monitoring or collection of traffic data or information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, undertaken in course of his duty relating to the services provided by that intermediary, shall not be unlawful, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with :
(vi) Accessing or analysing information from a computer resource for the purpose of tracing a computer resource or any person who has contravened, or is suspected of having contravened or being likely to contravene, any provision of the Act that is likely to have an adverse impact on the services provided by the intermediary.

Recommendation #8
Safeguards must be introduced with respect to exercise of powers conferred by Rule 24(vi).

Reasons for Recommendations
Rule 24(vi) provides for access, collection and monitoring of information from a computer resource for the purposes of tracing another computer resource which has or is likely to contravened provisions of the Act and this is likely to have an adverse impact on the services provided by the intermediary. Analysis of a computer resource may reveal extremely confidential and important data, the compromise of which may cause losses worth millions. Therefore, the burden of proof for such an intrusion of privacy of the computer resource, which is first used to track another computer resource which is likely to contravene the Act, should be heavy. Also, this violation of privacy should be weighed against the benefits accruing to the intermediary. The framing of sub rules under this clearly specifying the same is recommended.

The disclosure of sensitive information by a monitoring agency for purposes of ‘general trends’ and ‘general analysis of cyber information’ is uncalled for as it dissipates information among lesser bodies that are not governed by sufficient safeguards and this could result in outright violation of citizen’s privacy.

Manner of Functioning of CERT-In

Draft Rules under Section 70B(5)

Section 70B provides for an Indian Computer Emergency Response Team (CERT-In) which shall serve as a national agency for performing duties as prescribed by clause 4 of this section in accordance to the rules as prescribed.
The rules provide for CERT-In’s authority, composition of advisory committee, constituency, functions and responsibilities, services, stakeholders, policies and procedures, modus operandi, disclosure of information and measures to deal with non compliance of orders so issued. However, there are a few issues which need to be addressed as under:

Definitions
In these Rules, unless the context otherwise requires, “Cyber security incident” means any real or suspected adverse event in relation to cyber security that violates an explicit or implied security policy resulting in unauthorized access, denial of service/ disruption, unauthorized use of a computer resource for processing or storage of information or changes to data, information without authorization.

Recommendation #9
The words ‘or implied’’ must be excluded from rule 2(g) which defines ‘cyber security incident’, and the term ‘security policy’ must be qualified to state what security policy is being referred to.

Reasons for Recommendation
“Cyber security incident” means any real or suspected adverse event in relation to cyber security that violates an explicit or implied security policy resulting in unauthorized access, denial of service/disruption, unauthorized use of a computer resource for processing or storage of information or changes to data, information without authorization.

Thus, the section defines any circumstance where an explicit or implied security policy is contravened as a ‘cyber security incident’. Without clearly stating what the security policy is, an inquiry into its contravention is against an individual’s civil rights. If an individual’s actions are to be restricted for reasons of security, then the restrictions must be expressly defined and such restrictions cannot be said to be implied.

Rule 13(4): Disclosure of Information
Save as provided in sub-rules (1), (2), (3) of rule 13, it may be necessary or expedient to so to do, for CERT-In to disclose all relevant information to the stakeholders, in the interest of sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence relating to cognizable offence or enhancing cyber security in the country.

Recommendation #10
Burden of necessity for disclosure of information should be made heavier.

Reasons for the Recommendation
Rule 13(4) allows the disclosure of information by CERT-In in the interests of ‘enhancing cyber security’. This enhancement however needs to be weighed against the detriment caused to the individual and the burden of proof must be on the CERT-In to show that this was the only way of achieving the required.

Rule 19: Protection for actions taken in Good Faith
All actions of CERT-In and its staff acting on behalf of CERT-In are taken in good faith in fulfillment of its mandated roles and functions, in pursuance of the provisions of the Act or any rule, regulations or orders made thereunder. CERT-In and its staff acting on behalf of CERT-In shall not be held responsible for any unintended fallout of their actions.

Recommendation #11
CERT-In should be made liable for their negligent action and no presumption of good faith should be as such provided for.

Reasons for the Recommendation
Rule 19 provides for the protection of CERT-In members for the actions taken in ‘good faith’. It defines such actions as ‘unintended fallouts’. Clearly, if information has been called for and the same is highly confidential, then this rule bars the remedy for any leak of the same due to the negligence of the CERT-In members. This is clearly not permissible as an agency that calls for delicate information should also be held responsible for mishandling the same, intentionally or negligently. Good faith can be established if the need arises, and no presumption as to good faith needs to be provided.

Draft Rules under Section 52

These rules, entitled the “Cyber Appellate Tribunal (Salary, Allowances and Other Terms and Conditions of Service of Chairperson and Members) Rules, 2009” are meant to prescribe the framework for the independent and smooth functioning of the Cyber Appellate Tribunal. This is so because of the specific functions entrusted to this Appellate Tribunal. Under the IT Act, 2000 as amended by the IT (Amendment) Act, 2008, this Tribunal has the power to entertain appeals against orders passed by the adjudicating officer under Section 47.

Recommendation #12
Amend qualifications Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003, to require judicial training and experience.

Reasons for the Recommendation
It is submitted that an examination of these rules governing the Appellate Tribunal cannot be made independent of the powers and qualifications of Adjudicating Officers who are the original authority to decide on contravention of provisions in the IT Act dealing with damage to computer system and failure to furnish information. Even as per the Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003, persons who did not possess judicial experience and training, such as those holding the post of Director in the Central Government, were qualified to perform functions under Section 46 and decide whether there has been unauthorized access to a computer system. This involves appreciation of evidence and is not a merely administrative function that could be carried on by any person who has basic knowledge of information technology.

Viewed from this angle, the qualifications of the Cyber Appellate Tribunal members should have been made much tighter as per the new draft rules. The above rules when read with Section 50 of the IT Act, as amended in 2008, do not say anything about the qualification of the technical members apart from the fact that such person shall not be appointed as a Member, unless he is, or has been, in the service of the Central Government or a State Government, and has held the post of Additional Secretary or Joint Secretary or any equivalent post. Though special knowledge of, and professional experience in, information technology, telecommunication, industry, management or consumer affairs, has been prescribed in the Act as a requirement for any technical member.

Draft Rules under Section 54

These Rules do not suffer any defect and provide for a fair and reasonable enquiry in so far as allegations made against the Chairperson or the members of the Cyber Appellate Tribunal are concerned.

Penal Provisions

Section 66A

Any person who sends, by means of a computer resource or a communication device,
    (a) any information that is grossly offensive or has menacing character; or
    (b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device,
    (c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages,
shall be punishable with imprisonment for a term which may extend to three years and with fine.
Sec. 32 of the 2008 Act inserts Sec. 66A which provides for penal measures for mala fide use of electronic resources to send information detrimental to the receiver. For the section to be attracted the ‘information’ needs to be grossly offensive, menacing, etc. and the sender needs to have known it to be false.

While the intention of the section – to prevent activities such as spam-sending – might be sound and even desirable, there is still a strong argument to be made that words is submitted that the use of words such as ‘annoyance’ and ‘inconvenience’ (in s.66A(c)) are highly problematic. Further, something can be grossly offensive without touching upon any of the conditions laid down in Article 19(2). Without satisfying the conditions of Article 19(2), this provision would be ultra vires the Constitution.

Recommendation #13
The section should be amended and words which lead to ambiguity must be excluded.

Reasons for the Recommendation
A clearer phrasing as to what exactly could convey ‘ill will’ or cause annoyance in the electronic forms needs to be clarified. It is possible in some electronic forms for the receiver to know the content of the information. In such circumstances, if such a possibility is ignored and annoyance does occur, is the sender still liable? Keeping in mind the complexity of use of electronic modes of transmitting information, it can be said that several such conditions arise which the section has vaguely covered. Therefore, a stricter and more clinical approach is necessary.

Recommendation #14
A proviso should be inserted to this section providing for specific exceptions to the offence contained in this section for reasons such as fair comment, truth, criticism of actions of public officials etc.

Reasons for the Recommendation
The major problem with Section 66A lies in clause (c) as per which any electronic mail or electronic mail message sent with the purpose of causing annoyance or inconvenience is covered within the ambit of offensive messages. This does not pay heed to the fact that even a valid and true criticism of the actions of an individual, when brought to his notice, can amount to annoyance. Indeed, it may be brought to his attention with the sole purpose of causing annoyance to him. When interpreting the Information Technology Act, it is to be kept in mind that the offences created under this Act should not go beyond those prescribed in the Indian Penal Code except where there is a wholly new activity or conduct, such as hacking for instance, which is sought to be criminalized.

Offensive messages have been criminalized in the Indian Penal Code subject to the conditions specified in Chapter XXII being present. It is not an offence to verbally insult or annoy someone without anything more being done such as a threat to commit an offence, etc. When this is the case with verbal communications, there is no reason to make an exception for those made through the electronic medium and bring any electronic mail or message sent with the purpose of causing annoyance or inconvenience within the purview of an offensive message.

Section 66F

The definition of cyber-terrorism under this provision is too wide and can cover several activities which are not actually of a “terrorist” character.
Section 66F(1)(B) is particularly harsh and goes much beyond acts of “terrorism” to include various other activities within its purview. As per this provision,
“[w]hoever knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons for the security of the State or foreign relations, or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or is likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.”

This provision suffers from several defects and hence ought to be repealed.

Recommendation #15
Section 66F(1)(B) has to be repealed or suitably amended to water down the excessively harsh operation of this provision. The restrictive nature of the information that is unauthorisedly accessed must be confined to those that are restricted on grounds of security of the State or foreign relations. The use to which such information may be put should again be confined to injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order. A mere advantage to a foreign nation cannot render the act of unauthorized access one of cyber-terrorism as long as such advantage is not injurious or harmful in any manner to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order. A mens rea requirement should also be introduced whereby mere knowledge that the information which is unauthorisedly accessed can be put to such uses as given in this provision should not suffice for the unauthorised access to amount to cyber-terrorism. The unauthorised access should be with the intention to put such information to this use. The amended provision would read as follows:

“[w]hoever knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons for the security of the State or foreign relations, with the intention that such information, data or computer database so obtained may be used to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order, commits the offence of cyber terrorism.”

Reasons for the Recommendation
The ambit of this provision goes much beyond information, data or computer database which is restricted only on grounds of security of the State or foreign relations and extends to “any restricted information, data or computer database”. This expression covers any government file which is marked as confidential or saved in a computer used exclusively by the government. It also covers any file saved in a computer exclusively used by a private corporation or enterprise. Even the use to which such information can be put need not be confined to those that cause or are likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, or friendly relations with foreign States. Information or data which is defamatory, amounting to contempt of court, or against decency / morality, are all covered within the scope of this provision. This goes way beyond the idea of a terrorist activity and poses serious questions. While there is no one globally accepted definition of cyberterrorism, it is tough to conceive of slander as a terrorist activity.

To give an illustration, if a journalist managed to unauthorisedly break into a restricted database, even one owned by a private corporation, and stumbled upon information that is defamatory in character, he would have committed an act of “cyber-terrorism.” Various kinds of information pertaining to corruption in the judiciary may be precluded from being unauthorisedly accessed on the ground that such information may be put to use for committing contempt of court. Any person who gains such access would again qualify as a cyber-terrorist. The factual situations are numerous where this provision can be put to gross misuse with the ulterior motive of muzzling dissent or freezing access to information that may be restricted in nature but nonetheless have a bearing on probity in public life etc. It is therefore imperative that this provision may be toned down as recommended above.

For more details visit https://cis-india.org/internet-governance/blog/comments-draft-rules

Primer on the New IT Act

pranesh — 2011-08-02T07:41:54Z

With this draft information bulletin, we briefly discuss some of the problems with the Information Technology Act, and invite your comments.

The latest amendments to the Information Technology Act 2000, passed in December 2008 by the Lok Sabha, and the draft rules framed under it contain several provisions that can be abused and misused to infringe seriously on citizens' fundamental rights and basic civil liberties. We have already written about some of the problems with this Act earlier. With this information bulletin, drafted by Chennai-based advocate Ananth Padmanabhan, we wish to extend that analysis into the form of a citizens' dialogue highlighting ways in which the Act and the rules under it fail. Thus, we invite your comments, suggestions, and queries, as this is very much a work in progress. We will eventually consolidate this dialogue and follow up with the government on the concerns of its citizens.

Intermediaries beware

Internet service providers, webhosting service providers, search engines, online payment sites, online auction sites, online market places, and cyber cafes are all examples of “intermediaries” under this Act. The Government can force any of these intermediaries to cooperate with any interception, monitoring or decryption of data by stating broad and ambiguous reasons such as the “interest of the sovereignty or integrity of India”, “defence of India”, “security of the State”, “friendly relations with foreign States”, “public order” or for “preventing incitement to” or “investigating” the commission of offences related to those. This power can be abused to infringe on the privacy of intermediaries as well as to hamper their constitutional right to conduct their business without interference.

If a Google search on “Osama Bin Laden” throws up an article that claims to have discovered his place of hiding, the Government of India can issue a direction authorizing the police to monitor Google’s servers to find the source of this information. While Google can, of course, establish that this information cannot be attributed directly to the organization, making the search unwarranted, that would not help it much. While section 69 grants the government these wide-ranging powers, it does not provide for adequate safeguards in the form of having to show due cause or having an in-built right of appeal against a decision by the government. If Google refused to cooperate under such circumstances, its directors would be liable to imprisonment of up to seven years.

Pre-censorship

The State has been given unbridled power to block access to websites as long as such blocking is deemed to be in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States, and other such matters.

Thus, if a web portal or blog carries or expresses views critical of the Indo-US nuclear deal, the government can block access to the website and thus muzzle criticism of its policies. While some may find that suggestion outlandish, it is very much possible under the Act. Since there is no right to be heard before your website is taken down nor is there an in-built mechanism for the website owner to appeal, the decisions made by the government cannot be questioned unless you are prepared to undertake a costly legal battle.

Again, if an intermediary (like Blogspot or an ISP like Airtel) refuses to cooperate, its directors may be personally liable to imprisonment for up to a period of seven years. Thus, being personally liable, the intermediaries are rid of any incentive to stand up for the freedom of speech and expression.

We need to monitor your computer: you have a virus

The government has been vested with the power to authorize the monitoring and collection of traffic data and information generated, transmitted, received or stored in any computer resource. This provision is much too widely-worded.

For instance, if the government feels that there is a virus on your computer that can spread to another computer, it can demand access to monitor your e-mails on the ground that such monitoring enhances “cyber security” and prevents “the spread of computer contaminants”.

Think before you click "Send"

If out of anger you send an e-mail for the purpose of causing “annoyance” or “inconvenience”, you may be liable for imprisonment up to three years along with a fine. While that provision (section 66A(c)) was meant to combat spam and phishing attacks, it criminalizes much more than it should.

A new brand of "cyber terrorists"

The new offence of “cyber terrorism” has been introduced, which is so badly worded that it borders on the ludicrous. If a journalist gains unauthorized access to a computer where information regarding corruption by certain members of the judiciary is stored, she becomes a “cyber terrorist” as the information may be used to cause contempt of court. There is no precedent for any such definition of cyberterrorism. It is unclear what definition of terrorism the government is going by when even unauthorized access to defamatory material is considered cyberterrorism.

For more details visit https://cis-india.org/internet-governance/blog/primer-it-act

Chilling Effects and Frozen Words

Lawrence Liang — 2012-04-30T07:32:17Z

What if the real danger is not that we lose our freedom of speech and expression but our sense of humour as a nation? Lawrence Liang's op-ed was published in the Hindu on April 30, 2012.

While freedom of speech and expression is an individual right, its actualisation often relies on a vast infrastructure of intermediaries.

In the offline world, this includes newspapers, television channels, public auditoriums, etc. It is often assumed that the internet has created a more robust public sphere of speech by doing away with many structural barriers to free speech. But the fact of the matter is that even if the internet enables a shift from a ‘few to many' to a ‘many to many' model of communication, intermediaries continue to remain important players in facilitating free speech. Can one imagine free speech on the internet being the same without Twitter, social networks or Youtube?

One way of thinking of the infrastructure of communication is in terms of ecology, and in the ecology of speech — as in the environment — an adverse impact on any component threatens the well-being of all. The idea of cyberspace as a commons is a much cherished myth and in the early days of the internet we were perhaps given a glimpse into its utopian possibility. But we would be deluding ourselves if we believed that the problems that plague free speech in the offline world (including ownership of the avenues of speech) are absent in cyberspace. Recall in recent times that one of the most effective ways in which various governments retaliated to the leaking of official secrets on WikiLeaks was by freezing Julian Assange's PayPal account.

Direct & Indirect Controls

It may be useful to distinguish between direct controls on free speech and indirect or structural controls on free speech. India has had a long history of battling direct and indirect controls on free speech and with a few exceptions the interests of the press have often coincided with the interests of a robust public sphere of debate and criticism.

In the late 1950s and early 1960s, a number of large media houses battled restrictions imposed on the press by way of control of the number of pages of a newspaper, regulation of the size of advertisements and the price of imported newsprint. On the face of it, some of these restrictions may have seemed like commercial disputes but the Supreme Court rightly recognised that indirect controls could adversely impact the individual's right to express himself or herself as well as to receive information freely.

In the online context, there has also been a similar recognition of the role of intermediaries in providing platforms of speech and it is with this view in mind that a number of countries have incorporated safe harbour provisions in their information technology laws.

Section 79 of the Information Technology Act is one such safe harbour provision in India which provides that intermediaries shall not be liable for any third party action if they are able to prove that the offence or contravention was committed without their knowledge or that they had exercised due diligence to prevent the commission of such offence or contravention. But this safe harbour has effectively been undone with the passing of the Information Technology (Intermediaries guidelines) Rules, 2011.

The rules clarify what standard of due diligence has to be met by intermediaries and Sec. 3(2) of the rules obliges intermediaries to have rules and conditions of usage which ensure that users do not host, display, upload, modify, publish, transmit, update or share any information that is in contravention of the Section. This includes the all too familiar ones (defamatory, obscene, pornographic content) but also a whole host of new categories which could be invoked to restrict speech (“grossly harmful,” “blasphemous,” “harassing,” “hateful”).

As is well known, any restriction on speech in India has to comply with both the test of reasonableness under Article 19(2) of the Constitution, as well as ensuring that the grounds of censorship are located within 19(2). Even though there are laws regulating hate speech in India, blasphemy is not a category under Art. 19(2) and has hitherto not been a part of Indian law. Some of the other categories such as “grossly harmful” suggest the people who drafted the rules seem to have taken a constitutional nap at the drafting board.

Sec. 3(4) of the rules provides that any intermediary who receives a notice by an aggrieved person about any violation of sub rule (2) will have to act within 36 hours and where applicable will ensure that the information is disabled. In the event that it fails to act or to respond, the intermediary cannot claim exemption for liability under Sec. 70 of the IT Act. It is worth noting that most intermediaries receive from hundreds to thousands of requests from individuals on a daily basis asking for the removal of objectionable material. The Centre for Internet and Society conducted a “sting operation” to determine whether the criteria, procedure and safeguards for administration of the takedowns as prescribed by the Rules lead to a chilling effect on free expression.

In the course of the study, frivolous takedown notices were sent to seven intermediaries and their response to the notices was documented. Different policy factors were permuted in the takedown notices in order to understand at what points in the process of takedown, free expression is being chilled. The takedown notices which were sent by the researcher were intentionally defective as they did not establish how they were interested parties, did not specifically identify and discuss any individual URL on the websites, or present any cause of action, or suggest any legal injury. Of the seven intermediaries to which takedown notices were sent, six over-complied with the notices, despite the apparent flaws in them.

Caution

Even in cases where the intermediaries challenged the validity of the takedowns, they erred on the side of caution and took down the material. While a number of intermediaries would see themselves as allies in the fight against censorship, more often than not intermediaries are also large commercial organisations whose primary concern is the protection of their business interests. In the face of any potential legal threat, especially from the government, they prefer to err on the side of caution. The people whose content was removed were not told, nor was the general public informed that the content was removed.

The procedural flaws (subjective determination, absence of the right to be heard, the short response time) coupled with the vague grounds on which such takedowns can be claimed, clearly point to a highly flawed situation in which we will see many more trigger happy demands for offending materials to be taken down.

We have already slipped into a state of being a republic of over sensitivity where any politician, religious group or individual can claim their sentiments have been hurt or they have been portrayed disparagingly, as evidenced by the recent attack and subsequent arrest of Professor Ambikesh Mahapatra of Jadavpur University for posting cartoons lampooning Mamata Banerjee.

Nervous State

In the era of global outsourcing it was inevitable that the state censorship machinery would also learn a lesson or two from the global trends and what better way of ensuring censorship than outsourcing it to individuals and to corporations. The renowned anthropologist, Michael Taussig, once compared the state to a nervous system and it seems that the Intermediary rules live up to the expectations of a nervous state ever ready to respond to criticism and disparaging cartoons.

What if the real danger is not even that we lose our freedom of speech and expression but we lose our sense of humour as a nation?

The evident flaws of the rules have been acknowledged even by lawmakers, with P. Rajeeve, the CPI(M) M.P., introducing a motion for the annulment of the rules. The annulment motion is going to be debated in the coming weeks and one hopes that the parliamentarians will seriously reconsider the rules in their current form.

When faced with conundrums of the present it is always useful to turn to history and there is reason to believe that while censorship has a very respectable genealogy in Indian thought, it has also been accompanied in equal measure by a tradition of the right to offend.

In his delightful reading of the Arthashastra, Sibaji Bandyopadhay alerts us to the myriad restrictions that existed to control Kusilavas (the term for entertainers which included actors, dancers, singers, storytellers, minstrels and clowns). These regulations ranged from the regulation of their movement during monsoon to prohibitions placed on them, ensuring that they shall not “praise anyone excessively nor receive excessive presents”. While some of the regulations appear harsh and unwarranted, Bandyopadhay says that in contrast to Plato's Republic, which banished poets altogether from the ideal republic, the Arthashastra goes so far as to grant to Kusilavas what we could now call the right to offend. Verse 4.1.61 of the Arthashastra says, “In their performances, [the entertainers] may, if they so wish, make fun of the customs of regions, castes or families and the practices or love affairs (of individuals)”. One hopes that our lawmakers, even if they are averse to reading the Indian Constitution, will be slightly more open to the poetic licence granted by Kautilya.

Click for the original published in the Hindu on April 30, 2012. Lawrence Liang is a lawyer and researcher based at Alternative Law Forum, Bangalore. He can be contacted at lawrence@altlawforum.org

For more details visit https://cis-india.org/internet-governance/chilling-effects-frozen-words

Indian govt blocks 40 smut sites, forgets to give reason

praskrishna — 2013-07-01T09:04:26Z

Don't mind us, we're just censoring your content for you...

The article by Phil Muncaster was published in "The Register" on June 27, 2013. Sunil Abraham is quoted.

The Indian government has ordered ISPs to block 39 smut flick web sites hosted outside the country without giving any explanation, stoking further fears of online censorship by the back door.

Most of the sites are web forums and so allow for the uploading of naughty images and URLs where smut-seekers can download their grumble flicks, according to Times of India.

However, the sites claim to operate under the 18 USC 2257 rule, meaning actors are (supposedly) over 18 years of age, and there is apparently no indication from the Department of Telecom's order why ISPs are being asked to comply.

The message greeting web users who try to visit a blocked site now reads as follows:

This website has been blocked until further notice either pursuant to court orders or on the directions issued by the Department of Telecommunications.

While the law, updated in 2011, does forbid production, transmission and sharing of smutty content in India - therefore requiring internet cafes, for example, to block such content - there is no ban on consumption, especially from sites hosted outside India.

Sunil Abraham, director of Indian not-for-profit the Centre for Internet and Society, told ToI that the government is probably interpreting the law to serve its own ends, and that its ISP order “is a clear overreach”.

The Union government has certainly been quick in the past to order blocks on any content deemed inappropriate.

Facebook and Google were forced to remove “objectionable content” from their Indian sites last year after complaints it was offensive to Muslims, Hindus and Christians.

The government was also one of many across the globe to force Google to block notorious YouTube video Innocence of Muslims.

A controversial anti-piracy ruling last June, meanwhile, led to a clumsy, large-scale block on a number of legitimate sites in the country – drawing the ire of hacktivist group Anonymous.

The government also closed hundreds of sites and social media accounts in August last year in a bid to prevent the escalation of sectarian violence across the country.

In fact, the number of content removal requests received by Google increased by 90 per cent from July-December 2012 compared with the previous six months.

For these reasons, India only enjoys “Partly Free” status, according to the Freedom on the Net 2012 report from not-for-profit Freedom House.

For more details visit https://cis-india.org/news/the-register-phil-muncaster-june-27-2013-indian-govt-blocks-40-smut-sites-forgets-to-give-reason

Govt goes after porn, makes ISPs ban sites

praskrishna — 2013-07-01T10:11:29Z

The government has decided to put a blanket ban on several websites that allow users to share pornographic content.

The article by Javed Anwer was published in the Times of India on June 26, 2013. Sunil Abraham is quoted.

In an order dated June 13, department of telecom (DoT) has directed internet service providers (ISPs) to block 39 websites. Most of them are web forums, where internet users share images and URLs to download pornographic files. But some of these websites are also image hosts and file hosts, mostly used to store and share files that are non-pornographic.

While watching or distributing child pornography is illegal in India, watching adult pornography is not banned. The blocked websites are hosted outside India and claim to operate under the 18 USC 2257 rule enforced by the US. The rule specifies that producers of pornographic material are required to retain records showing performers were over 18 years of age at the time of video or image shoot.

The DoT order doesn't specify any reason or law under which the websites have been blocked. It says, "It has been decided to immediately block the access to the following URLs... you are accordingly directed to immediately block the access to above URLs."

If a user visits the blocked website, he/she is either shown a blank page or a message telling "this website has been blocked until further notice either pursuant to court orders or on the directions issued by the Department of Telecommunications".

A senior DoT official, who pleaded anonymity because he is not authorized to speak to the media, said the department was just following the orders issued by cyber security coordination committee and hence could not talk about the specific reasons behind the block.

Centre for Internet and Society (CIS), a Bangalore-based organization, says blocking of pornographic website is overreach on the part of the government.

"In the case of file hosts and image hosts, which people use for various purposes including for storing personal files, the DoT order is a clear overreach," said Sunil Abraham, director of CIS. "Even in the case of pornography, there is nothing in the IT Act that can be used to block websites hosted outside in India."

He added, "There is a possibility that government is interpreting some sections of the IT Act to suit its purpose but I feel that is wrong and should be challenged in the court by ISPs if they care about the rights of their users."

Rajesh Chharia, president of Internet Service Providers Association of India, said that it was not possible for ISPs to pushback orders from DoT. "We are the licensee and we have to operate under the laws... we can't pushback," he said.

"But I feel ideally the government should ask the people who have produced objectionable content to remove it from the web if these people are in India... If they are outside, the websites should be blocked at the international cable landing stations. Involving 150-odd ISPs to implement an order is not the right way to do it," added Chharia.

Though IT Act doesn't criminalize watching porn, the new rules notified in 2011 have certain provisions that show the government wants to dictate what people watch or do not watch on the web. For example, the rules ask an intermediary like an ISP to "inform users of computer resources not to host, display, upload, modify, publish, and transmit any information that is obscene and pornographic".

The rules meant for cyber cafe owners specify that they "shall display a board, clearly visible to the users, prohibiting them from viewing pornographic sites as well as copying or downloading information which is prohibited under the law".

Abraham says that going after pornographic websites, and that too in a non-transparent manner, serves no purpose.

"I have travelled to China and Middle East and have seen that people access pornographic websites using various web tools. In fact, by banning websites the governments have made it more alluring for users to watch and access pornography," he said. None of the western democracies have explicit ban on pornography.

Abraham added that Indian government should also be more transparent about blocking websites because the current method was prone to abuse. "They should notify owner of the blocked website, clearly tell web users why a website is getting blocked and tell public how many websites they have blocked."

For more details visit https://cis-india.org/news/times-of-india-javed-anwer-june-26-2013-govt-goes-after-porn-makes-isps-ban-sites

Indian surveillance laws & practices far worse than US

pranesh — 2013-07-12T11:09:39Z

Explosive would be just the word to describe the revelations by National Security Agency (NSA) whistleblower Edward Snowden.

Pranesh Prakash's column was published in the Economic Times on June 13, 2013. This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Now, with the American Civil Liberties Union suing the Obama administration over the NSA surveillance programme, more fireworks could be in store. Snowden's expose provides proof of what many working in the field of privacy have long known. The leaks show the NSA (through the FBI) has got a secret court order requiring telecom provider Verizon to hand over "metadata", i.e., non-content data like phone numbers and call durations, relating to millions of US customers (known as dragnet or mass surveillance); that the NSA has a tool called Prism through which it queries at least nine American companies (including Google and Facebook); and that it also has a tool called Boundless Informant (a screenshot of which revealed that, in February 2013, the NSA collected 12.61 billion pieces of metadata from India).

Nothing Quite Private

The outrage in the US has to do with the fact that much of the data the NSA has been granted access to by the court relates to communications between US citizens, something the NSA is not authorised to gain access to. What should be of concern to Indians is that the US government refuses to acknowledge non-Americans as people who also have a fundamental right to privacy, if not under US law, then at least under international laws like the Universal Declaration of Human Rights and the ICCPR.

US companies such as Facebook and Google have had a deleterious effect on privacy. In 2004, there was a public outcry when Gmail announced it was using an algorithm to read through your emails to serve you advertisements. Facebook and Google collect massive amounts of data about you and websites you visit, and by doing so, they make themselves targets for governments wishing to snoop on you, legally or not.

Worse, Indian-Style

That said, Google and Twitter have at least challenged a few of the secretive National Security Letters requiring them to hand over data to the FBI, and have won. Yahoo India has challenged the authority of the Controller of Certifying Authorities, a technical functionary under the IT Act, to ask for user data, and the case is still going on.

To the best of my knowledge, no Indian web company has ever challenged the government in court over a privacy-related matter. Actually, Indian law is far worse than American law on these matters. In the US, the NSA needed a court order to get the Verizon data. In India, the licences under which telecom companies operate require them to provide this. No need for messy court processes.

The law we currently have â€” sections 69 and 69B of the Information Technology Act â€” is far worse than the surveillance law the British imposed on us. Even that lax law has not been followed by our intelligence agencies.

Keeping it Safe

Recent reports reveal India's secretive National Technical Research Organisation (NTRO) â€” created under an executive order and not accountable to Parliament â€” often goes beyond its mandate and, in 2006-07, tried to crack into Google and Skype servers, but failed. It succeeded in cracking Rediffmail and Sify servers, and more recently was accused by the Department of Electronics and IT in a report on unauthorised access to government officials' mails.

While the government argues systems like the Telephone Call Interception System (TCIS), the Central Monitoring System (CMS) and the National Intelligence Grid (Natgrid) will introduce restrictions on misuse of surveillance data, it is a flawed claim. Mass surveillance only increases the size of the haystack, which doesn't help in finding the needle. Targeted surveillance, when necessary and proportional, is required. And no such systems should be introduced without public debate and a legal regime in place for public and parliamentary accountability.

The government should also encourage the usage of end-to-end encryption, ensuring Indian citizens' data remains safe even if stored on foreign servers. Merely requiring those servers to be located in India will not help, since that information is still accessible to American agencies if it is not encrypted. Also, the currently lax Indian laws will also apply, degrading users' privacy even more.

Indians need to be aware they have virtually no privacy when communicating online unless they take proactive measures. Free or open-source software and technologies like Open-PGP can make emails secure, Off-The-Record can secure instant messages, TextSecure for SMSes, and Tor can anonymise internet traffic.

http://cis-india.org/internet-governance/blog/economic-times-june-13-2013-pranesh-prakash-indian-surveillance-laws-and-practices-far-worse-than-us

For more details visit https://cis-india.org/internet-governance/blog/economic-times-june-13-2013-pranesh-prakash-indian-surveillance-laws-and-practices-far-worse-than-us

Is freedom of expression under threat in digital age?

praskrishna — 2013-01-17T06:16:09Z

With social networking site Facebook boasting of 1 billion members globally and micro-blogging site Twitter claiming millions, opinion was divided on whether the freedom of expression was under threat in the digital age.

This article was originally published by Indo Asian News Service on January 16, 2013. It was also covered in Business Standard, Vancouver Desi, DNA, and Tech2. Sunil Abraham is quoted.

"Censorship of content should be the last resort as curbing a particular content online actually amplifies its spread over the internet," said Sunil Abraham from Centre for Internet and Society.

He was speaking at a panel discussion organised by London based Index on Censorship and the Editors Guild of India on the issue at the India International Centre Tuesday evening.

"The government has refused to amend Section 66(A) of the IT Act which is used to curb free speech on the net," said Guild chief TN Ninan who moderated the debate. "The law treats digital media differently than the print media," he said.

Director of Free Speech Debate, Oxford University, Timothy Garton Ash said, "There was no threat to the freedom of speech as internet was actually an opportunity for spreading freedom of expression."

India with the large number of net users could act as swing state between two extremes of China which is trying to control the net and the US which champions free speech, he said.

"The question is what are the legitimate limits of free speech rather than asking for unlimited speech," said Ash.

Ajit Balakrishnan, CEO and founder of online portal rediff.com, said "there was a sense of powerlessness among nation states as only local laws applied to any such violations."

He said the internet was not so democratic as it sounded as the actual numbers of users who posted content on Facebook were just 8-9 million while the rest just watched. The same was with Twitter with just 7-8 percent users actually posting messages.

Kirsty Hughes, CEO, Index on Censorship, said "freedom of speech was universal" while noting a "worrying trend that increasingly governments were moving to control the internet."

"The risks of such controls are that we could have a much more controlled, censored and fragmented internet," she said.

Ramanjit Singh Chima of Google India stressed on the need to have laws to protect internet freedom as such curbs affected livelihood of many users and contributed to local economies.

He said the internet allowed people to instantly collaborate and publish critical information during emergency situations.

For more details visit https://cis-india.org/news/ians-news-is-freedomexpression-under-threat-in-digital-age

Web of Sameness

nishant — 2013-01-18T06:17:29Z

The social Web has been an ominous space at the start of 2013. It has been awash with horror, pain and grief. The recent gang rape and death of a medical student in Delhi prevents one from being too optimistic about the year to come. My live feeds on various social networks are filled with rue and rage at the gruesome incident and the seeming depravity of our society.

Nishant Shah's column was published in the Indian Express on January 18, 2013.

As I contemplate the event, I see that the Web has become a space for coping with pain and mitigating the horror of our lives. I feel comforted, when I go online, and see people grieving for a woman they never knew, and demanding better conditions for all. As I look at these resolves for change, battle cries demanding justice, and angry responses directed at imagined and imaginary perpetrators of these crimes, I realise that I have heard it all before, over and over again.

“Not Again!” has been the refrain of the year. If life were a musical, this would have been the persistent chorus line of 2012. From fighting against censorship and violation of privacy by government and corporations to acts of hatred, or from ridiculing the map glitches on the iPhone to seeing the growing stronghold of authoritarian forces over the social Web, we have repeatedly rolled our digital sleeves, gnashed our fingers on the keyboards and shouted in political solidarity, “Not Again!”. While this show of protest, this robust expression of change holds a promise of how things will change for the better, it is also a refrain that has lost its bite. What does it mean, this ability to repeatedly say “Not Again!” only to experience these horrors in despairing cyclic patterns?

I want to see how the social Web and the new public spheres online might offer us outlets for emotions but not necessarily platforms for action. Some of the earliest critiques of the Web expressed the fear that given the extreme customisation of social networks, we might soon reside only in digital echo chambers. In the heavily informatised ages that we live in, it is not uncommon to set up specific groups that we belong to, identify friends that we talk with, mark people we follow, set up circles we share in, and configure filters that help us receive information that is tailor-made to suit our personalised preferences. Unfortunately, this quest for selective information sampling often means that we separate the digital spaces of life from the physical ones, without even realising it. We might be seamlessly navigating these two spaces, not really caring for the distinctions of “virtual reality” and “real life”, but in instances like these, it is easy to see how we shroud ourselves in echo chambers, never allowing voices to translate into the world of action.

You are sure to have been bombarded with tweets that have insightfully analysed the conditions of safety in our public spaces. And in all of this, like me, you must have been comforted thinking that there is still hope. But for every “like” you received on your status update, for every time your tweet got favourited or retweeted, for every time you found yourself agreeing with the social experts, you also separated yourself from the reality. Because the people who gave your opinions the attention, are actually people just like you. They are already on your side of things. Talking to them, exchanging ideas with them, calling for change side-by-side is like preaching to the choir, but it gives us a sense of having reached out. The voices in an echo chamber are not just repeated ad nauseum, but they are also not heard by anybody else on the outside, thus stifling the energy and passions that might have resulted in real change.

The Web also offers an easy separation of us versus them. As coping mechanisms and as a way of distancing ourselves from these events, the Web offers us a clear disavowal of guilt. The young man, who shot those children in the school, was mentally unstable. The laws that allowed him to purchase guns are because of the politicians and the arms industry. The student, who got raped in a bus, is the responsibility of the ‘rape capital’ Delhi. If we were in charge, these things would not have happened this way. But now they have happened, and so we will be angry, we will be shocked, we will tweet “Not Again!” and then quickly shift our ever-expanding attention to the burgeoning space of information online.

And then we will wait, for the next incident to happen — oh, not the same, but similar — and we will go through this process once again.

If I have to look into the future and hope that 2013 shall be the year of change, then I am hoping that the change will be from “Not Again” to a “Never Again”. We will have to learn how to use the energy, the power of the Web, the influence of the digital crowds on the digital commons, to produce a change that goes beyond the social network feeds.

I hope that the social Web matures. We have to make sure that the promise of change that the digital social network offers, does not die as armchair clicktivism that witnesses but does nothing to change the act that affects us.

For more details visit https://cis-india.org/internet-governance/blog/indianexpress-nishant-shah-january-12-2013-web-of-sameness

Govt vs Tweeple: Has clampdown hit free speech?

praskrishna — 2012-08-24T12:46:27Z

Has the Government crossed the line by ordering the blocking of several Twitter accounts, many belonging to prominent journalists? The debate was featured in NDTV on August 23, 2012.

Sunil Abraham spoke to Sonia Singh of NDTV. Sunil said that "we should focus on designing of the censorship regime in the country and the lack of compliance with the principles of natural justice".

Watch the full video on NDTV here

For more details visit https://cis-india.org/news/www-ndtv-com-aug-23-2012-govt-vs-tweeple-has-clampdown-hit-free-speech

Govt orders blocking of 300 specific URLs including 16 Twitter accounts

praskrishna — 2012-08-24T13:29:40Z

The government stepped up its efforts to stop what it feels is an online campaign of misinformation and rumour mongering in the wake of lower Assam riots and ordered blocking of 16 Twitter accounts, including two belonging to journalists, considered sympathetic to the right in India.

Published in the Times of India on August 24, 2012. Pranesh Prakash is quoted.

The department of telecommunications (DoT) ordered blocking of the accounts on August 20. The blocked accounts include those maintained by a columnist and a journalist working for a TV channel. Twitter accounts @sanghparivar, @drpraveentogadia and @i_panchajanya are also mentioned.

The 16 Twitter accounts are part of a list containing over 300 specific URLs that internet service providers (ISPs) in India have been told to block. The list is dominated by URLs belonging to Facebook and Youtube. Indian government allegedly found 102 URLs on Facebook and 85 URLs on YouTube where communally sensitive content was posted. According to a blogpost at Centre for Internet and Society (CIS), a non-profit organization that got hold of the list on Wednesday, almost "all of the blocked items have content that are related to communal issues and rioting".

At the same time, Pranesh Paraksh, a CIS official, noted on the blog that it was unclear if the government exercised its powers responsibly in this case. "The blocking of many of the items on the list are legally questionable and morally indefensible, even while a large number of the items ought to be removed," he wrote.

According to the leaked list, Indian government also blocked 30 Twitter URLs, 3 Wikipedia URLs, 11 Blogger URLs and 8 Wordpress URLs. Some URLs belong to Pakistani websites. The list also contained URLs belonging to several mainstream media websites, including The Telegraph and Al Jazeera.

The blocking of Twitter accounts was partial due to technical challenges. The accounts have been blocked with the help of ISPs and not Twitter. Accessing them from India shows web users a message, saying "This website/URL has been blocked until further notice either pursuant to Court orders or on the Directions issued by the Department of Telecommunications". Also, the block works only if the accounts are accessed using HTTP and not HTTPS protocol. Twitter allows users to force HTTPS, which is a secure protocol and doesn't let ISPs see the content that a user is accessing.

Due to the partial block, accounts remained active. When Nirupama Rao, India's ambassador to the US, talked on Twitter about a discussion on a news channel on the subject of social media and government's current policy, one of the "blocked" accounts tweeted back to her saying, "@NMenonRao Is that why UPA Govt has blocked my Twitter handle? Is that the reason? A reply would help." Following the Twitter profile ban, which was reported around midnight on Wednesday, several Twitter users in India started hashtag #Emergency2012. A few hours later, #Emergency2012 and #GOIBlocks were among the top trending topics on Twitter for India.

For more details visit https://cis-india.org/news/times-of-india-aug-24-2012-govt-orders-blocking-of-300-specific-urls-including-16-twitter-accounts

NE exodus: List containing 309 blocked URLs leaks online

praskrishna — 2012-08-24T13:37:21Z

Latest reports coming in have confirmed that a list containing 309 URLs, whose ban the government had sought in light of the Assam violence and the subsequent NE exodus, has been leaked online.

Published in tech2. Pranesh Prakash's analysis is quoted.

The aforementioned URLs comprise URLs, Twitter accounts, img tags, blog posts, blogs and a handful of websites, and were blocked between August 18, 2012 till August 21, 2012. In an analysis that Pranesh Prakash, programme manager at the Centre for Internet and Society (CIS), carried of the leaked items, among other things in his post, he wrote that, "It is clear that the list was not compiled with sufficient care."

In his post, he further noted that the censorship process itself has been riddled with egregious mistakes. Giving instances of the egregious mistakes, he added that even some people and posts debunking the rumours were blocked as part of the censorship. Further, he wrote that some of the items that were blocked were not even web addresses (e.g., a few HTML img tags were included). In his findings, Prakash also found that despite there having been a clear warning issued by the DIT pertaining to the blocking of "above URLs only" and not that of main websites, like www.facebook.com, www.youtube.com, some ISPs (like Airtel) went "overboard in their blocking". This incident, in particular pertains to yesterday's reports, wherein it had been revealed that Airtel had blocked the entire YouTube short URL youtu.be in some cities.

On account of the sensitivity of the issue, he writes that it "would be premature to share the whole list." He, however, writes that CIS plans to make the entire list public soon. The list that CIS has released, however includes -

ABC.net.au
AlJazeera.com
AllVoices.com
WN.com
AtjehCyber.net
BDCBurma.org
Bhaskar.com
Blogspot.com
Blogspot.in
Catholic.org
CentreRight.in
ColumnPK.com
Defence.pk
EthioMuslimsMedia.com
Facebook.com
Farazahmed.com
Firstpost.com
HaindavaKerelam.com
HiddenHarmonies.org
HinduJagruti.org
Hotklix.com
HumanRights-Iran.ir
Intichat.com
Irrawady.org
IslamabadTimesOnline.com
Issuu.com
JafriaNews.com
JihadWatch.org
KavkazCenter
MwmJawan.com
My.Opera.com
Njuice.com
OnIslam.net
PakAlertPress.com
Plus.Google.com
Reddit.com
Rina.in
SandeepWeb.com
SEAYouthSaySo.com
Sheikyermami.com
StormFront.org
Telegraph.co.uk
TheDailyNewsEgypt.com
TheFaultLines.com
ThePetitionSite.com
TheUnity.org
TimesofIndia.Indiatimes.com
TimesOfUmmah.com
Tribune.com.pk
Twitter.com
TwoCircles.net
Typepad.com
Vidiov.info
Wikipedia.org
Wordpress.com
YouTube.com
YouTu.be

Further, in response to the question - as to why some items could still be accessed that were supposed to be blocked, he wrote that there are several errors in the list, making it difficult to apply. And the order has to be put into action by hundreds of ISPs. He adds that some ISPs may not have begun enforcing the blocks yet. "This analysis is based on the orders sent around to ISPs, and not on the basis of actual testing of how many of these have actually been blocked by Airtel, BSNL, Tata, etc. Additionally, if you are using Twitter through a client (on your desktop, mobile, etc.) instead of the web interface, you will not notice any of the Twitter-related blocks," he elaborated further.

For more details visit https://cis-india.org/news/tech-2-in-com-ne-exodus

India's social media crackdown reveals clumsy govt machinery

praskrishna — 2012-08-25T06:11:30Z

"High-handed" and "reckless" are some of the words used in the media to describe the government's online crackdown.

Published in Reuters on August 24, 2012. Pranesh Prakash is quoted.

Add clumsy and incompetent to the list.

The government blocked access to more than 300 web pages after mobile phone text messages and doctored website images fuelled rumours that Muslims were planning revenge attacks for violence in Assam.

Much has been said and debated on the legal and moral legitimacy of the ban. But it's also important to study how officials went about deciding what to ban.

In his analysis of leaked government directives listing web pages to be banned, Pranesh Prakash of the Centre for Internet and Society said the list consists of people and pages who are actually debunking hateful rumours.

Twitter accounts of mainstream journalists and YouTube videos containing news clips from news channels like TimesNow, NDTV and Britain's Channel4 were included.

A glance at the list also shows that the banned pages include a Google Plus search page aggregating news stories posted on the topic "Assam riots." The government might as well ban Google.com, where anyone can do the same thing and much more.

It seems the government had no set procedure in trying to trace abusive content on the web. We don't know how they drew up the lists of sites to target, but it may have happened like this:

As northeast Indians began their exodus from cities fearing attacks, ministers and top bureaucrats went into a huddle and decided in all sincerity they must stop the spread of false information.

The task of quickly identifying malicious online content was given to lower ranking officials. Since there are no set procedures on how to scour the vast virtual universe and choose which offending pages to ban, the most likely step they took was to open Google and start typing in words related to the recent unrest, apart from trawling popular social sites.

The resulting list tells us that the official who vetted the selected pages was not too committed or had minimal online skills. Some of the pages are not even web addresses.

On Friday, the Times of India newspaper website (Read here) reported that the Twitter account of junior Communications and IT minister Milind Deora was blocked instead of the Deora imposter the government was trying to target.

Such amateurishness is not restricted to technology issues alone. There are many examples of clueless officials left red-faced in the face of public scrutiny.

Last year, the country's premier investigating agency, the CBI, had to withdraw a version of its list of India's 50 Most Wanted fugitives after it was revealed that one was already in jail and another living with his family after getting bail. The Central Statistics Office made a goof-up with the index of industrial production for January 2012, revising growth to 1.14 percent after initially putting it at 6.8 percent, a huge gap.

One of the most baffling gaffes happened in 2010 when the Directorate of Advertising and Visual Publicity issued a full-page ad on the occasion of National Girl Child Day featuring the photograph of a male former Pakistan Air Chief Marshal who appeared alongside Indian cricketers Kapil Dev and Virender Sehwag.

But the cake must go to External Affairs Minister S.M. Krishna. He read out his Portuguese counterpart's speech while addressing the United Nations Security Council.

(David Lalmalsawma is a Reuters journalist. The opinions expressed here are his own and not of Reuters. You can follow him on Twitter @david_reuters)

For more details visit https://cis-india.org/news/in-reuters-com-david-lalmalsawma-aug-24-2012-indias-social-media-crackdown-reveals-clumsy-govt-machinery

India threatens action against Twitter for ethnic violence 'rumors'

praskrishna — 2012-08-27T02:52:55Z

India threatened to take action on Thursday against Twitter over content alleged to have inflamed ethnic tensions, as leaked documents revealed the government scrambling to censor online material.

Published in the China Post on August 24, 2012. CIS is quoted.

More than 309 orders have been issued demanding the removal of posts, images and links on websites including Facebook and Twitter as well as Australian news channel ABC, broadcaster Al-Jazeera and London's The Daily Telegraph newspaper.

The government has blamed Internet sites for spreading rumors that Muslims would attack students and workers who have migrated from the northeast to live in Bangalore and other southern cities.

Tens of thousands of people fled back to India's remote northeast region last week, fearing an outbreak of violence.

The government has demanded that Twitter and other social network sites remove “inflammatory and harmful” material. It has also banned bulk text messages.

“If Twitter fails to respond to our request, we will take appropriate action,” senior home ministry official R.K. Singh said in the Times of India newspaper. “We have asked the information technology ministry to serve them a notice.”

The paper added that the government had set a deadline of Thursday for Twitter to respond.

The Bangalore-based Centre for Internet and Society (CIS) research group published analysis of the blocking orders sent by the Department of Telecommunications to domestic Internet services providers from August 18-21.

The CIS said that of the 309 separate items that the government ordered the providers to be blocked, the most affected sites were Facebook, YouTube, Twitter and Blogspot.

Content on websites for ABC, Al-Jazeera, The Times of India, The Daily Telegraph and online Catholic portal www.catholic.org were also targeted by the orders, though details of the contentious material are not known.

Twitter representatives were not available to comment, but both Facebook and Google this week said they were in communication with Indian authorities and already had policies banning content that incited violence.

The government has complained it was not receiving timely cooperation from social network groups over its attempts to ban “hateful” content.

On Thursday it said Twitter had agreed to remove six fake accounts pretending to be postings by Indian Prime Minister Manmohan Singh.

“Officials at Twitter have told us they are reviewing our request ... and they intend to cooperate,” Pankaj Pachauri, the premier's spokesman, told AFP.

For more details visit https://cis-india.org/news/www-china-post-aug-24-2012-india-threatens-action-against-twitter-for-ethnic-violence-rumors

Internet expert criticizes Indian cyber blockades

praskrishna — 2012-08-28T10:11:44Z

The Indian government's attempts to block social media accounts and websites that it blames for spreading panic have been inept and possibly illegal, a top Internet expert said Friday.

Written by Muneeza Naqvi, this was originally published in Associated Press on August 24, 2012. Pranesh Prakash is quoted.

Earlier this month, thousands of people from the country's remote northeast began fleeing cities in southern and western India, as rumors swirled that they would be attacked in retaliation for ethnic violence against Muslims in their home state.

Last weekend, the government said the rumors were fed by gory images — said to be of murdered Muslims — that were actually manipulated photos of people killed in cyclones and earthquakes. Officials said the images were spread to sow fear of revenge attacks.

After that, the government began interfering with hundreds of websites, including some Twitter accounts, blogs and links to certain news stories. The government also ordered telephone companies to sharply restrict mass text messages.

It is unclear who has been spreading the inflammatory material. Experts say that despite the government's electronic interference, there are many ways to access the blocked sites.

"The government has gone overboard and many of its efforts are legally questionable," said Pranesh Prakash, who studies Internet governance and freedom of speech at The Center for Internet and Society, a research organization in the southern city of Bangalore.

The center has published a list of more than 300 Internet links blocked in the last two weeks. These include some pages on Facebook, YouTube and news items on the sites of Al Jazeera, Australia's ABC, and a handful of Indian and Pakistani news sites.

On Friday, the Twitter account of Milind Deora, India's junior communications minister, appeared blocked. A message at his (at)milinddeora account said "the profile you are trying to view has been suspended."

Deora told the Press Trust of India news agency that his account was being verified and was only temporarily suspended. PTI said Deora had been tweeting in defense of the government blocking efforts before the account was suspended.

The exodus of people from the northeast followed clashes in Assam state over the last several weeks between ethnic Bodos and Muslims settlers. At least 80 people were killed in that violence and 400,000 were displaced. Most of those who fled were living in Bangalore, where text messages spread quickly threatening retaliatory attacks by Muslims.

The Bodos and the Muslim settlers — most of whom arrived years ago from what was then East Pakistan, and which is now Bangladesh — have clashed repeatedly over the decades. But the recent violence was the worst since the mid-1990s.

"The government's highest priority should have been to counter the rumors and it did a really bad job of that," said Prakash, adding that the government should have at least tried to counter the panic through the same social media sites that it was blocking.

The government's actions have sparked outrage on social networking sites, with hashtags critical of the government quickly becoming top trending topics on Twitter's India site.

But Prakash was as dismissive of that reaction as he was of the government attempts at censorship.

The government's actions reek of "the kind of incompetence one has come to expect," he said, "but the hashtags (hash)Emergency2012 etc. suffer from a lack of perspective, too."

Kapil Sibal, the senior minister of communications and information technology, said in a statement that Facebook and Google were cooperating with the government and shutting down some sites that the government had pointed out as objectionable. Sibal said Twitter had also said it was ready to talk with the government.

But he said that "the accusations that we are aggressively targeting someone's account or websites are incorrect."

On Thursday, Victoria Nuland, spokeswoman for the U.S. State Department, had told reporters that it was urging the Indian government "to take into account the importance of freedom of expression in the online world" while addressing its security concerns. She said the U.S. was ready to help India's efforts to talk to social networks regarding the issue."

The above was carried in the following places:

Bloomberg Businessweek (August 24, 2012)
Khaleej Times (August 24, 2012)
ABC News (August 24, 2012)
Seattle Times (August 24, 2012)
Vancouver Sun (August 24, 2012)
Kansas City. (August 24, 2012)
Times Colonist (August 24, 2012)
Merced Sun-Star (August 24, 2012)
Yahoo News (August 24, 2012)
SanLuisObispo.com (August 24, 2012)
Terrorism Watch (August 25, 2012)
Sci-Tech Today (August 26, 2012)

For more details visit https://cis-india.org/news/hosted-2-ap-org-aug-24-2012-internet-expert-criticizes-indian-cyber-blockades